ietf-openpgp
[Top] [All Lists]

Final comments on draft-ietf-openpgp-2440bis

2006-09-28 19:13:36



Hi.

Previously I had passed along two comments on the openpgp spec to the chair:

* Concerns about the MDC

* A desire for an IANA section.

I'm evaluating the response to my concerns about the MDC.  It's
definitely true that I did not think through the use of the MDC in
detail, although even after doing so, I'm still uncomfortable.
I'm trying to talk to other security experts and get a second opinion; expect 
to hear back from me on this issue within a few days.

I'm working the IANA issue with the chair.

I have two minor comments about the security considerations section;
these comments will round out my review of the spec.

1) random oracle is used instead of oracle every time the word oracle
    is used.  An oracle is a construct with special computational
    ability (access to a key, access to extra storage, ability to
    perform long-running operations in one time step) that is useful
    in analysis of computability, complexity or security
    constructions.  A random oracle is an oracle that has a random
    function in it and exposes this function.

2) RFC 1750 is obseleted.  Please update to  4086.



thanks much,

--Sam

<Prev in Thread] Current Thread [Next in Thread>
  • Final comments on draft-ietf-openpgp-2440bis, Sam Hartman <=