Re: algorithm IDs

[Len Sassaman <rabbi@xxxxxxxxxxx>]

On Fri, 20 Jun 2008, Werner Koch wrote:

> You assume arbitrary OIDs. I am talking about changing a one byte value
> to a multi byte value.  They both get assigned by IANA for OpenPGP use
> and thus it does not make a difference.

Actually, my concern has to do with the fact that OIDs are of arbitrary
length. X.509 got it wrong; we might too.

> > How was PGP 7.5 handling this? Just one specified curve, or?
>
> I don't know about PGP 7.5.

I've got some 7.5 ECC keys I could look at, though I suspect it was just
one curve. Jon or Hal could answer this better than I, though.

> The practical problem with DSA 2048 is that you create a key, ask people
> to sign it and the majority of people are not able to sign it because
> there software can't handle that.  We do not have a way to specify
> preferences for algorithm lengths (that would in theory only be possible
> for subkeys).

I agree that's a problem, but isn't the solution "upgrade the client that
can't handle the larger keys?"


--Len.