[Top] [All Lists]

Re: ASN.1 OID for TIGER/192

2002-09-30 10:31:58

On Mon, Sep 30, 2002 at 01:17:08PM -0400, Derek Atkins wrote:
David Shaw <dshaw(_at_)jabberwocky(_dot_)com> writes:

I'm not for or against using TIGER in OpenPGP, but my feeling is that
if we are going to include TIGER, then we should do it intentionally,
with all due care taken.

At some level, too many ciphers can spoil the security-system...  Not
that I'm saying TIGER is insecure, but at some level you need to limit
the posibilities for real-world interoperation.

Also note that reserving a number for TIGER but _not_ putting it into
the standard is different than actually calling TIGER a required cipher.

I have no problem with assigning a number for TIGER (or rather,
continuing to use the existing one) and not making it a required
algorithm.  In fact, I think it should be a completely optional part
of the standard.  However, if TIGER is present in the standard at all
as a possibility, it still impacts to a degree even those
implementations that don't implement it.

So to clarify: I'm not for or against including TIGER as an optional
part of the standard, but if it is included, it would be nice to have
some thought first.  Of course, TIGER is *already* an optional part of
the standard, but since it was lacking an OID until recently, the
question of it actually being used was somewhat moot.


   David Shaw  |  dshaw(_at_)jabberwocky(_dot_)com  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

<Prev in Thread] Current Thread [Next in Thread>