[Top] [All Lists]

Re: Next Steps

2007-11-07 08:05:35

Werner Koch wrote:
On Tue,  6 Nov 2007 16:18, iang(_at_)systemics(_dot_)com said:

supposing that we do proceed to do a next generation, are we planning
on a "big" change over a 10 year cycle, or are we planning on a
"small" change with only modest fix-ups?

We should sync us with the NIST hash competition so that a new version
would be due not before 4 years from now.

Although SHA-3 will be a drop-in replacement for SHA-2, my understanding
is that there will be suggestions on new usage modes like randomization
of hashing.  That requires substantial changes to OpenPGP.

Yes, this is where I was heading with my question on big cycle versus small. When OpenPGP started as a working group, we knew X as a community about crypto. That X was some large delta away from what PRZ and his large team of helpers know 5-10 years earlier. Call their knowledge V.

Now, 10 years later again, we know X plus another big delta, call it Y. The whole issue of HMACs is post-OpenPGP's inception, and block encryption algorithm design process has been radicalised by the AES competition. Fixing the message digest "weakness" actually has more ramifications than just changing the current one. Threat models and security models are now informed by actual heavy experience.

Etc etc. I wonder if the answer is that we should bite the bullet and say: let's plan on another 10 year cycle. That is, let's spend an entire year just discussing what the next generation OpenPGP should look like.

Alternatively, we might fall in the trap of trying to squeeze too many short term fixes in and still take a decade.