On Thu, 18 Jul 2013 22:04, openpgp(_at_)brainhub(_dot_)org said:
1. Add ID 20 that is ECDH+ECDSA. It will be defined identically to ID
18 (ECDH), but will also be allowed to perform the
signature/verification functionality of ID 19 (ECDSA).
You can't use 20 because it was used for Elgamal in rfc2440. A new one
needs to be allocated. 22 would be the next.
I assume that it will be common (or at least possible) to issue
end-user X.509 certificates for SMIME that are
signing+encryption. Thus, even though current PKI CA certificates can
be mapped to ID 19 based on keyUsage flags, we cannot do this in all
Frankly I can't see why this is an advantage. X.509 and OpenPGP are
enitirely different and having the same algorthm numbers does not matter
at all.
I see #1 as the only perfect solution for the problem. Does anybody
have any other thought about how to proceed?
The IETF consonsus method shall be used for new algorithms. Thus you
need to write an I-D. IIRC, you are already working on a compressed ECC
key specification. What about using the new algorithm for this - or at
least to use that I-D for adding a new algorithm number?
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp