ietf-openpgp
[Top] [All Lists]

Re: ECC in OpenPGP proposal

2008-03-04 10:11:46

 > Yes, there are security ramifications.  Are we really
 >  implementing Suite B if the application can leak info by
 >  sending out emails encrypted in Suite B (strong) and in 3DES
 >  to some 512 RSA key (not so strong)?


Going forward we need to re-establish what is considered
 minimally secure.

I should have also have added that in our OpenPGP-ECC doc
we are pointing out equivalent strengths and further stating
that for Suite B compliance there are further restrictions.

I can see quite easily a PGP option checkbox or Gnupg flag
that says --strict-SuiteB-ECC.  This could *refuse* to encrypt
to multiple keys using a smaller cipher.

We have the same situation today.  There's no point me
changing my GnuPG source to allow me to generate a 7K
RSA encryption key, because unless all my correspondents
*also* use the same/equivalent/stronger lengths, then the
session key is at the mercy of the smallest public key size.

<Prev in Thread] Current Thread [Next in Thread>