[Sam Hartman] Openpgp comments
Derek Atkins <derek@ihtfp.com> Mon, 18 September 2006 15:32 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GPL78-0007Fz-4C for openpgp-archive@lists.ietf.org; Mon, 18 Sep 2006 11:32:54 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GPL76-0004ov-Mo for openpgp-archive@lists.ietf.org; Mon, 18 Sep 2006 11:32:54 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8IF2mMa043007; Mon, 18 Sep 2006 08:02:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k8IF2mXm043006; Mon, 18 Sep 2006 08:02:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.ihtfp.org (MAIL.IHTFP.ORG [204.107.200.6]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8IF2k62043000 for <ietf-openpgp@imc.org>; Mon, 18 Sep 2006 08:02:47 -0700 (MST) (envelope-from warlord@MIT.EDU)
Received: from cliodev.pgp.com (CLIODEV.IHTFP.ORG [204.107.200.20]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail.ihtfp.org (Postfix) with ESMTP id D3F11BD8548 for <ietf-openpgp@imc.org>; Mon, 18 Sep 2006 11:02:46 -0400 (EDT)
Received: (from warlord@localhost) by cliodev.pgp.com (8.13.7/8.13.1/Submit) id k8IF2ifi003340; Mon, 18 Sep 2006 11:02:44 -0400
From: Derek Atkins <derek@ihtfp.com>
To: ietf-openpgp@imc.org
Subject: [Sam Hartman] Openpgp comments
Date: Mon, 18 Sep 2006 11:02:44 -0400
Message-ID: <sjmd59txlnv.fsf@cliodev.pgp.com>
User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d
Forwarded with permission. It looks like we still have some work to do on rfc2440bis. Do we need a meeting in San Diego? If so, I need to request it today. -derek
--- Begin Message ---Hi. I'm sorry it has taken so long but I needed to spin up to speed on openpgp standards, read the old 2440, read the new doc, understand some of the political history and then talk to Russ. I'm Basically done with the new doc. I want to work through the description of PGP CFB mode, but that's all I have left. However Russ and I have two large issues that we need fixed before I can bring the document to the IESG. The first is the lack of IANA registries. I understand this is left over from 2440. Back then, the IESG was much more willing to approve documents without IANA registries. Even in recent times the IESG has done this--for example, RFC 4120 doesn't have IANA registries created. It's actually my negative experience with RFC 4120 as well as changes in IESG membership that cause me to be quite certain that PGP needs IANA registries for all its parameters. This is doubly true if we're closing down the working group. You can use standards action as the registration policy if you are concerned about interactions with the rest of the spec. Take a look at RFC 2434. The one caution I'd suggest is that if you use the IESG approval registration policy, please give the IESG clear guidelines on what we should look for. "Evaluate using the same criteria as standards actions" is a fine criteria as is something like "avoid security and interoperability problems." The second issue is the encryption with integrity packet. Today this is hard-wired to use SHA-1. That's not OK. We need an upgrade path for that and I think we need to support SHA-256 now. I realize both of these issues are large. I'd be happy to get together with you and the authors on a conference call if that would be useful.--- End Message ---
-- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
- [Sam Hartman] Openpgp comments Derek Atkins
- Re: [Sam Hartman] Openpgp comments "Hal Finney"
- Re: [Sam Hartman] Openpgp comments Jon Callas
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Ian G
- Re: [Sam Hartman] Openpgp comments Werner Koch
- Re: [Sam Hartman] Openpgp comments Ian G
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Werner Koch
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Ian G
- Re: [Sam Hartman] Openpgp comments Jon Callas
- Re: [Sam Hartman] Openpgp comments Daniel A. Nagy
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Daniel A. Nagy
- RE: [Sam Hartman] Openpgp comments Anton Stiglic
- Re: [Sam Hartman] Openpgp comments Werner Koch
- Re: [Sam Hartman] Openpgp comments Lutz Donnerhacke
- Re: [Sam Hartman] Openpgp comments Marko Kreen