Re: OpenPGP question

Sam Hartman <hartmans-ietf@mit.edu> Tue, 17 October 2006 19:18 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GZuSm-0004jE-JF for openpgp-archive@lists.ietf.org; Tue, 17 Oct 2006 15:18:56 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GZuJF-0006ox-2U for openpgp-archive@lists.ietf.org; Tue, 17 Oct 2006 15:09:09 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k9HIf6nX029573; Tue, 17 Oct 2006 11:41:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k9HIf61l029572; Tue, 17 Oct 2006 11:41:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from carter-zimmerman.mit.edu (carter-zimmerman.dyn.mit.edu [18.188.3.148]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k9HIf1Rb029560 for <ietf-openpgp@imc.org>; Tue, 17 Oct 2006 11:41:01 -0700 (MST) (envelope-from hartmans@mit.edu)
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id B9412E01E6; Tue, 17 Oct 2006 14:40:52 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: David Shaw <dshaw@jabberwocky.com>
Cc: housley@vigilsec.com, jon@callas.org, hal@finney.org, derek@ihtfp.com, ietf-openpgp@imc.org
Subject: Re: OpenPGP question
References: <20060921010939.GA3993@jabberwocky.com>
Date: Tue, 17 Oct 2006 14:40:52 -0400
In-Reply-To: <20060921010939.GA3993@jabberwocky.com> (David Shaw's message of "Wed, 20 Sep 2006 21:09:39 -0400")
Message-ID: <tsl7iyyrdjf.fsf@cz.mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464



Hi.


I'm sorry it has taken me so long to get back to this.  I wanted to
make sure I thoroughly understood the MDC in 2440bis and also wanted
to talk with Russ and other security experts.

I've convinced myself that the MDC's use of sha-1 is probably OK.
However algorithm agility is an absolute requirement.  The document
needs to clearly articulate a strategy for upgrading the algorithm
used by the MDC and to explain how clients can detect support for this
algorithm if asymmetric keys are involved.  I was going to ask for the
ability to include multiple MDC packets to support phased upgrades,
but Russ convinced me that this is not necessary.


Also, I would like to ask you to submit the section of your document
describing the MDC to the CFRG for their review.  I suspect they are
not going to like it much, but we need to give them a chance to find
any huge show stoppers.

So, I'm asking for the following specific actions:

1) Document your algorithm upgrade strategy.

2) Ask for a CFRG review 

--Sam