[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I have a technical idea/change for the ECC draft

To: Greg Troxel <gdt@xxxxxxxxxx>
Subject: Re: I have a technical idea/change for the ECC draft
From: Jon Callas <jon@xxxxxxxxxx>
Date: Mon, 19 May 2008 17:00:10 -0700
Cc: "David Crick" <dacrick@xxxxxxxxx>, "Andrey Jivsov" <openpgp@xxxxxxxxxxxx>, OpenPGP <ietf-openpgp@xxxxxxx>
In-reply-to: <rmi1w4es07b.fsf@xxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <117bad160804121421t49a6ed13uc1b106e37c054c95@xxxxxxxxxxxxxx> <7230A39A-46DA-41AC-9967-10D0F461E998@xxxxxxxxxx> <4803C108.6000203@xxxxxxxxxxxx> <117bad160804141423r6dea71a7ye1f0ecb20eb4b29e@xxxxxxxxxxxxxx> <rmi1w4es07b.fsf@xxxxxxxxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>
> I think there's a fundamental mismatch between OpenPGP-style key
> preferences and Suite B thinking.  As a sender, with labeled
> information, you can only use approved algorithms.  Thus, if a  
> recipient
> doesn't list the approved algorithm, you just can't send them mail.   
> The
> OpenPGP-style key preferences are in my view primarily to ensure
> interoperability and allow for algorithm transitions over long
> timescales.

It's not a mismatch, you just have a language that is more expressive  
than SuiteB allows.

>
> Are we proposing sender-side rules to match labels to approved
> algorithms?  It seems inadequate to put 'SuiteBOnly' as a key  
> preference
> on recipients.

No, we're trying to come up with an acceptable protocol.

There are some implementers who are going to want to do SuiteB within  
OpenPGP. We should make their lives easy.

But as Werner has noted, it's not our job as an international  
community to do things that forbid flexibility. It should be  
*possible* to use ECC and Camellia, as I noted in my other message.  
The *implementation* may disallow it, but the standard should not. It  
should be possible to use ECC and Whirlpool (which people keep  
threatening to do a draft for).

A SuiteBOnly pref makes an implementer's job easier if they care about  
SuiteB. They can detect it and act accordingly. It doesn't remove the  
requirement that an implementer know what they're doing.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII

wj8DBQFIMhSMsTedWZOD3gYRArkGAJ9IAJUf81i2g6X8dEo8OS+48k2ucwCdHUjy
ULDvJvsrKBfVAXLZMfZhuRc=
=DR2A
-----END PGP SIGNATURE-----

References:
- I have a technical idea/change for the ECC draft
  - From: David Crick
- Re: I have a technical idea/change for the ECC draft
  - From: Jon Callas
- Re: I have a technical idea/change for the ECC draft
  - From: Andrey Jivsov
- Re: I have a technical idea/change for the ECC draft
  - From: David Crick
- Re: I have a technical idea/change for the ECC draft
  - From: Greg Troxel

Prev by Date: Re: OpenPGP keys and Suite-B
Previous by thread: Re: I have a technical idea/change for the ECC draft
Next by thread: Re: I have a technical idea/change for the ECC draft
Index(es):
- Date
- Thread