Re: [openpgp] Intent to deprecate: Insecure primitives

Stephen Paul Weber <singpolyma@singpolyma.net> Mon, 16 March 2015 21:15 UTC

Date: Mon, 16 Mar 2015 16:15:18 -0500
From: Stephen Paul Weber <singpolyma@singpolyma.net>
To: David Leon Gil <coruus@gmail.com>
Message-ID: <20150316211518.GL2944@singpolyma-liberty>
References: <CAA7UWsWBoXpZ2q=Lv151R593v3u=SPNif39ySX_-8=fqMniiVg@mail.gmail.com> <87sid5si30.fsf@alice.fifthhorseman.net> <20150316144934.GC2944@singpolyma-liberty> <E3F86C55-7A91-4EB8-9802-42A72FDA46D7@callas.org> <CAA7UWsWYz+BRWsv-GJutpX3zSz-8G7oWEBgPG54WEowHBw5=qQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="M/SuVGWktc5uNpra"
Content-Disposition: inline
In-Reply-To: <CAA7UWsWYz+BRWsv-GJutpX3zSz-8G7oWEBgPG54WEowHBw5=qQ@mail.gmail.com>
Jabber-ID: singpolyma@singpolyma.net
OpenPGP: id=CE519CDE; url=https://singpolyma.net/public.asc
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/YL4DNbU942Uq7AKERRWr9jJoxcs>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>, Jon Callas <jon@callas.org>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
Precedence: list

>My impression was that many new implementations use the RSA-S and RSA-E

The opposite is true.  RSA-S and RSA-E are from old implementations.  These 
days there are more robust ways to specify what a key is for.

>I generally prefer domain separation, but I don't think there's a relevant
>security difference *so long as* implementations do not generate a single
>RSA key such that its key usage intersects only one of {certify, sign,
>authenticate} or {encrypt communications, encrypt bulk}.

For sure, but this seperation is done in metadata, not in the algorithm 
identifier.

-- 
Stephen Paul Weber, @singpolyma
See <http://singpolyma.net> for how I prefer to be contacted
edition right joseph

Attachment: signature.asc

Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
Re: [openpgp] Intent to deprecate: Insecure primi… Wyllys Ingersoll
Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Farrell
Re: [openpgp] Intent to deprecate: Insecure primi… Kristian Fiskerstrand
Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
Re: [openpgp] Intent to deprecate: Insecure primi… vedaal
Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
[openpgp] Intent to deprecate: Insecure primitives David Leon Gil
Re: [openpgp] Intent to deprecate: Insecure primi… Ryan Carboni
Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
Re: [openpgp] Intent to deprecate: Insecure primi… Peter Gutmann
Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
Re: [openpgp] Intent to deprecate: Insecure primi… Phillip Hallam-Baker
Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
Re: [openpgp] Intent to deprecate: Insecure primi… Andrew Skretvedt
Re: [openpgp] Intent to deprecate: Insecure primi… ianG
Re: [openpgp] Intent to deprecate: Insecure primi… ianG
Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
Re: [openpgp] Intent to deprecate: Insecure primi… ianG
Re: [openpgp] Intent to deprecate: Insecure primi… Ben McGinnes
Re: [openpgp] Intent to deprecate: Insecure primi… Tom Ritter
[openpgp] Intent to deprecate: Insecure primitives David Leon Gil

Re: [openpgp] Intent to deprecate: Insecure primitives

Attachment: signature.asc