[Top] [All Lists]

Re: implicit IDEA with V3 keys (Re: Silence is Consent Dept.)

1998-06-02 03:53:00

Jon writes:
Adam Back wrote:
   BUT, if you choose to implement RSA and IDEA, then you MUST treat V3
   keys as implicit statement that IDEA is the only cipher supported.

That's a good point. I'll think about a re-wording. But it would be nice to
encourage some 2.X users to revise 2.X to do 3DES, too. There are 2.X
implementations with SHA, so why not 3DES?

I don't think it is a good idea to start another 2.x variant with more
ciphers.  It makes even more problems for backwards compatiblity, then
you won't even know what 2.x means from a capability point of view,
adn you really need a version number upgrade for the packets generated
by such an implementation, and yet there is no gap in the version
numbers reserved for this.

We have to deal with this situation. Imagine that you're using a maximal
(supports everything) OpenPGP implementation, and you're sending a message
a minimal OpenPGP implementation (which is 3DES only) and a 2.6
implementation (which is IDEA only), then there's a conflict.

There is a conflict no matter what: the minimal subset of common
algorithms is the empty set.  What you do to fix this is either as you
suggest if the implementation's architecture allows send separate
messages to resolve the problem; or failing that perhaps minimise the
damage by finding the subset which results in unreadable messages to
the minimum number of recipients.

My wording change is to help some developers who want an exemption there. 

Transfering your statement into the "MAY cope with V3, MUST use IDEA if
chose to do so" would come out something like:

 1) If an implementation which can create IDEA packets is requested to
    send a message to two implementations one which supports IDEA and one
    which doesn't the implementation MAY send two separate messages or
    report failure.

 2) An alternative failure mode would be to send a message with a cipher
    chosen to render the message readable by the maximum number of
    recipients, and report a warning.  (I am doubtful about the value of
    this one, probably simpler just to fail outright).

   Why does the message creator need to be warned?  It seems like a
   perfectly reasonable thing to do to send an IDEA encrypted message to
   someone who can only decrypt IDEA messages.

In the above case, if you send a single message encrypted with IDEA, you're
violating the protocol. I think if we allow this protocol violation, they
oughta at least warn the sender that one of the receivers may not be able
to decrypt the message.

I can't see how this will help: you are either going to render the
message unreadable to the 2.x user, or to the minimal OpenPGP user.
Take your pick.  Unless you like 2) above.

I'll take the revocation reason comments to another message.

print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>