Re: [openpgp] PKI (RFC 5480) mapping to ECC keys (RFC 6637)
Werner Koch <wk@gnupg.org> Sat, 20 July 2013 08:24 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA35B11E80CC for <openpgp@ietfa.amsl.com>; Sat, 20 Jul 2013 01:24:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.949
X-Spam-Level:
X-Spam-Status: No, score=-9.949 tagged_above=-999 required=5 tests=[AWL=-0.550, BAYES_00=-2.599, J_CHICKENPOX_47=0.6, J_CHICKENPOX_54=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vn7aMtS+Lwy7 for <openpgp@ietfa.amsl.com>; Sat, 20 Jul 2013 01:24:54 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by ietfa.amsl.com (Postfix) with ESMTP id DC98811E8135 for <openpgp@ietf.org>; Sat, 20 Jul 2013 01:24:53 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1V0ST2-0000h1-KD for <openpgp@ietf.org>; Sat, 20 Jul 2013 10:24:40 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.80 #3 (Debian)) id 1V0SOY-0003iQ-HM; Sat, 20 Jul 2013 10:20:02 +0200
From: Werner Koch <wk@gnupg.org>
To: Andrey Jivsov <openpgp@brainhub.org>
References: <51E84A3C.8060800@brainhub.org> <87a9lid8yq.fsf@vigenere.g10code.de> <51E9A029.6000303@brainhub.org>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=1E42B367; url=finger:wk@g10code.com
Date: Sat, 20 Jul 2013 10:20:02 +0200
In-Reply-To: <51E9A029.6000303@brainhub.org> (Andrey Jivsov's message of "Fri, 19 Jul 2013 13:23:05 -0700")
Message-ID: <87zjthabil.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Cc: openpgp@ietf.org
Subject: Re: [openpgp] PKI (RFC 5480) mapping to ECC keys (RFC 6637)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jul 2013 08:24:59 -0000
On Fri, 19 Jul 2013 22:23, openpgp@brainhub.org said: > The simplification is generic. Now that we would have 3 IDs for ECC, > it is more efficient to check 18 <= x <= 20 then for 3 arbitrary Compared to the cyrpto operations any efficieny here is a joke. > Do we know of at least one case when 20 is used in deployed > applications? This will be enough to require 22 for ECDSA+ECDH. GnuPG supported this from 1998 to 1.3.5 (2004-02-26). I have hundreds of those signatures in my keyrings despite that there is no more support in GnuPG. Recycling this identifier would be a Bad Thing™. Internal PGP versions used a couple of the lower numbered IDs and they have not been recycled, either. > Let me answer why do I think that ECDSA+ECDH ID is a useful feature. I agree that it is useful; I only remarked that the X.509 based rationale is a bit weak. > right now. Assuming that most OpenPGP keys are RSA keys, they use > sign+encrypt ID 1 and then use the appropriate key usage flags. Or 2 or 3. They still pop once once in a while. > The compact ECC point representation plus ECDSA+ECDH ID in a single > document is one way to do this. >From my understanding of the IETF procedures this will indeed be the case. > I was wondering, however, that given that ECDSA+ECDH ID is such an > easy change that fits in a few sentences, it feels like an errata to > the RFC 6637. All it needs to say is that "use ID 2x for ECDSA+ECDH" > and then define that ID in another sentence. Maybe, but recall rfc4880 states: initial values for this registry can be found in Section 9. Adding a new public-key algorithm MUST be done through the IETF CONSENSUS method, as described in [RFC2434]. That is for an algorithm but not the id, though. Please use whatever is the easiest way for you. I would appreciate if we could informally agree on an identifier right now so that I can put it into the next GnuPG 1.4 release which is due in a few days. This would avoid a '?' as algorithm in a key listing. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] PKI (RFC 5480) mapping to ECC keys (RFC… Andrey Jivsov
- Re: [openpgp] PKI (RFC 5480) mapping to ECC keys … Daniel Kahn Gillmor
- Re: [openpgp] PKI (RFC 5480) mapping to ECC keys … Werner Koch
- Re: [openpgp] PKI (RFC 5480) mapping to ECC keys … Andrey Jivsov
- Re: [openpgp] PKI (RFC 5480) mapping to ECC keys … Paul Wouters
- Re: [openpgp] PKI (RFC 5480) mapping to ECC keys … Werner Koch
- Re: [openpgp] PKI (RFC 5480) mapping to ECC keys … Andrey Jivsov
- Re: [openpgp] PKI (RFC 5480) mapping to ECC keys … Werner Koch