Hi.
Previously I had passed along two comments on the openpgp spec to the chair:
* Concerns about the MDC
* A desire for an IANA section.
I'm evaluating the response to my concerns about the MDC. It's
definitely true that I did not think through the use of the MDC in
detail, although even after doing so, I'm still uncomfortable.
I'm trying to talk to other security experts and get a second opinion; expect
to hear back from me on this issue within a few days.
I'm working the IANA issue with the chair.
I have two minor comments about the security considerations section;
these comments will round out my review of the spec.
1) random oracle is used instead of oracle every time the word oracle
is used. An oracle is a construct with special computational
ability (access to a key, access to extra storage, ability to
perform long-running operations in one time step) that is useful
in analysis of computability, complexity or security
constructions. A random oracle is an oracle that has a random
function in it and exposes this function.
2) RFC 1750 is obseleted. Please update to 4086.
thanks much,
--Sam