ietf-openpgp
[Top] [All Lists]

Re: Mandatory Algorithm Changes?

2005-02-08 13:23:36

--On 8-2-2005 9:42 -0800 Jon Callas <jon(_at_)callas(_dot_)org> wrote:

I almost cringe to suggest this, but I will.

Triple-DES is pretty much obsolete. Yesterday, I saw that NIST announced
they're moving to stronger hashes.

Does anyone object to changing the MUST cipher to AES (I'd pick 128) and
MUST hash to SHA-256?

Regarding SHA-256: would that mean switching to SHA-256 for key fingerprints as well? (shouldn't v5 keys be introduced then?) And use SHA-256 for MDC packets?

Or is it just adding a MUST implement, so applications can use SHA-256 for document signatures with RSA keys only? (as DSA forces one to use SHA-1 anyway)

IMHO, the first is what should be done at some point, but that's a really big change: all implementations out there need to be upgraded. Wouldn't that conflict with getting the current draft on standards track?

I do not see the point of the second option: as long as keys are only protected by a 160 bit figerprint, there is not much point protecting document signatures with longer hashes. It may be harder to generate a collision resulting in a valid key, then it is to generate a collision resulting in just some other random document, but I do not think it is wise to count on such an assumption.

--
Edwin