IETF Logo Mail Archive

Re: [Sam Hartman] Openpgp comments

David Shaw <dshaw@jabberwocky.com> Tue, 19 September 2006 15:06 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GPhBW-0002Zh-VP for openpgp-archive@lists.ietf.org; Tue, 19 Sep 2006 11:06:54 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GPhBV-0006gh-JY for openpgp-archive@lists.ietf.org; Tue, 19 Sep 2006 11:06:54 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8JEekN8070242; Tue, 19 Sep 2006 07:40:46 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k8JEekEg070241; Tue, 19 Sep 2006 07:40:46 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k8JEejqv070235 for <ietf-openpgp@imc.org>; Tue, 19 Sep 2006 07:40:46 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k8JEeix25947 for <ietf-openpgp@imc.org>; Tue, 19 Sep 2006 10:40:44 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.7/8.13.7) with ESMTP id k8JEeeiX022587 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Tue, 19 Sep 2006 10:40:41 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k8JEecJn032422 for <ietf-openpgp@imc.org>; Tue, 19 Sep 2006 10:40:38 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k8JEecw4032421 for ietf-openpgp@imc.org; Tue, 19 Sep 2006 10:40:38 -0400
Date: Tue, 19 Sep 2006 10:40:37 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: [Sam Hartman] Openpgp comments
Message-ID: <20060919144037.GD30748@jabberwocky.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <sjmd59txlnv.fsf@cliodev.pgp.com> <1CF1EBF5-1C5A-4ACE-A489-10ED8D9BD31C@callas.org> <20060919121914.GC30748@jabberwocky.com> <871wq89e1h.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <871wq89e1h.fsf@wheatstone.g10code.de>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.12 (2006-08-05)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 1.8 (+)
X-Scan-Signature: 93238566e09e6e262849b4f805833007

On Tue, Sep 19, 2006 at 03:33:30PM +0200, Werner Koch wrote:

> The more interesting question is what we are going to do about the
> SHA-1 requirement for a fingerprint and things like designated
> revokers - this is a more troublesome use of SHA-1. Oh, sorry, I was
> just thinking loudly.

This is exactly my point.  If we reopen the SHA-1 issue for the MDC,
what stops someone from wanting a change in fingerprints or the secret
key protection format, or the "hash of last resort" or any of the
other hardcoded uses of SHA-1 in the standard?

The request to remove SHA-1 from the MDC seems to be just a
misunderstanding.  It's worth an email to try and resolve the
misunderstanding before we get into design, much less code, changes.

A simple email to resolve a misunderstanding seems like the easiest
"fix" here.  If that doesn't work, or it turns out not to be a
misunderstanding, then we can go on and do the design changes, no harm
done.

David

v2.23.0 | Report a Bug | By Email