Re: ASN.1 OID for TIGER/192

David Shaw <dshaw@jabberwocky.com> Mon, 30 September 2002 17:07 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12848 for <openpgp-archive@lists.ietf.org>; Mon, 30 Sep 2002 13:07:33 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8UGtMF29063 for ietf-openpgp-bks; Mon, 30 Sep 2002 09:55:22 -0700 (PDT)
Received: from claude.kendall.corp.akamai.com (fw01.cmbrmaks.akamai.com [80.67.64.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8UGtLv29056 for <ietf-openpgp@imc.org>; Mon, 30 Sep 2002 09:55:21 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.corp.akamai.com (8.11.6/8.11.6) id g8UGtHG04008 for ietf-openpgp@imc.org; Mon, 30 Sep 2002 12:55:17 -0400
Date: Mon, 30 Sep 2002 12:55:17 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: Re: ASN.1 OID for TIGER/192
Message-ID: <20020930165517.GE1682@akamai.com>
Mail-Followup-To: ietf-openpgp@imc.org
References: <20020927125550.GA14033@akamai.com> <20020927155054.GB17939@stonewall>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020927155054.GB17939@stonewall>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-URL: http://www.jabberwocky.com/
User-Agent: Mutt/1.5.1i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Fri, Sep 27, 2002 at 03:50:54PM +0000, Brian M. Carlson wrote:

> I think it would be the height of silliness to have an algorithm in
> the standard and prohibit its use. In fact, it is like revoking your
> signature on someone's key: it is a vote of no confidence, a statement
> that it is worthless. 

Of course, but OpenPGP is sensitive to the strengths of all of its
hash algorithms (as noted in the "Security Considerations" section).
If TIGER was put into the standard with less care because it couldn't
be used anyway without an OID, then now is an appropriate time to
decide whether it should be in the standard or not.  Mind you, I don't
know the history here - there could have been significant care taken.

I'm not for or against using TIGER in OpenPGP, but my feeling is that
if we are going to include TIGER, then we should do it intentionally,
with all due care taken.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson