ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] How to re-launch the OpenPGP WG

2015-03-23 20:48:44
from [ianG] [Permanent Link] 
Late comments!


On 12/03/2015 12:31 pm, Werner Koch wrote:

Hi,

Since some time the OpenPGP protocol is again en vogue and the tendency
to prefer S/MIME over OpenPGP is not as strong as it seems to have been
once.  Case in point, the DANE WG has a last call for an OpenPGP DNS
record type.  This is obviously related to OpenPGP and should have been
discussed here as well (actually we did briefly in Summer 2013).

There are several tasks the WG should do:

  - New signature subpackets.  For example one to specify a fingerprint
    and not just the keyid.

  - Take care of individual I-Ds.

  - The use of SHA-1 needs to be replaced.


SHA3.


  - A v5 key format.  Prepare for forthcoming public key algorithms.



Completely.


  - A new encryption mode to replace our aging CFB+SHA1 method with a
    fast and standard mode.



Wait for CAESAR, 2017.  It'll take that long anyway.



  - Maybe extend it to key distribution.

Is there any interest in this?
I'm theoretically interested. But I think it is time to try another paradigm.
4880 took a decade. Too long, the OODA loop was bigger than the evolving knowledge, the work-by-committee approach was broken. Many of us died, emotionally. 

I'd say:
* designate key persons to design the elements. Stick with what they choose. Argue it a bit, but if we can't shift them, then go with it. 

  * Less.  Algs, hashes, formats, protocols, bit saving, etc.
* More. We need to look up into the stack of apps and see what is needed. Those apps didn't exist when PGP was designed. We are in a new world now. No point in designing for command line.
* Trust <cof> model. It's got to be completely overhauled. Not so much as to change the internals, but to make sure that future uses can be composed with the new design.
* Vendors. Ain't nothing gonna happen unless you get them on side. By them, I mean the big ones.
* project planning. Let's not treat this as a committee, let's set up some coding projects to actually move the game forward. Like, a C team, a Java team, PHP, what else? Mandate: to track the draft, compat, and push for more speed from the designers. 



How can we get the WG out of the concluded state?


As long as they don't turn off the list, do we care? ;-)


Would the Dallas meeting be a starting point for this?
Who would volunteer as Chair?



Hell's bells, no, can't afford it.



iang

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] How to re-launch the OpenPGP WG, ianG
Next by Date:  Re: [openpgp] New encryption formats for messaging, Christoph Anton Mitterer
Previous by Thread:  Re: [openpgp] How to re-launch the OpenPGP WG, ianG
Next by Thread:  Re: [openpgp] How to re-launch the OpenPGP WG, Christoph Anton Mitterer
Indexes:  [Date] [Thread] [Top] [All Lists]