IETF Logo Mail Archive

Re: Mandatory Algorithm Changes?

Ben Laurie <ben@algroup.co.uk> Mon, 21 February 2005 09:50 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA05117 for <openpgp-archive@lists.ietf.org>; Mon, 21 Feb 2005 04:50:30 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j1L9Ncbm031126; Mon, 21 Feb 2005 01:23:38 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j1L9NcmM031124; Mon, 21 Feb 2005 01:23:38 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j1L9NacK031022 for <ietf-openpgp@imc.org>; Mon, 21 Feb 2005 01:23:37 -0800 (PST) (envelope-from ben@algroup.co.uk)
Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 9187533CBB; Mon, 21 Feb 2005 09:23:23 +0000 (GMT)
Message-ID: <4219A890.3000603@algroup.co.uk>
Date: Mon, 21 Feb 2005 09:23:28 +0000
From: Ben Laurie <ben@algroup.co.uk>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jon Callas <jon@callas.org>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Mandatory Algorithm Changes?
References: <20050208194442.F2C6A57E2A@finney.org> <42092EC2.9040501@systemics.com> <87zmyeyyg9.fsf@wheatstone.g10code.de> <420A012A.5020204@systemics.com> <39c100e92dbc54b9fcb678d904676384@callas.org>
In-Reply-To: <39c100e92dbc54b9fcb678d904676384@callas.org>
X-Enigmail-Version: 0.89.6.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

Jon Callas wrote:
> 
> Mandatory-to-implement does not mean mandatory-to-use.
> 
> If we change 3DES to AES, things don't instantly stop working. If we do 
> that, 3DES would be a SHOULD, of course, and there will be a note that 
> says that if you don't implement 3DES there could be interoperability 
> issues.
> 
> I don't think that any reasonable implementor is going to run right out 
> and code stupidly. It will obviously take a couple of years before 
> someone can safely assume, for example, that the 
> algorithm-of-last-resort would be AES.
> 
> However, if we ever want to roll 3DES over to AES, we have to start 
> sometime. The couple of years of bake-in doesn't start until a change is 
> made. Why not now?
> 
> I'm willing to concede the point on SHA-256, I wouldn't have brought it 
> up at all if NIST hadn't said a couple days ago they're phasing out 
> SHA-1 and rolling to SHA-256.

Oops. What I said was that this seems like a candidate for having flags 
in the PGP certificates that say what is supported by the receiving 
application(s).

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

v2.23.0 | Report a Bug | By Email