[Top] [All Lists]

Re: Simplified OpenPGP

2007-11-08 10:19:10

Jon Callas wrote:
Hash: SHA1

On Nov 7, 2007, at 11:38 PM, Werner Koch wrote:

On Wed,  7 Nov 2007 20:20, jon(_at_)callas(_dot_)org said:

Here are some things I might put in a profile:
I agree with all of that except for:

* Use only RSA 4096 bit public keys
it is not a real problem for a modern desktop box but for small or
embedded devices it is not going to work. There are also no smartycards
in the foreseeable future that will support such a key length.  Before
settling on this we should investigate ECC based algorithms.

Then pick a different size. I picked 4096 because it's big and apt to stay viable for the forseeable future. NIST's numbers say that 3072 is equivalent to a 128-bit key. On the other hand, I know there's still a lot of smartcards and the like that are stuck at 2048. I wouldn't go below 2048.

Again, violent agreement.

I would say that the core OpenPGP thrust should be to create the profile for the biggest 800lb gorrilla market, which is the Intel-based PC. It's been the big platform for the last 25 years, and will be for the foreseeable future. Which has plenty of power to spare.

So picking RSA and 4096 sounds good as a pencilled-in number for now. SHA-3 when it turns up. AES-256. Some new mode that is to be chosen in future violent & agreeable debate.

Then, for the mobile guys, let them form a subgroup to create the "mobile profile." It will be completely different, and "weak" by the standards of the main group. No problem, different model.

I am a great believer in one entire suite of algorithms melded together as a cohesive whole. No agility within. So I think the way forward is to pick a spot in the future, and create a great combination for then.

And then stick to it.  I say more on my singular view here:

which reflects the good old days of pgp 2 :)


<Prev in Thread] Current Thread [Next in Thread>