"David Crick" <dacrick(_at_)gmail(_dot_)com> writes:
This is one reason why I believe in options. If someone wants to do
SuiteB ECC but with Camellia and Whirlpool, we should not be
restricting that at the standards level.
there is no such thing as "SuiteB ECC but with Camellia and Whirlpool"
Suite B *is*:
384-ecc, sha384, aes256 - cleared for up to TOP SECRET use
256-ecc, sha256, aes128 - cleared for up to SECRET use
with both also being suitable for non-classified (sensitive) use.
What you *could* have is "_OpenPGP ECC_ with Camellia and
Whirlpool _at equivelent strength to the SuiteB cipher suites_"
I think the point is that at the protocol level there doesn't need to
be a major difference. At the APPLICATION you can say "we support
suite B" and when you create keys you say "sha384/aes256" with an
ECC-384 key and "sha256/aes128" with an ECC-256 key... But someone
else could say "camellia/whirlpool" with an ECC-384 key.
In other words the OpenPGP protocol (and packet formats) should remain
agnostic about the semantics of the ciphersuites being allowed or
proposed in the notation on a key.
Derek Atkins 617-623-3745
Computer and Internet Security Consultant