Re: [openpgp] Catch 22 in ECC support of OpenPGP?
Jon Callas <jon@callas.org> Fri, 31 January 2014 10:04 UTC
Return-Path: <jon@callas.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7925A1A0583 for <openpgp@ietfa.amsl.com>; Fri, 31 Jan 2014 02:04:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tMJBXz_abD8t for <openpgp@ietfa.amsl.com>; Fri, 31 Jan 2014 02:04:34 -0800 (PST)
Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id AD26F1A0580 for <openpgp@ietf.org>; Fri, 31 Jan 2014 02:04:34 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id E14BD4C3BACB; Fri, 31 Jan 2014 02:04:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at merrymeet.com
Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (merrymeet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w2YWcyINlo8X; Fri, 31 Jan 2014 02:04:29 -0800 (PST)
Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id 1918E4C3BAC1; Fri, 31 Jan 2014 02:04:26 -0800 (PST)
Received: from [192.168.10.68] ([192.76.146.51]) by keys.merrymeet.com (PGP Universal service); Fri, 31 Jan 2014 02:04:29 -0800
X-PGP-Universal: processed; by keys.merrymeet.com on Fri, 31 Jan 2014 02:04:29 -0800
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Jon Callas <jon@callas.org>
In-Reply-To: <87iot0y1su.fsf@vigenere.g10code.de>
Date: Fri, 31 Jan 2014 02:04:24 -0800
Message-Id: <E238B88A-6259-4D1F-A432-AD0D20652392@callas.org>
References: <87iot0y1su.fsf@vigenere.g10code.de>
To: Werner Koch <wk@gnupg.org>
X-Mailer: Apple Mail (2.1827)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: "openpgp@ietf.org OpenPGP" <openpgp@ietf.org>, Jon Callas <jon@callas.org>
Subject: Re: [openpgp] Catch 22 in ECC support of OpenPGP?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2014 10:04:36 -0000
> For EdDSA we need a new RFC to have the IANA assign a new algorithm id. > While doing that we should also address two questions: > > 1. Shall we keep the OID field or shall we replace it with either a > curve size parameter or maybe assign a single algorithm identifier > for Ed25519/EdDSA? OIDs are just unique constants. It's quasi-IANA governed. Getting an OID is easy as long as you have a base OID from the IEEE. I've gotten OIDs for a number of organizations, and once you have one, you just put your own off of that. So suppose they give you [1.2.3.4]. All you need to do is make [1.2.3.4.x.y.z...] for your own OIDs for whatever purpose. If you look at <http://www.oid-info.com/faq.htm>, particularly question 10, there are easy ways to get one. There are suggestions that include how to get an OID from IANA, and also how to use a UUID as an OID. > > 2. Does the use of MPIs make sense? Bernstein defines the key as well > as the signature material as octet strings and not as MPIs. As you've noted, in RFC 6637, Andrey codes an EC point into an MPI, which I think is clever, and works fine. Why not just do it? > > A reason to drop the OID field would be smaller key material which may > help with key backup or direct use of the key. However, it complicates > parsing because we would need two methods. I am fine with the OIDs > (after all I suggested them) because for key backup we can use our own > format. Such a format should be URI encoded for use in QR codes anyway. That's a good argument for not using a UUID, because it's going to be over 16 bytes long. But you can go to IANA for an OID, or get your own OID base and then just issue one from there. > > Of course we could informally agree on an algorithm id for EdDSA, as we > always did in the OpenPGP WG. However, a new algorithm id is not > sufficient as long as we do not have answers to the above questions. We > better go in lock-step with the Ladd I-D. Is there anyone with free > time to write an I-D? I'd say just do something that will work. Get an OID, we agree on an algorithm ID, and then Bob's your uncle and Alice is your auntie. > > Shouldn't we continue this discussing at the IETF OpenPGP mailing list? You mean this isn't? Jon
- Re: [openpgp] Catch 22 in ECC support of OpenPGP? Andrey Jivsov
- [openpgp] Catch 22 in ECC support of OpenPGP? Werner Koch
- Re: [openpgp] Catch 22 in ECC support of OpenPGP? Jon Callas
- Re: [openpgp] Catch 22 in ECC support of OpenPGP? Werner Koch
- Re: [openpgp] Catch 22 in ECC support of OpenPGP? Jon Callas
- Re: [openpgp] Catch 22 in ECC support of OpenPGP? Andrey Jivsov