Re: how close is OpenPGP tied to SHA1
Ian G <iang@systemics.com> Mon, 02 February 2009 22:50 UTC
Return-Path: <owner-ietf-openpgp@mail.imc.org>
X-Original-To: ietfarch-openpgp-archive@core3.amsl.com
Delivered-To: ietfarch-openpgp-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6A9933A6B04 for <ietfarch-openpgp-archive@core3.amsl.com>; Mon, 2 Feb 2009 14:50:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.63
X-Spam-Level:
X-Spam-Status: No, score=-1.63 tagged_above=-999 required=5 tests=[AWL=-0.323, BAYES_00=-2.599, MISSING_HEADERS=1.292]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LKA-iF1WezfX for <ietfarch-openpgp-archive@core3.amsl.com>; Mon, 2 Feb 2009 14:50:10 -0800 (PST)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 62BC03A68C0 for <openpgp-archive@ietf.org>; Mon, 2 Feb 2009 14:50:10 -0800 (PST)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n12McACW073943 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Feb 2009 15:38:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n12McAxS073942; Mon, 2 Feb 2009 15:38:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from netscalibur-outbound-smtp03.uk.clara.net (netscalibur-outbound-smtp03.uk.clara.net [213.253.59.84]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n12Mc9FF073936 for <ietf-openpgp@imc.org>; Mon, 2 Feb 2009 15:38:09 -0700 (MST) (envelope-from iang@systemics.com)
Received: from skaro.afraid.org ([212.169.1.61]:37005) by relay03.mail.eu.clara.net (smtp-vh.dircon.co.uk [213.253.3.43]:1325) with esmtp id 1LU7Qd-0006kf-Ay (Exim 4.69) (return-path <iang@systemics.com>); Mon, 02 Feb 2009 22:38:07 +0000
Received: from viento.local (localhost.cthulhu.dircon.co.uk [127.0.0.1]) by skaro.afraid.org (Postfix) with ESMTP id 1049C5D22; Mon, 2 Feb 2009 22:37:59 +0000 (GMT/BST)
Message-ID: <498775C8.6070407@systemics.com>
Date: Mon, 02 Feb 2009 23:38:00 +0100
From: Ian G <iang@systemics.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9.1b3pre) Gecko/20081204 Thunderbird/3.0b1
MIME-Version: 1.0
Cc: IETF OpenPGP Working Group <ietf-openpgp@imc.org>
Subject: Re: how close is OpenPGP tied to SHA1
References: <9ef756150902011724h45de04ecq61a76ceaf8d6c138@mail.gmail.com> <4986539C.5030704@fifthhorseman.net> <9ef756150902020514t6e4200c4i837ccecf298fd0c9@mail.gmail.com> <4987180C.5060300@fifthhorseman.net> <9ef756150902021343h1346214bp6d212ec31a7cad20@mail.gmail.com>
In-Reply-To: <9ef756150902021343h1346214bp6d212ec31a7cad20@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
On 2/2/09 22:43, Peter Thomas wrote: > On Mon, Feb 2, 2009 at 4:58 PM, Daniel Kahn Gillmor > <dkg@fifthhorseman.net> wrote: >> I think the answer is not to pick a "new, better" hash function for a >> revised spec, but to make the spec flexible enough to actually use >> whatever "new, better" hash function comes along (and to be able to >> deprecate the ones implementors/users feel are untrustworthy). > > Of course :-) <cough -:> There are two poles of thought. Pole One is "agility" which involves being able to switch between different algorithms within packets and protocols. So if an algorithm goes belly up, the market migrates by switching over that algorithm. Pole Two is "the one true cipher suite." PGP 2 and so forth. The notion here is that you design it well, you design it balanced, and you plan on it lasting at least 10 years. If not 20 or 30. Then, you throw the whole lot out in 10 years. Whether you gravitate around Pole One or Pole Two depends on a whole host of factors: economics, business, distributions, compatibility, structure of players, law & barriers, engineers & polemicists, cryptoreligion, etc. For my money, Pole Two delivers much more bang for buck. There has never been in modern history a complete collapse of a well-designed suite. But there have been huge, monstrous, embarrassing efforts spent and lost in maintaining "agile" suites; if the OSS's sabotage manual were updated today, it would almost certainly include a section suggesting much attention paid to perfect agility. </ahem> iang
- how close is OpenPGP tied to SHA1 Peter Thomas
- Re: how close is OpenPGP tied to SHA1 Daniel Kahn Gillmor
- Re: how close is OpenPGP tied to SHA1 John Clizbe
- Re: how close is OpenPGP tied to SHA1 Peter Thomas
- Re: how close is OpenPGP tied to SHA1 Daniel Kahn Gillmor
- Re: how close is OpenPGP tied to SHA1 Jon Callas
- Re: how close is OpenPGP tied to SHA1 Peter Thomas
- Re: how close is OpenPGP tied to SHA1 Daniel Kahn Gillmor
- Re: how close is OpenPGP tied to SHA1 Peter Thomas
- Re: how close is OpenPGP tied to SHA1 John Clizbe
- Re: how close is OpenPGP tied to SHA1 Ian G
- Re: how close is OpenPGP tied to SHA1 Ian G
- Re: how close is OpenPGP tied to SHA1 David Crick
- Re: how close is OpenPGP tied to SHA1 Peter Thomas
- Re: how close is OpenPGP tied to SHA1 vedaal