"David Crick" <dacrick(_at_)gmail(_dot_)com> writes:
What do we loose if we
instead use "this key replaces TrippleDES implicit algorithm with AES-128"
notation? This would be beneficial for RSA keys too.
what if we have:
Alice: {AES256, AES128, AESover3DESflag [, 3DES implicitly]}
Bob: {3DES [, AES128 implicitly]}
Then Bob or his software could legitamately choose 3DES.
whereas:
Alice: ECC-384/521 key with {AES256, SuiteBOnly} and
Alice: ECC-256 key with { [AES128 implicit], SuiteBOnly}
would refuse to encrypt with anything except AES256 and
AES128 respectively.
I think there's a fundamental mismatch between OpenPGP-style key
preferences and Suite B thinking. As a sender, with labeled
information, you can only use approved algorithms. Thus, if a recipient
doesn't list the approved algorithm, you just can't send them mail. The
OpenPGP-style key preferences are in my view primarily to ensure
interoperability and allow for algorithm transitions over long
timescales.
Are we proposing sender-side rules to match labels to approved
algorithms? It seems inadequate to put 'SuiteBOnly' as a key preference
on recipients.