Re: [openpgp] Hybrid proposal for algorithm identifiers
ianG <iang@iang.org> Tue, 24 March 2015 23:17 UTC
Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B24B91A1A52 for <openpgp@ietfa.amsl.com>; Tue, 24 Mar 2015 16:17:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZS2O7FwE-Iic for <openpgp@ietfa.amsl.com>; Tue, 24 Mar 2015 16:17:45 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 409531A000B for <openpgp@ietf.org>; Tue, 24 Mar 2015 16:17:45 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 975FD6D85A; Tue, 24 Mar 2015 19:17:43 -0400 (EDT)
Message-ID: <5511F096.7000404@iang.org>
Date: Tue, 24 Mar 2015 23:17:42 +0000
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <644FDE72-CB1A-4EBE-9309-B429860A360D@gmail.com>
In-Reply-To: <644FDE72-CB1A-4EBE-9309-B429860A360D@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/v5zxZqakRgv08NluRb07-Gn30oY>
Subject: Re: [openpgp] Hybrid proposal for algorithm identifiers
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2015 23:17:46 -0000
On 24/03/2015 16:46 pm, Phillip Hallam-Baker wrote: > > * Maintaining algorithm registries takes time and effort > * Modern best practice for algorithms rejects the idea that more algorithms is 'better'. > * The security of the system is determined by the weakest algorithm an attacker can persuade you to use, > * One Mandatory to implement plus a reserve is generally emerging as best I would say One+One is emerging as a centrist compromise. On the left, there are the pluralists, and on the right, there are OneTrueBelievers. Personally, I think the numbers are balanced between the right and the center, with the left (many) now a clear minority party. Or at least, that's what a straw poll showed about 6 months back. > * Support for vanity crypto is an unfortunate necessity. That ... is an argument I'd love to see fleshed out. > * ASN.1 OIDs are kind of obnoxious > * Suites don't work > * Most OpenPGP folk would like to use short identifiers > > For many years I have wanted a way to move discussion of vanity crypto out of the IETF, etc. If we touch a spec, the vendor can pretend that we endorse it. > > So what I propose is a two level scheme: > > Mandatory and Recommended algorithms are registered in a short identifier registry. > > For everything else there is a reserved 'escape code' that states the algorithm is specified by OID. > > > OIDs do get a little large sometimes. But they do have the advantage that nobody can claim that they have IETF endorsement. That is not true of any scheme we could devise ourselves. > > This approach means that there is a real difference between being one of the supported algorithms and the recommended algorithm. Assuming your premises, this is a good proposal. iang
- [openpgp] Hybrid proposal for algorithm identifie… Phillip Hallam-Baker
- Re: [openpgp] Hybrid proposal for algorithm ident… ianG
- Re: [openpgp] Hybrid proposal for algorithm ident… Christoph Anton Mitterer
- Re: [openpgp] Hybrid proposal for algorithm ident… ianG
- Re: [openpgp] Hybrid proposal for algorithm ident… Phill