nagydani(_at_)epointsystem(_dot_)org (Daniel A. Nagy) writes:
On Mon, Nov 05, 2007 at 09:33:12AM -0500, Derek Atkins wrote:
The second question is: are there enough people
interested in doing the work (editors, reviewers, implementors) to
warrant remaining open?
Currently, my team is working on implementing a system that aims at some
level of OpenPGP interoperability. Because of platform limitations, full
interoperability with RFC4880 is not practical. In particular, we are
implementing a symmetrically encrypted data packet format where encryption
is done using a stream cipher (namely: ArcFour), yet following the standard
as closely as possible. The reason is that the target platform (low-end mobile
phones) may perform really poorly using a block cipher.
Have you actually tried using a block cipher like AES, or are you
basing this "may perform really poorly" only on guesswork?
Seriously... AES was specifically designed to work well in small
systems like cell phones, have you actually tried it?
I'd also suspect that any Public Key operations would take much more
time, although it sounds like you aren't using that part of the spec
at all.
However, it would be nice if the next version of OpenPGP would be
interoperable with our system even on the encryption level. I shall send the
specifications to this list as soon as they are properly written up.
Go ahead, but we've discussed ArcFour previously and decided it was
too dangerous and didn't fit into the CFB cipher context modes. But
please send in your specs so we can see them and others on the list
can give their opinion.
Regards,
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant