ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: AES/SHA1/Must/Should

2005-04-16 02:36:03
from [Ian G] [Permanent Link] 

David Shaw wrote:

On Fri, Apr 15, 2005 at 10:34:02PM +0100, Ian G wrote:


How about:

   At least one MUST-implement algorithm SHOULD be in the
   list.

   Older implementations may deliver an empty list, and may
   imply TripleDES at the end of the list.  This behaviour
   is deprecated.



I think this is overcomplicated.  There is no way to phrase this that
is safe for old implementations - if a new implementation uses AES
instead of 3DES, older implementations lose.



Exactly, this is the problem with having both a list
of algorithms and also implicit defaults.  One should
have one or the other, IMHO, not both, unless one is
seeking revenge on coders for unimaginable crimes long
past.


Here is what I propose.  It doesn't really matter right now whether
AES becomes the default in a v5 key format or by a future revision to
v4.  Either way, this change is safe:

1) In section 9.2, change AES from a SHOULD to a MUST.

2) In section 12.1, change

this:
   Since TripleDES is the MUST-implement algorithm, if it is not
   explicitly in the list, it is tacitly at the end.

to this:
   TripleDES is the current default OpenPGP algorithm, so if it is not
   explicitly in the list, it is tacitly at the end.



Right, so TripleDES remains a default, but the
status of default is delinked from the MUST status.

AES becomes a MUST, but is not a default.


and this:
   Note that the MUST-implement algorithm, TripleDES, ensures
   that the intersection is not null.

to this:
   Note that the current default algorithm, TripleDES, ensures that the
   intersection is not null.



Looks good.

The only question I would have is whether (in v4) we
would continue to assume the presence of a default
algorithm.  If we are agreed that defaults are a
bad thing, then some warning should be put in there
to suggest all new keys should include their full
list.  Alternatively, I suggest we bite the bullet
and state that TripleDES is the default and that
will never change (in v4).



or other text amounting to the same thing.  The reason for this change
is that the current text refers to TripleDES as the only
MUST-implement algorithm.  If we add AES as another MUST, this text is
no longer correct.

End result is to leave 3DES as the default, and make AES a MUST.  In n
years, we'll either have v5 keys or can just redefine v4.  Either way,
we've laid the groundwork.



OK, so your view would be "in v4, TripleDES is a
default and a MUST and that should not change."

Fair enough.

iang
--
News and views on what matters in finance+crypto:
        http://financialcryptography.com/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: AES/SHA1/Must/Should, David Shaw
Next by Date:  Re: AES/SHA1/Must/Should, David Shaw
Previous by Thread:  Re: AES/SHA1/Must/Should, David Shaw
Next by Thread:  Re: AES/SHA1/Must/Should, David Shaw
Indexes:  [Date] [Thread] [Top] [All Lists]