IETF Logo Mail Archive

Re: V5 key packet format requirements

Ben Laurie <ben@algroup.co.uk> Fri, 03 February 2006 12:09 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4zkn-0003Xn-3H for openpgp-archive@megatron.ietf.org; Fri, 03 Feb 2006 07:09:29 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA21338 for <openpgp-archive@lists.ietf.org>; Fri, 3 Feb 2006 07:07:31 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k13BrRYs019921; Fri, 3 Feb 2006 03:53:27 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k13BrRNk019920; Fri, 3 Feb 2006 03:53:27 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k13BrQ8R019914 for <ietf-openpgp@imc.org>; Fri, 3 Feb 2006 03:53:27 -0800 (PST) (envelope-from ben@algroup.co.uk)
Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id D467733C1C; Fri, 3 Feb 2006 11:53:25 +0000 (GMT)
Message-ID: <43E3443D.90609@algroup.co.uk>
Date: Fri, 03 Feb 2006 11:53:33 +0000
From: Ben Laurie <ben@algroup.co.uk>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: "Daniel A. Nagy" <nagydani@epointsystem.org>
CC: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: V5 key packet format requirements
References: <20060202160713.GB18144@epointsystem.org>
In-Reply-To: <20060202160713.GB18144@epointsystem.org>
X-Enigmail-Version: 0.93.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

Daniel A. Nagy wrote:
> I know that this has been discussed earlier, but I think it is important to
> weed out and summarize the requirements for the upcoming V5 key packet format.
> 
> Public key packet format
> 
> 1. Exclude creation date from fingerprint and key ID hash computation (and
> maybe from the key packet, too -- it belongs to the self-signature). This
> would mean that the key fingerprint and ID depend only on the actual key
> (key material + algorithm).

This could be confusing - documents that were signed with a key
specified like this could retroactively find themselves predating the key.

> Private key packet format
> 
> 1. Change wording of standard to indicate that this is intended to be merely
> an export-import format. Implementations can obtain private keys any way
> they see fit.

Also, from memory, private keys include stuff that can be calculated (or
is it that they don't include stuff that's useful to have
precalculated?). In any case, it would be good to know what's optional.

> 2. Scrap encrypted private keys. We already have a symmetrically encrypted
> container format with sufficient integrity protection, so there is no reason
> to maintain another one. Just put the unencrypted private key packet into
> that container, if you need encryption. This will reduce the number of things
> to worry about and make the security of OpenPGP easier to assess and
> maintain.

Yes, please!

> 3. Support for multiprime RSA keys (as in PKCS#1 v2.1).

Aren't they patented?

> 4. Support for exporting and importing subkeys.
> 
> I think, the above are all legitimate needs that should be addressed in the
> new packet format. I cannot think of more.

Support for PFS.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

v2.23.0 | Report a Bug | By Email