IETF Logo Mail Archive

Re: V3 secret keys

nagydani@epointsystem.org (Daniel A. Nagy) Tue, 07 February 2006 00:37 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6Gr0-0005z1-0i for openpgp-archive@megatron.ietf.org; Mon, 06 Feb 2006 19:37:13 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA28875 for <openpgp-archive@lists.ietf.org>; Mon, 6 Feb 2006 19:35:10 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k170RXvd033282; Mon, 6 Feb 2006 16:27:33 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k170RX31033281; Mon, 6 Feb 2006 16:27:33 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k170RW5N033275 for <ietf-openpgp@imc.org>; Mon, 6 Feb 2006 16:27:32 -0800 (PST) (envelope-from nagydani@epointsystem.org)
Received: by mail.epointsystem.org (Postfix, from userid 1001) id 386D22B403D; Tue, 7 Feb 2006 01:27:31 +0100 (CET)
Date: Tue, 07 Feb 2006 01:27:31 +0100
To: vedaal@hush.com
Cc: ietf-openpgp@imc.org
Subject: Re: V3 secret keys
Message-ID: <20060207002731.GA18523@epointsystem.org>
References: <200602070000.k1700i0S081542@mailserver3.hushmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200602070000.k1700i0S081542@mailserver3.hushmail.com>
User-Agent: Mutt/1.5.6+20040907i
From: nagydani@epointsystem.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Mon, Feb 06, 2006 at 07:00:41PM -0500, vedaal@hush.com wrote:
> 
> On Mon, 06 Feb 2006 17:38:01 -0500 Hal Finney <hal@finney.org> 
> wrote:
> 
> >Note that V3 keys only support ciphers with a block size of 8 
> >bytes, so
> >I think it is OK to explicitly say "8 octets" here.
> 
> are v4 keys different in this respect ?
> 
> (i.e., is there any cipher currently within the open pgp standard 
> that v4 keys support that v3 keys could not?

The difference is that in the case of v4 keys, the secret part is encrypted
like a regular byte stream, with no regard to the contents. In the case of
V3, there were resynchronization steps introduced between the MPIs.

I sincerely hope that this whole mess will be cleaned up with V5, where
there seems to be a consensus not to implement encrypted private key packets
at all, but put unencrypted private key packets into integrity protected
symmetrically encrypted packets instead.

Personally, I would suggest removing encrypted packet formats from the
standard altogether; there is no reason to stay interoperable with those. If
one wants to export old keys, they should remove the encryption first. New
implementations should enclose unencrypted private keys (of eiter version)
in symmetrically encrypted packets with MDC.

-- 
Daniel

v2.23.0 | Report a Bug | By Email