IETF Logo Mail Archive

Re: Mandatory Algorithm Changes?

Werner Koch <wk@gnupg.org> Tue, 08 February 2005 18:53 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA04359 for <openpgp-archive@lists.ietf.org>; Tue, 8 Feb 2005 13:53:51 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j18IdxtW027921; Tue, 8 Feb 2005 10:39:59 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j18IdxCf027920; Tue, 8 Feb 2005 10:39:59 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j18IdwXf027888 for <ietf-openpgp@imc.org>; Tue, 8 Feb 2005 10:39:58 -0800 (PST) (envelope-from wk@gnupg.org)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1CyZbD-0003de-2S for <ietf-openpgp@imc.org>; Tue, 08 Feb 2005 18:56:31 +0100
Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1CyaHK-0001tW-1a; Tue, 08 Feb 2005 19:40:02 +0100
To: Jon Callas <jon@callas.org>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Mandatory Algorithm Changes?
References: <0e2405990b7f7b186cd70e8603889d04@callas.org>
From: Werner Koch <wk@gnupg.org>
Organisation: g10 Code GmbH
OpenPGP: id=5B0358A2; url=finger:wk@g10code.com
Date: Tue, 08 Feb 2005 19:40:02 +0100
In-Reply-To: <0e2405990b7f7b186cd70e8603889d04@callas.org> (Jon Callas's message of "Tue, 8 Feb 2005 09:42:20 -0800")
Message-ID: <87sm4628vx.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Tue, 8 Feb 2005 09:42:20 -0800, Jon Callas said:


> Does anyone object to changing the MUST cipher to AES (I'd pick 128)
> and MUST hash to SHA-256?

Breaks interoperability with existing OpenPGP applications.  I am not
aware of any new security problems with 3DES which would justify such
a step.  Adding AES-128 as another MUST algorithm would be fine with
me but this breaks interoperability too.

SHA-256 is even worser.  In addition to the interop problems,
applications using OpenPGP tools need to be changed to make use of the
longer digest.  Dropping MD5 is really a good idea, but I doubt that
SHA-256 has been analyzed as much as the older algorithms.  Given that
there are now doubts on the general design principle of all common
hash algorithms, I think it is a bit to early to make it a MUST.

I guess that there are other things in OpenPGP that are more
vulnerable to attacks than SHA-1.  Better do a new RFC now and then
start thinking about all the open issues.


Shalom-Salam,

   Werner

v2.23.0 | Report a Bug | By Email