ietf-openpgp
[Top] [All Lists]

Re: ECC in OpenPGP proposal

2008-03-04 14:03:43

On 3/4/08, Ian G <iang(_at_)systemics(_dot_)com> wrote:
Lots of questions!  For me, the confusion is swirling around
 these questions:

 The proposal in question is:

    (a) Suite B
    (b) ECC, and/or
    (c) mobile

the *original* document basically suggested (a), *BUT* with the
unsaid (but since spelled out) point that 3DES is implicitly
*also* allowed *if* we are extending 4880 / interoperating with
4880.

 Is it one of these?  All of them?  Two of them?

was have since shifted to (b), with the (c) bit as the MUST.


 I would argue that (a) sounds good.  When the NSA speaks, I
 listen.

It's the biggest endorsement (particularly after Suite B) that
[a subset of] our OpenPGP algorithms could possibly have.

(normally it is the other way around...)

LOL

 I like
 their Suite B and would copy it exactly, word for word, no
 deviations.

ideally, yes, I'd say this too (extra ideally, I'd just go for
their bigger suite, the SHA384-AES256-ECC384_DH_DSA).

 (b) sounds less good, as this involves much more work (e.g.,
 doing it properly) and would tempt me to say "wait for V5!"
  or "just listen to the NSA, guys."

agree with you on all your points here

 (c) is something that should be done by the mobile guys, as
 Dani pointed out, there are special things that need to be
 considered.

I think it was Dani that said that AES128 was too slow on the
Nokia (and so he was using RC4)?

In any case, I agree that just justifying the smaller algorithms
"*because of* mobiles" isn't in itself necessarily right.
(However, choosing the smaller algorithms "because of
mobiles *and* because they're secure enough generally
*and* because they're a Suite B subset  *is* closer to what
we're saying)


 One-size-fits-all will probably result in nobody being happy.

 iang

How unhappy would *you* (personally; this is also open to
other people!) be with (each stage being possible points of
objection):

1) AES128-SHA256-ECC256 as the MUST (still talking V4 btw)
  2) with 3DES as an implicit MUST for 4880 interoperability
    2a) wording to encourage (SHOULD) matching algo. sizes
    2b) wording to point out additional restrictions for Suite B
      3) Future V5 keys to possibly make further restrictions

<Prev in Thread] Current Thread [Next in Thread>