-----BEGIN PGP SIGNED MESSAGE-----
In <97Sep16(_dot_)173437edt(_dot_)32257(_at_)brickwall(_dot_)ceddec(_dot_)com>,
on 09/16/97
at 04:35 PM, tzeruch(_at_)ceddec(_dot_)com said:
On Tue, 16 Sep 1997, William H. Geiger III wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hi,
I forgot to add an important issue that can be addressed by the
e-mail<=>PGP Key lookup list.
With PGP 5.0's ability to uses multiple encryption/hash algortihms the
need has arose to be able to set the default algortihms to be used by an
application for a given e-mail address. This can be accomplished by adding
an extra field in the lookup list.
Things like:
-- Owner of address is using 2.6.x therfore RSA/MD5 signatures should
only be used.
This is the main thing necessary since it would be theoretically valid to
use RSA/MD5 with new PGP 5.0 specific formats (such as the Hash: in the
armored files and the new CTB and length format).
-- Owner of address is using 5.0 but would prefer that RSA/MD5 be used.
-- Owner of address has 5.0 but would prefer that RSA/SHA1 be used.
... and so on and so forth.
There is already a field in the new signature type packet that indicates
the preferred conventional cipher. My notes don't indicate that there is
any yet defined for preferred PK cipher, but I think I remember seeing a
preferred hash, though it might have been disabled since DSS requires
SHA1, and RSA needs MD5 for backward compatibility.
A final field would be the preferred signature algorithm, RSA, DSS, or
ElGamal if they can get that working securely.
Is there any actual restrictions that DSS *must* use SHA1? It should be
able to use any hash that the user selects. It is my understanding that
the hash algorithim & the encryption algorithm should be independent of
each other (I could be wrong as I have not done an indepth study of that
section of code in 5.0).
Also a user may wish to use various combinations of Public Key, Session
Key, and Hash to be used. I see nothing preventing somone from using RSA
Public Key with CAST session key and a SHA1 hash.
Now use such a non-standard combination there are two seperate issues that
need to be addressed:
- -- Myself as a receiver of data. If I wish to receive data in using the
above combination I need a mechanism to convay that to the users of my
public key. This is best handled with some type of preferance flags in my
public key. These settings should only be "preferances" and the sender
should have the option to override these (see below).
- -- Myself as a sender of data. If I wish to send all my messages out using
the above combination I need some method of telling PGP to use this
combination if possiable (obviously if I only have a DSS/DH key for the
receiver I can't use RSA). This should be both in the form of default
settings in the PGP configuration file and on the command line.
- --
- ---------------------------------------------------------------
William H. Geiger III http://www.amaranth.com/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html
- ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNB76oo9Co1n+aLhhAQG9CAP5ASzbtuukBKAexNfweWGE9K7Tp6lRZcHy
SzGGLRfOwBJ+CYzf0S45cGQsM3p42PRJBA6l5jXg/ZyhaXqT7KCriO9+3gNTAG7D
z0sRiEjJowhAD7bnY1D6F9w7Q3XcQC9SbIyk44uBNGLGE2oDbEN+ZpA1Us0cO1y8
9YCWRIdUKRk=
=CJNm
-----END PGP SIGNATURE-----