Re: [openpgp] Summary of WG status

Vincent Breitmoser <look@my.amazin.horse> Fri, 18 August 2017 16:53 UTC

Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC45B132A13 for <openpgp@ietfa.amsl.com>; Fri, 18 Aug 2017 09:53:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jKN1NvnI4Hsv for <openpgp@ietfa.amsl.com>; Fri, 18 Aug 2017 09:53:21 -0700 (PDT)
Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65AA013219F for <openpgp@ietf.org>; Fri, 18 Aug 2017 09:53:15 -0700 (PDT)
Received: from localhost (p5B11C1A9.dip0.t-ipconnect.de [91.17.193.169]) by mail.mugenguild.com (Postfix) with ESMTPSA id 9628B5FA7D; Fri, 18 Aug 2017 18:53:13 +0200 (CEST)
Date: Fri, 18 Aug 2017 18:53:11 +0200
From: Vincent Breitmoser <look@my.amazin.horse>
To: "Robert J. Hansen" <rjh@sixdemonbag.org>
Cc: Stephen Paul Weber <singpolyma@singpolyma.net>, openpgp@ietf.org
Message-ID: <20170818165311.d2x344yp5x5ys553@calamity>
References: <20170712223852.zmnvw4iwvziqsynq@genre.crustytoothpaste.net> <20170810014751.erufvruh2lm5cdpe@genre.crustytoothpaste.net> <1b68dbbb-38ac-6370-fe20-76be795b2634@sixdemonbag.org> <20170811202924.yiwzjom3tag3ivkk@genre.crustytoothpaste.net> <a2f2973f-2b34-5e07-2651-a1910d992c6a@sixdemonbag.org> <sjmefsef9b6.fsf@securerf.ihtfp.org> <3bff215c-4de7-3994-8f78-5a06caa3fbfe@sixdemonbag.org> <20170815131326.wa5guttvgsp2la5g@calamity> <20170815164507.6111315.47595.68549@singpolyma.net> <8e062827-631e-24b0-3d19-40496c13f29c@sixdemonbag.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <8e062827-631e-24b0-3d19-40496c13f29c@sixdemonbag.org>
User-Agent: NeoMutt/20170609 (1.8.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/4Hb5GtNtS6ttgyjlhY8lMyCwOP8>
Subject: Re: [openpgp] Summary of WG status
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2017 16:53:25 -0000

Robert J. Hansen(rjh@sixdemonbag.org)@Tue, Aug 15, 2017 at 01:10:31PM -0400:
> > Wouldn't anything else require truncation, and thus not give us the
> > extra safety we're looking for?

No. The bit size has nothing to do with why we want to replace SHA1.

> We have a proposal on the table.  Let's keep the WG discussion focused
> on yes or no to the proposal.  Let's not get sidetracked with other
> discussions.

I would agree if this was some "other discussion". But we shouldn't
dismiss a discussion about precisely the proposal on the table. It's not
a very old proposal, and we shouldn't be comfortable going through with
a decision if we can't answer basic questions about why we went with a
particular approach.

>From discussions so far I seem to be alone in my doubts that increasing
the bitsize of the fingerprint even further is a bad idea. Still, I'm
gonna submit a nay to the record here.

 - V