Diffs for next draft
Jon Callas <jon@callas.org> Wed, 22 August 2001 23:17 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA26083 for <openpgp-archive@odin.ietf.org>; Wed, 22 Aug 2001 19:17:23 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f7MN2L828657 for ietf-openpgp-bks; Wed, 22 Aug 2001 16:02:21 -0700 (PDT)
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f7MN2JN28653 for <ietf-openpgp@imc.org>; Wed, 22 Aug 2001 16:02:19 -0700 (PDT)
Received: from [63.73.97.181] (64.69.113.115) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3) for <ietf-openpgp@imc.org>; Wed, 22 Aug 2001 16:02:17 -0700
Mime-Version: 1.0
X-Sender: jon@merrymeet.com
Message-Id: <p0510033eb7a9e75acb61@[63.73.97.181]>
Date: Wed, 22 Aug 2001 15:52:12 -0700
To: ietf-openpgp@imc.org
From: Jon Callas <jon@callas.org>
Subject: Diffs for next draft
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Here's everything I have. If there's something you want me to do and I've been obtuse, let me know again, and it'll get in. I'm planning on submitting the draft in about 24 hours. I can always do another one when something's omitted, so don't panic. Jon 3,6c3,6 < Category: INTERNET-DRAFT Counterpane Internet Security < draft-ietf-openpgp-rfc2440bis-02.txt < Expires Apr 2001 Lutz Donnerhacke < October 2000 IN-Root-CA Individual Network e.V. --- > Category: INTERNET-DRAFT Wave Systems Corporation > draft-ietf-openpgp-rfc2440bis-03.txt > Expires Feb 2002 Lutz Donnerhacke > August 2001 IN-Root-CA Individual Network e.V. 15c15 < draft-ietf-openpgp-rfc2440bis-02.txt --- > draft-ietf-openpgp-rfc2440bis-03.txt 18c18 < Copyright 2000 by The Internet Society. All Rights Reserved. --- > Copyright 2001 by The Internet Society. All Rights Reserved. 400,401c400,401 < 15 -- Symmetrically Encrypted and Integrity Protected Data Packet < 16 -- Modification Detection Code Packet --- > 18 -- Symmetrically Encrypted and Integrity Protected Data Packet > 19 -- Modification Detection Code Packet 530a531,540 > Algorithm Specific Fields for ElGamal signatures: > .block on - > MPI of ElGamal value a = g**k mod p. > MPI of ElGamal value b = (h-a*x)/k mod p-1. > .block off > > The hash h is PKCS-1 padded exactly the same way as for the above > described RSA signatures. > > 537a548,550 > SHA256: 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 > SHA384: 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 > SHA512: 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 545a559,561 > SHA256: 2.16.840.1.101.3.4.2.1 > SHA384: 2.16.840.1.101.3.4.2.2 > SHA512: 2.16.840.1.101.3.4.2.3 567a584,598 > .block blank > SHA256: 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, > 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, > 0x00, 0x04, 0x20 > > .block blank > SHA384: 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, > 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, > 0x00, 0x04, 0x30 > > .block blank > SHA512: 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, > 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, > 0x00, 0x04, 0x40 > 765a797,799 > Since the user name space is in the form of an email address, >implementors MAY wish to arrange for that address to reach a person who >can be consulted about the use of the named tag. Note that due to UTF-8 >encoding, not all valid user space name tags are valid email addresses. > > 852c886 < 1 - Modification Detection (packets 15 and 16) --- > 1 - Modification Detection (packets 18 and 19) 863c897 < When a signature is made over a key, the hash data starts with the octet 0x99, followed by a two-octet length of the key, and then body of the key packet. (Note that this is an old-style packet header for a key packet with two-octet length.) A subkey signature (type 0x18) then hashes the subkey, using the same format as the main key. Key revocation signatures (types 0x20 and 0x28) hash only the key being revoked. --- > When a signature is made over a key, the hash data starts with the octet >0x99, followed by a two-octet length of the key, and then body of the key >packet. (Note that this is an old-style packet header for a key packet >with two-octet length.) A subkey signature (type 0x18) then hashes the >subkey, using the same format as the main key (also using 0x99 as the >first octet). Key revocation signatures (types 0x20 and 0x28) hash only >the key being revoked. 