[Top] [All Lists]

Re: [openpgp] Intent to deprecate: Insecure primitives

2015-03-16 16:01:03
On Monday, March 16, 2015, Jon Callas <jon(_at_)callas(_dot_)org> wrote:

On Mar 16, 2015, at 7:49 AM, Stephen Paul Weber <
singpolyma(_at_)singpolyma(_dot_)net <javascript:;>> wrote:

In fact, aren't the RSA-E and RSA-S algorithms basically just historical
/ mostly deprecated in favour of marking keys for a particular use?

My impression was that many new implementations use the RSA-S and RSA-E
algorithms for signing keys and encryption subkeys. But -- taking a look at
SKS numbers --algorithm 1 is used quite a lot.

I generally prefer domain separation, but I don't think there's a relevant
security difference *so long as* implementations do not generate a single
RSA key such that its key usage intersects only one of {certify, sign,
authenticate} or {encrypt communications, encrypt bulk}.

(And so, in the eventual I-D, I'll likely make that the requirement. I
would be inclined, in that case, to state that implementations SHOULD
accept any of algorithms 1, 2, 3 for any usage mask valid under the
above criterion.)
openpgp mailing list
<Prev in Thread] Current Thread [Next in Thread>