Re: algorithm IDs (was: Re: OpenPGP keys and Suite-B)

[Len Sassaman <rabbi@xxxxxxxxxxx>]

On Thu, 19 Jun 2008, Jon Callas wrote:

> On the one hand, an OID is just a bit string. It's no worse than
> UTF-8. Consider the way we do it to be ISO Latin1, and OIDs to be
> Unicode. On the other hand, you're right.

Ick, yeah. On the other hand, UTF-8 stuff is generally considered an
attack vector; it's only recently that we've seen OID-based conditional
jump attacks, etc. Maybe I'm naive, but I expect people to be careful with
UTF-8; I don't necessarily expect them to be so careful with OIDs.


> I don't see that an OID actually solves the problem. The problem is
> that the bureaucracy of IANA needs to assign the bit string. It
> doesn't matter if the bit string is an OID or one of our constants.

What I thought Werner meant was that we'd use whatever OIDs were assigned
*already* for a given curve; in his response, he mentioned that IANA would
be assigning them for use in OpenPGP. So then I ask "why not use OpenPGP
IDs for these?" If we have to deal with IANA, I don't see how OIDs are
better than anything else.

> Make one up. Ditto for Camellia. Pick the obvious right number, and we
> all agree we'll start using it. Then we tell IANA to assign that number.

That's easy enough. For WHIRLPOOL, I'm claiming ID 4 (unassigned in 4880,
previously reserved for Double-width SHA). Please let me know if you think
it should be something else.


Best,

Len