Re: [openpgp] Regulation of algo deprecation

Werner Koch <wk@gnupg.org> Wed, 04 November 2015 08:31 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B657E1A0180 for <openpgp@ietfa.amsl.com>; Wed, 4 Nov 2015 00:31:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UOiK2XdpMrLD for <openpgp@ietfa.amsl.com>; Wed, 4 Nov 2015 00:31:28 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3D181A019B for <openpgp@ietf.org>; Wed, 4 Nov 2015 00:31:20 -0800 (PST)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1ZttTT-0008Sz-4Q for <openpgp@ietf.org>; Wed, 04 Nov 2015 09:31:19 +0100
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1ZttNa-0008Ka-Lw; Wed, 04 Nov 2015 09:25:14 +0100
From: Werner Koch <wk@gnupg.org>
To: Aaron Zauner <azet@azet.org>
References: <563931B6.9050107@googlemail.com> <56394A8A.5070904@azet.org>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Mail-Followup-To: Aaron Zauner <azet@azet.org>, Nils Durner <ndurner@googlemail.com>, "openpgp\@ietf.org" <openpgp@ietf.org>
Date: Wed, 04 Nov 2015 09:25:14 +0100
In-Reply-To: <56394A8A.5070904@azet.org> (Aaron Zauner's message of "Wed, 04 Nov 2015 01:00:10 +0100")
Message-ID: <877flyuq6t.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Ys_VSySFD7gjBkpezuFRglD5JQI>
Cc: Nils Durner <ndurner@googlemail.com>, "openpgp@ietf.org" <openpgp@ietf.org>
Subject: Re: [openpgp] Regulation of algo deprecation
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2015 08:31:29 -0000

On Wed,  4 Nov 2015 01:00, azet@azet.org said:

> So my impression is that GnuPG / OpenPGP current support far to many
> possible algorithm choices. We should really limit that. For novice

Right.  FWIW, I had a meeting in 2000 with PRZ and Jon Callas at the AES
conference in Rome where Phil begged us to limit the number of supported
algorithms.  Nevertheless we added Twofish (which was a high ranked AES
candidate then) anyway due to the need for 128 bit block cipher and
later we added Camellia for political reasons.

> CFRG recently recommended Curve25519 (or whatever nomenclature is
> currently en vouge), so why bother with Brainpool at all?

I took Brainpool merely as an example.  These curves are not defined by
an RFC but implementations may add them using an OID. Well, this OID
thing is somewhat questionable but then we also do not specify an upper
limit for RSA key sizes or require the support for certain key sizes.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.