IETF Logo Mail Archive

Re: Suggested changes for DSA2

David Shaw <dshaw@jabberwocky.com> Sun, 26 March 2006 22:19 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FNdZo-0003lR-PM for openpgp-archive@lists.ietf.org; Sun, 26 Mar 2006 17:19:12 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FNdZn-0003LK-DE for openpgp-archive@lists.ietf.org; Sun, 26 Mar 2006 17:19:12 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2QLtkJn046188; Sun, 26 Mar 2006 14:55:46 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2QLtkPR046187; Sun, 26 Mar 2006 14:55:46 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2QLtjgs046181 for <ietf-openpgp@imc.org>; Sun, 26 Mar 2006 14:55:45 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k2QLtdk13445; Sun, 26 Mar 2006 16:55:39 -0500
Received: from grover.jabberwocky.com ([172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.6/8.13.5) with ESMTP id k2QLtbEU002855; Sun, 26 Mar 2006 16:55:37 -0500
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k2QLtWCC023209; Sun, 26 Mar 2006 16:55:32 -0500
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k2QLtVNm023208; Sun, 26 Mar 2006 16:55:31 -0500
Date: Sun, 26 Mar 2006 16:55:31 -0500
From: David Shaw <dshaw@jabberwocky.com>
To: Hal Finney <hal@finney.org>
Cc: ietf-openpgp@imc.org
Subject: Re: Suggested changes for DSA2
Message-ID: <20060326215531.GF30637@jabberwocky.com>
Mail-Followup-To: Hal Finney <hal@finney.org>, ietf-openpgp@imc.org
References: <20060326180218.12C8057FAE@finney.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20060326180218.12C8057FAE@finney.org>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.11
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007

On Sun, Mar 26, 2006 at 10:02:18AM -0800, "Hal Finney" wrote:

> It's always a tricky question, how much we should try to enforce
> security standards in a data-format document.  We do put minimum length
> restrictions on the moduli to try to protect users against making one
> kind of mistake, using a too-short key.  In the same way, I don't think
> we should allow them to use a 160-bit q for a 3072-bit p.  This is the
> spirit behind my suggestion to just allow the NIST sizes.

I think we more or less agree on this.  My only sticking point is the
idea of allowing people to do something other than the NIST sizes.
How about we make the NIST sizes a SHOULD (like the minimum length
restrictions are SHOULD NOTs), and add a sentence after that to read
something like "Caution should be taken when deviating from the above
parameters which were carefully chosen to balance the strength of the
hash with the strength of the key." ?

That would seem to be the best of all worlds: we strongly advise
people to use the NIST sizes, tell them why we want them to use the
NIST sizes, but don't lock them down.

David

v2.23.0 | Report a Bug | By Email