Thanks Ian for the great feedback.
Indeed, I think in all the places the draft says ‘identity protection’ it
should say ‘integrity protection’, sorry about the confusion. That was just me
mixing up i-words as I was deliriously hammering out text half an hour before
the I-D submission deadline. ;)
On Nov 3, 2015, at 7:05 AM, ianG <iang(_at_)iang(_dot_)org> wrote:
nonce as 0 for non-reuse - disagree. I would strongly prefer the nonce to
always be there and always be randomly generated by requirement, because we
can't trust the rest of the software. Multiple, redundant protections are
great when they are free. Which they are in this case. Nonce to be always
present, big and random, and the secret key should not be re-used.
That’s completely reasonable, and I’d be fine with that in the interest of
caution and bug-resilience.
It covers two topics, the first being the AEAD evolution, the second
being a somewhat more ambitious idea to provide better metadata
protection and anonymization properties at the "outer-wrapper" level;
see the draft for (some more, still sketchy) details.
2.3 also good, I'm very keen on that. The "bucket expansion" scheme is likely
to signal which tool was used, unless we can convince other packages to do
that (pretty unlikely).
Great. My hope is that if we were to specify the padding/bucket-expansion
mechanism in a separate document in an application-neutral way and with the
relevant theory spelled out, we might eventually be able to convince other
applications to use or migrate to such a scheme too. But that would be a
long-term goal, and whether or not it happens it would have to start somewhere,
and to me OpenPGP seems like a reasonable place for it to start. ;)
By the way, I have a draft-of-a-draft of a document with more details on the
metadata protection and padding schemes I have in mind; it obviously didn’t
make the I-D deadline and still has major holes but I’m happy to share it
informally with anyone interested.
Cheers
Bryan
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp