ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Modernizing the OpenPGP Format draft

2015-11-02 17:30:37
from [Bryan Ford] [Permanent Link] 
Thanks Ian for the great feedback.

Indeed, I think in all the places the draft says ‘identity protection’ it 
should say ‘integrity protection’, sorry about the confusion.  That was just me 
mixing up i-words as I was deliriously hammering out text half an hour before 
the I-D submission deadline. ;)


On Nov 3, 2015, at 7:05 AM, ianG <iang(_at_)iang(_dot_)org> wrote:
nonce as 0 for non-reuse - disagree.  I would strongly prefer the nonce to 
always be there and always be randomly generated by requirement, because we 
can't trust the rest of the software.  Multiple, redundant protections are 
great when they are free.  Which they are in this case.  Nonce to be always 
present, big and random, and the secret key should not be re-used.


That’s completely reasonable, and I’d be fine with that in the interest of 
caution and bug-resilience.


It covers two topics, the first being the AEAD evolution, the second
being a somewhat more ambitious idea to provide better metadata
protection and anonymization properties at the "outer-wrapper" level;
see the draft for (some more, still sketchy) details.



2.3 also good, I'm very keen on that. The "bucket expansion" scheme is likely 
to signal which tool was used, unless we can convince other packages to do 
that (pretty unlikely).


Great.  My hope is that if we were to specify the padding/bucket-expansion 
mechanism in a separate document in an application-neutral way and with the 
relevant theory spelled out, we might eventually be able to convince other 
applications to use or migrate to such a scheme too.  But that would be a 
long-term goal, and whether or not it happens it would have to start somewhere, 
and to me OpenPGP seems like a reasonable place for it to start. ;)

By the way, I have a draft-of-a-draft of a document with more details on the 
metadata protection and padding schemes I have in mind; it obviously didn’t 
make the I-D deadline and still has major holes but I’m happy to share it 
informally with anyone interested.

Cheers
Bryan

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] [Cfrg] streamable AEAD construct for stored data?, Peter Todd
Next by Date:  Re: [openpgp] Modernizing the OpenPGP Format draft, ianG
Previous by Thread:  Re: [openpgp] Modernizing the OpenPGP Format draft, ianG
Next by Thread:  Re: [openpgp] Modernizing the OpenPGP Format draft, ianG
Indexes:  [Date] [Thread] [Top] [All Lists]