V5 key packet format requirements
nagydani@epointsystem.org (Daniel A. Nagy) Thu, 02 February 2006 16:20 UTC
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4hC6-0006aZ-RL for openpgp-archive@megatron.ietf.org; Thu, 02 Feb 2006 11:20:26 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA16980 for <openpgp-archive@lists.ietf.org>; Thu, 2 Feb 2006 11:18:42 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k12G7FLe057757; Thu, 2 Feb 2006 08:07:15 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k12G7FwF057756; Thu, 2 Feb 2006 08:07:15 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k12G7E23057748 for <ietf-openpgp@imc.org>; Thu, 2 Feb 2006 08:07:15 -0800 (PST) (envelope-from nagydani@epointsystem.org)
Received: by mail.epointsystem.org (Postfix, from userid 1001) id D8D872B45D2; Thu, 2 Feb 2006 17:07:13 +0100 (CET)
Date: Thu, 02 Feb 2006 17:07:13 +0100
To: OpenPGP <ietf-openpgp@imc.org>
Subject: V5 key packet format requirements
Message-ID: <20060202160713.GB18144@epointsystem.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
From: nagydani@epointsystem.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
I know that this has been discussed earlier, but I think it is important to weed out and summarize the requirements for the upcoming V5 key packet format. Public key packet format 1. Exclude creation date from fingerprint and key ID hash computation (and maybe from the key packet, too -- it belongs to the self-signature). This would mean that the key fingerprint and ID depend only on the actual key (key material + algorithm). Private key packet format 1. Change wording of standard to indicate that this is intended to be merely an export-import format. Implementations can obtain private keys any way they see fit. 2. Scrap encrypted private keys. We already have a symmetrically encrypted container format with sufficient integrity protection, so there is no reason to maintain another one. Just put the unencrypted private key packet into that container, if you need encryption. This will reduce the number of things to worry about and make the security of OpenPGP easier to assess and maintain. 3. Support for multiprime RSA keys (as in PKCS#1 v2.1). 4. Support for exporting and importing subkeys. I think, the above are all legitimate needs that should be addressed in the new packet format. I cannot think of more. Comments? -- Daniel
- V5 key packet format requirements Daniel A. Nagy
- Re: V5 key packet format requirements Ben Laurie
- Re: V5 key packet format requirements Ben Laurie
- Re: V5 key packet format requirements Edwin Woudt
- Re: V5 key packet format requirements Daniel A. Nagy
- Re: V5 key packet format requirements Edwin Woudt
- Re: V5 key packet format requirements Ian G
- Re: V5 key packet format requirements Daniel A. Nagy
- Re: V5 key packet format requirements Adam Back
- Re: V5 key packet format requirements Konrad Rosenbaum
- Re: V5 key packet format requirements Daniel A. Nagy
- Re: V5 key packet format requirements Jon Callas