On 24/03/2015 07:47 am, Werner Koch wrote:
On Tue, 24 Mar 2015 02:48, iang(_at_)iang(_dot_)org said:
- The use of SHA-1 needs to be replaced.
SHA3.
That was the original plan. However it turned out that the still not
finalized SHA-3 is meanwhile considered a fallback option in case of new
developments. SHA-2 has wide support and is already in wide use. We
only need a new fingerprint style and use that for some designated
revokers etc.
SHA3 because it has sponge, it can do MACs, it can do stream ciphers, it
can do authenticated stream ciphers, it can brew the morning tea if you
plug it in the right way.
(Yeah, I know NIST said it's in fallback mode, but when the thing
actually comes out, I think it will be a game changer. Sponge changes
everything.)
- A new encryption mode to replace our aging CFB+SHA1 method with a
fast and standard mode.
Wait for CAESAR, 2017. It'll take that long anyway.
I am more thinking of OCB; there is a free patent grant for all relevant
parties and the patent will anyway expire by the time a new encryption
format will get in widespread use.
See, this is where the cryptographers and the cryptoplumbers have sort
of moved on. Instead of us arguing about what mode to use, we've thrown
it back over the wall, and shouted out to them lot on the other side
(cryptographers) stop with the silly modes! Give us one stream cipher
that does *the lot* and let us get back to real coding...
That's CAESAR. It will replace all the modes, all the algs, all the
everything in the entire symmetric space. And make your tea ;) Hence I
think waiting until it comes out and picking up its good work is worthwhile.
(and, ps; Keccak has been submitted, it'll make your tea and your coffee
too!)
4880 took a decade. Too long, the OODA loop was bigger than the
Nope. 4880 is a minor update of 2440 which barely took a year to be
released with code ready 6 months earlier. The major new features in
4880 have been enabled since fall 2000 (MDC packets)
How can we get the WG out of the concluded state?
As long as they don't turn off the list, do we care? ;-)
May I read this and your other remarks that you see no more value in the
IETF process?
I'm an acknowledged skeptic of the IETF process... maybe need to send
that memo out again?
Here's my big criticism of the IETF process: like all processes it
eventually ends up becoming a place for people to create silos of
knowledge and careers, and eventually divorces itself from what's
happening out there in the real world. But it holds the keys to some
powerful Internet protocol components, and while it's not bringing in
the new, outside knowledge, the IETF WG becomes the blockage, the inner
sanctum, the guilds that the IETF swore to bring down.
So what do we do? Leave? Stay? Fight?
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp