Re: [openpgp] Wording/meaning (draft-06, 5.13.1)
Justus Winter <justus@sequoia-pgp.org> Wed, 20 July 2022 20:08 UTC
Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC4F2C159488 for <openpgp@ietfa.amsl.com>; Wed, 20 Jul 2022 13:08:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oZNg1UgcEMJJ for <openpgp@ietfa.amsl.com>; Wed, 20 Jul 2022 13:08:47 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0ED2C157B59 for <openpgp@ietf.org>; Wed, 20 Jul 2022 13:08:46 -0700 (PDT)
Received: (qmail 19237 invoked by uid 500); 20 Jul 2022 20:08:43 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
From: Justus Winter <justus@sequoia-pgp.org>
To: Bruce Walzer <bwalzer@59.ca>
Cc: openpgp@ietf.org
In-Reply-To: <YthdKvV4/q1G09XD@ohm.59.ca>
References: <YtMgfznF78Fb7KJC@ohm.59.ca> <874jzf4iz4.fsf@sequoia-pgp.org> <YthdKvV4/q1G09XD@ohm.59.ca>
Date: Wed, 20 Jul 2022 22:08:34 +0200
Message-ID: <87k0871r99.fsf@sequoia-pgp.org>
MIME-Version: 1.0
Content-Type: text/plain
X-Rspamd-Bar: /
X-Rspamd-Report: BAYES_HAM(-0.008354) MIME_GOOD(-0.1)
X-Rspamd-Score: -0.108354
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/2.8.28) with ESMTPSA; Wed, 20 Jul 2022 22:08:43 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/FbdauWmxICovgJ3sSC71xjDlZJk>
Subject: Re: [openpgp] Wording/meaning (draft-06, 5.13.1)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2022 20:08:49 -0000
Bruce Walzer <bwalzer@59.ca> writes: > On Sun, Jul 17, 2022 at 09:50:07PM +0200, Justus Winter wrote: >> Bruce Walzer <bwalzer@59.ca> writes: >> >> > At the end of section 5.13.1, at the end of the "NON-NORMATIVE >> > EXPLANATION" is the following text: >> > >> >>However, no update will be needed because the MDC has been replaced >> >>by the AEAD encryption described in this document. > [...] >> Previously, in RFC4880, the paragraph you quoted read: >> >> However, given the present state of hash function cryptanalysis >> and cryptography, it may be desirable to upgrade the MDC system to >> a new hash function. See Section 13.11 in the "IANA >> Considerations" for guidance. >> >> Does that clear things up? Maybe you can suggest some text to make this >> clearer? > > If the text in question ("However, no update will be needed ...") is > referring to a paragraph that no longer exists in the current > revision, wouldn't it make the most sense to just delete it too? The text refers to the paragraph preceding it in the current text, not to the paragraph in the previous version. To be explicit, the paragraph it refers to reads: Note also that unlike nearly every other OpenPGP subsystem, there are no parameters in the MDC system. It hard-defines SHA-1 as its hash function. This is not an accident. It is an intentional choice to avoid downgrade and cross-grade attacks while making a simple, fast system. (A downgrade attack would be an attack that replaced SHA2-256 with SHA-1, for example. A cross-grade attack would replace SHA-1 with another 160-bit hash, such as RIPEMD-160, for example.) Justus
- [openpgp] Wording/meaning (draft-06, 5.13.1) Bruce Walzer
- Re: [openpgp] Wording/meaning (draft-06, 5.13.1) Justus Winter
- Re: [openpgp] Wording/meaning (draft-06, 5.13.1) Bruce Walzer
- Re: [openpgp] Wording/meaning (draft-06, 5.13.1) Justus Winter
- Re: [openpgp] Wording/meaning (draft-06, 5.13.1) Bruce Walzer
- Re: [openpgp] Wording/meaning (draft-06, 5.13.1) Justus Winter