On Thu, 21 Aug 2014 00:24, coruus(_at_)gmail(_dot_)com said:
See infra. You should list EdDSA parameters that need to be encoded
into the OID.
Not required. That is specified in the Ed25519 paper.
This is confusing. EdDSA is defined to operate on messages of
arbitrary length; hashing the message is part of the EdDSA algorithm.
Right but that can't be used in OpenPGP. Recall that there is a
preference system which goes along with encrypted messages and that we
have specific requirements of what needs to be hashed. Messing up the
well established OpenPGP layered structure won't do any good.
Further, to implement EdDSA on a smartcard it is required that the card
does the hashing. Now imagine what happens if you try to sign a 100 MB
message: You can go out for lunch and come back to realize that it will
take another hour to finish.
Ed25519-SHA2-512 is widely implemented. No other hash functions
currently specified for use with OpenPGP provide long enough output to
be used with Curve25519.
We are talking about the EdDSA algorithm which required the Edwards form
of Curve25519. The internal use of a 64 byte digest is required by the
way EdDSA works. Using a SHA-256 hash as data to be signed matches this
nicely but if you don't like it you may sign any other hash.
http://ed25519.cr.yp.to/ed25519-20110926.pdf
Web pages are not suitable as a normative reference.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp