Re: [Sam Hartman] Openpgp comments
Ian G <iang@systemics.com> Tue, 19 September 2006 19:37 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GPlPH-0001dc-NR for openpgp-archive@lists.ietf.org; Tue, 19 Sep 2006 15:37:23 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GPlPC-0007mF-AP for openpgp-archive@lists.ietf.org; Tue, 19 Sep 2006 15:37:23 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8JIt52A095244; Tue, 19 Sep 2006 11:55:05 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k8JIt5Mj095243; Tue, 19 Sep 2006 11:55:05 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mailgate.enhyper.net ([80.168.109.121]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8JIt3t4095217 for <ietf-openpgp@imc.org>; Tue, 19 Sep 2006 11:55:04 -0700 (MST) (envelope-from iang@systemics.com)
Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 368532F0D2 for <ietf-openpgp@imc.org>; Tue, 19 Sep 2006 19:54:57 +0100 (BST)
Message-ID: <45103D0C.3000707@systemics.com>
Date: Tue, 19 Sep 2006 20:55:08 +0200
From: Ian G <iang@systemics.com>
Organization: http://financialcryptography.com/
User-Agent: Thunderbird 1.5 (X11/20060317)
MIME-Version: 1.0
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: [Sam Hartman] Openpgp comments
References: <sjmd59txlnv.fsf@cliodev.pgp.com> <1CF1EBF5-1C5A-4ACE-A489-10ED8D9BD31C@callas.org> <20060919121914.GC30748@jabberwocky.com> <871wq89e1h.fsf@wheatstone.g10code.de> <20060919144037.GD30748@jabberwocky.com>
In-Reply-To: <20060919144037.GD30748@jabberwocky.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
David Shaw wrote: > On Tue, Sep 19, 2006 at 03:33:30PM +0200, Werner Koch wrote: > >> The more interesting question is what we are going to do about the >> SHA-1 requirement for a fingerprint and things like designated >> revokers - this is a more troublesome use of SHA-1. Oh, sorry, I was >> just thinking loudly. > > This is exactly my point. If we reopen the SHA-1 issue for the MDC, > what stops someone from wanting a change in fingerprints or the secret > key protection format, or the "hash of last resort" or any of the > other hardcoded uses of SHA-1 in the standard? Yes. But at the end of the day, regardless of whether we leave the doc as it is, or fix the MDC, or fix the above things, I'd suggest that the difference is the same: minimal. That is, a far better result is getting the doc finished and out the door ... partly because this appears to be a "herding" change of no great security impact, and partly so we can start on an updated / rewired / rewritten / reviewed doc. To my mind, then, it comes down to an optimisation problem in determining how to get the doc out the door. Security, common sense, and all that are out the window. > The request to remove SHA-1 from the MDC seems to be just a > misunderstanding. It's worth an email to try and resolve the > misunderstanding before we get into design, much less code, changes. If you are confident of that, perhaps have a shot at drafting that email? As "plan B." This might leave Jon free to concentrate on the "plan A" approach of adding MDC-v2,3. (Just a thought ... I'm not clear enough on the minutia to be confident enough to draft the email, myself.) > A simple email to resolve a misunderstanding seems like the easiest > "fix" here. If that doesn't work, or it turns out not to be a > misunderstanding, then we can go on and do the design changes, no harm > done. Perhaps the phone conference as suggested? I can see how that might get a result more quickly, as it allows misunderstandings to be cleared up more easily than an email cycle. Just throwing ideas around, here. Feel free to ignore. iang
- [Sam Hartman] Openpgp comments Derek Atkins
- Re: [Sam Hartman] Openpgp comments "Hal Finney"
- Re: [Sam Hartman] Openpgp comments Jon Callas
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Ian G
- Re: [Sam Hartman] Openpgp comments Werner Koch
- Re: [Sam Hartman] Openpgp comments Ian G
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Werner Koch
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Ian G
- Re: [Sam Hartman] Openpgp comments Jon Callas
- Re: [Sam Hartman] Openpgp comments Daniel A. Nagy
- Re: [Sam Hartman] Openpgp comments David Shaw
- Re: [Sam Hartman] Openpgp comments Daniel A. Nagy
- RE: [Sam Hartman] Openpgp comments Anton Stiglic
- Re: [Sam Hartman] Openpgp comments Werner Koch
- Re: [Sam Hartman] Openpgp comments Lutz Donnerhacke
- Re: [Sam Hartman] Openpgp comments Marko Kreen