[Top] [All Lists]

Re: Next Steps (was Re: RFC 4880 on OpenPGP Message Format)

2007-11-06 08:42:28

Daniel A. Nagy wrote:

I don't think it is dangerous if done properly, but it definitely does not
fit into CFB cipher condext mode (which, by the way, is another thing that
is worth considering for retirement).

<broken record>

Yes please!


Actually, I am leaning toward introducing a general stream cipher mode of
which block ciphers operated in CTR mode are a special case. CTR has much
nicer theoretical properties than CFB in the sense that security assumptions
for block ciphers imply certain security properties for the stream cipher.

OpenPGP has these built in application notions that inform it on what is "in" and what is "out" ... which are basically historical and probably due to be updated. E.g., ascii armouring is "in" and s/mime is "out".

For all those (historical) reasons it probably makes sense to sit down around a round table and craft a future architecture of what is "base" and what is "extension". I'd see stream modes as being "extensions".

(leaving the question of whether the base includes even a block cipher mode to the round table ;)

So I suppose I'm heading over to one of these "big questions":

supposing that we do proceed to do a next generation, are we planning on a "big" change over a 10 year cycle, or are we planning on a "small" change with only modest fix-ups?

(I'm hoping here that we don't up with a "small" change taking 10 years .....)


<Prev in Thread] Current Thread [Next in Thread>