IETF Logo Mail Archive

Re: Suggested changes for DSA2

Jon Callas <jon@callas.org> Mon, 27 March 2006 21:49 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FNzaP-0005dd-3F for openpgp-archive@lists.ietf.org; Mon, 27 Mar 2006 16:49:17 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FNzaO-0005KK-Bg for openpgp-archive@lists.ietf.org; Mon, 27 Mar 2006 16:49:17 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2RLQSPL017924; Mon, 27 Mar 2006 14:26:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2RLQSUB017923; Mon, 27 Mar 2006 14:26:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2RLQRZH017916 for <ietf-openpgp@imc.org>; Mon, 27 Mar 2006 14:26:27 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Mon, 27 Mar 2006 13:25:40 -0800
Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Mon, 27 Mar 2006 13:25:40 -0800
X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 27 Mar 2006 13:25:40 -0800
Mime-Version: 1.0 (Apple Message framework v746.3)
In-Reply-To: <20060327154427.GC7346@epointsystem.org>
References: <20060326180218.12C8057FAE@finney.org> <20060326215531.GF30637@jabberwocky.com> <4427E67A.8050202@systemics.com> <20060327150120.GA25414@jabberwocky.com> <20060327154427.GC7346@epointsystem.org>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <23598E55-F454-4ED8-B3C7-7B716FDC3205@callas.org>
Cc: OpenPGP <ietf-openpgp@imc.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Suggested changes for DSA2
Date: Mon, 27 Mar 2006 13:25:38 -0800
X-Mailer: Apple Mail (2.746.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f

On 27 Mar 2006, at 7:44 AM, Daniel A. Nagy wrote:

> I agree with David here. The standard's purpose is to ensure
> interoperability. It should tell us the sematics behind sequences  
> of bytes.
> It is up to the implementation to make decisions based on these  
> semantics.
> Valid reasons to exclude certain combinations from the standard  
> include
> ambiguity of interpretation, inherent insecurity or a wide  
> installed base of
> incompatible implementations, but not the possibility of weird  
> uses, IMHO.
>

I agree as well with both Davids.

As an observation, in 2440 one of the things we allowed was deviation  
from DSS because the rough consensus had a certain amount of  
grumpiness with the US Government. In practice, hardly anyone did  
anything different with DSA than DSS. We even removed hash functions.

Many things have changed in the last decade, but toeing the exact  
NIST line or even being like them only moreso is going a bit too far.  
In the next decade, we're going to see a lot of advancement in hash  
functions. Someone is going to want to use those new hash functions  
with DSA, and it would be nice to be able to move faster than NIST.

Let's suppose someone comes up with a new hash function that is 251  
bits. (I picked 251 because it's prime and less than 256.) We don't  
want a constitutional crisis over using it. We want to be flexible  
enough that it's pretty obvious how to extend OpenPGP to use new hash  
functions with DSA.

	Jon

v2.23.0 | Report a Bug | By Email