ietf-openpgp
[Top] [All Lists]

Re: Proposed Extensions to TLS for OpenPGP

1997-12-28 12:31:32
I see several problems here:
1. While overloading the cipherSuites mechanism is convenient and
backwards compatible, it strikes me as ill-advised. In the limit,
we end up with a large number of cipherSuites that differ only
in the types of certificational material they provide. This
fragments effort. Here you call out an RSA/3DES/RIPEMD mode.
If that's a good idea, wouldn't it be a good idea with X.509
certificates as well?

Algorithm choice is largely orthogonal to certificate format and
should be represented as such. That does seem to be a missing
capability in TLS. We should add it rather than hacking around
it.


2. The Certificate payload design doesn't seem to allow for 
a chain of certificates to be carried. This seems like a bug.

3. Omitting the DistinguishedName field in the CertificateRequest
field seems problematic. I understand PGP doesn't use DNs,
but there should be a way to indicate who might be potential signers
of a given key.

4. In addition, I don't see what the point of prohibiting 
"Export" ciphers with PGP keys is. Obviously, if you're explicitly
calling out cipherSuites, you can simply omit all the export cipher
suites from that list, but frankly, stating that  "Export" algorithms
also may not be used with OpenPGP keys" seems silly. It's not our
place as protocol designers to tell people what they may use.

5. Also, you've failed to call out support for the integrity only
cipherSuites. Is this intentional? 

-Ekr

-- 
[Eric Rescorla                             Terisa Systems, Inc.]
                "Put it in the top slot."