1071c1105,1106 < Two-octet checksum of the plaintext of the algorithm-specific portion (sum of all octets, mod 65536). --- > Two-octet checksum of the plaintext of the algorithm-specific portion >(sum of all octets, mod 65536). This checksum is encrypted together with >the algorithm- specific fields. > 1172c1207 < .head 2 Sym. Encrypted Integrity Protected Data Packet (Tag 15) --- > .head 2 Sym. Encrypted Integrity Protected Data Packet (Tag 18) 1204c1239 < .head 2 Modification Detection Code Packet (Tag 16) --- > .head 2 Modification Detection Code Packet (Tag 19) 1523c1558 < Implementations MUST implement Triple-DES. Implementations SHOULD implement IDEA and CAST5.Implementations MAY implement any other algorithm. --- > Implementations MUST implement Triple-DES. Implementations SHOULD >implement AES-128 and CAST5. Implementations that interoperate with PGP >2.6 or earlier need to support IDEA, as that is the only symmetric cipher >those versions use. Implementations MAY implement any other algorithm. 1545c1580 < 4 - Reserved for double-width SHA (experimental) --- > 4 - Reserved for double-width SHA (experimental, obviated) 1548a1584,1586 > 8 - SHA256 "SHA256" > 9 - SHA384 "SHA384" > 10 - SHA512 "SHA512" 1754c1792 < If an Elgamal key is to be used for both signing and encryption, extra care must be taken in creating the key. --- > If an Elgamal key [ELGAMAL] is to be used for both signing and >encryption, extra care must be taken in creating the key. 1756c1794 < An ElGamal key consists of a generator g, a prime modulus p, a secret exponent x, and a public value y = g^x mod p. --- > An Elgamal key consists of a generator g, a prime modulus p, a secret >exponent x, and a public value y = g^x mod p. 1764c1802 < Details on safe use of Elgamal signatures may be found in [MENEZES], which discusses all the weaknesses described above. --- > Details on safe use of Elgamal signatures may be found in [MENEZES], >which discusses all the weaknesses described above. Please note that >Elgamal signatures are controversial; because of the care that must be >taken with Elgamal keys, many implementations forego them. 1915,1917c1953,1955 < Counterpane Internet Security, Inc. < 3031 Tisch Way, suite 100 East Plaza < San Jose, CA 95128, USA --- > Wave Systems Corp. > 1601 S. DeAnza Blvd, Suite 200 > Cupertino, CA 95014, USA 1920,1921c1958,1959 < Email: jon@callas.org, jon@counterpane.com < Tel: +1 (408) 556-2445 --- > Email: jon@callas.org, jcallas@wavesys.com > Tel: +1 (408) 448-6801 2059c2097 < Copyright 2000 by The Internet Society. All Rights Reserved. --- > Copyright 2001 by The Internet Society. All Rights Reserved.
- Diffs for next draft Jon Callas
- Re: Diffs for next draft Werner Koch
- Re: Diffs for next draft Jon Callas
- Re: Diffs for next draft Edwin Woudt
- Re: Diffs for next draft Jon Callas
- Encoding of "features" subpacket Michael Young
- Re: Diffs for next draft Michael Young
- Re: Encoding of "features" subpacket Jon Callas
- Re: Diffs for next draft David Shaw
- Re: Diffs for next draft David Shaw
- Re: Diffs for next draft Jon Callas
- Klima/Rosa attack (was: Re: Diffs for next draft) Edwin Woudt
- Encoding "secret key is hashed" Michael Young
- Re: Klima/Rosa attack (was: Re: Diffs for next dr… Ingo Luetkebohle
- Re: Encoding "secret key is hashed" Edwin Woudt
- Re: Encoding "secret key is hashed" Werner Koch
- Re: Encoding "secret key is hashed" Michael Young
- Re: Encoding "secret key is hashed" Michael Young
- Re: Encoding "secret key is hashed" Ingo Luetkebohle
- Re: Encoding "secret key is hashed" Werner Koch
- Re: Encoding "secret key is hashed" Michael Young
- Re: Diffs for next draft Jon Callas
- Re: Diffs for next draft David Shaw
- Re: Diffs for next draft Werner Koch
- How to update a self-signature? Michael Young
- Re: How to update a self-signature? David Shaw
- Re: Diffs for next draft Florian Weimer
- Re: How to update a self-signature? Werner Koch
- Re: How to update a self-signature? Derek Atkins
- Re: How to update a self-signature? Florian Weimer
- Re: How to update a self-signature? David Shaw
- Re: How to update a self-signature? David Shaw
- Re: How to update a self-signature? Derek Atkins
- Re: How to update a self-signature? Werner Koch
- Re: How to update a self-signature? David Shaw
- Re: How to update a self-signature? Werner Koch
- Keyserver thoughts (was Re: How to update a self-… David Shaw
- Certification revocation -- identifying the revok… Michael Young
- Re: Certification revocation -- identifying the r… Thomas Roessler