Re: [Sam Hartman] Openpgp comments

David Shaw <dshaw@jabberwocky.com> Tue, 19 September 2006 03:11 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GPW0x-0000IX-BE for openpgp-archive@lists.ietf.org; Mon, 18 Sep 2006 23:11:15 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GPVtW-0003sq-KR for openpgp-archive@lists.ietf.org; Mon, 18 Sep 2006 23:03:36 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8J2Xh8F099352; Mon, 18 Sep 2006 19:33:43 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k8J2Xhh7099351; Mon, 18 Sep 2006 19:33:43 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8J2Xg80099345 for <ietf-openpgp@imc.org>; Mon, 18 Sep 2006 19:33:43 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k8J2Xex22199 for <ietf-openpgp@imc.org>; Mon, 18 Sep 2006 22:33:40 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.7/8.13.7) with ESMTP id k8J2XcPp019885 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Mon, 18 Sep 2006 22:33:39 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k8J2XXD5030956 for <ietf-openpgp@imc.org>; Mon, 18 Sep 2006 22:33:33 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k8J2XWFk030955 for ietf-openpgp@imc.org; Mon, 18 Sep 2006 22:33:32 -0400
Date: Mon, 18 Sep 2006 22:33:32 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: Re: [Sam Hartman] Openpgp comments
Message-ID: <20060919023332.GA30748@jabberwocky.com>
Mail-Followup-To: ietf-openpgp@imc.org
References: <sjmd59txlnv.fsf@cliodev.pgp.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <sjmd59txlnv.fsf@cliodev.pgp.com>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.12 (2006-08-05)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 1ac7cc0a4cd376402b85bc1961a86ac2

On Mon, Sep 18, 2006 at 11:02:44AM -0400, Derek Atkins wrote:

> The second issue is the encryption with integrity packet.  Today this
> is hard-wired to use SHA-1.  That's not OK.  We need an upgrade path
> for that and I think we need to support SHA-256 now.

Does the MDC actually need collision resistance?  I was under the
impression that (like the secret key "S2K 254" use of SHA-1) this was
essentially a checksum and the recent attacks against SHA-1 did not
apply.

David