[Top] [All Lists]

[openpgp] Hybrid proposal for algorithm identifiers

2015-03-24 11:47:16

* Maintaining algorithm registries takes time and effort
* Modern best practice for algorithms rejects the idea that more algorithms is 
  * The security of the system is determined by the weakest algorithm an 
attacker can persuade you to use,
  * One Mandatory to implement plus a reserve is generally emerging as best

* Support for vanity crypto is an unfortunate necessity.
* ASN.1 OIDs are kind of obnoxious
* Suites don't work
* Most OpenPGP folk would like to use short identifiers

For many years I have wanted a way to move discussion of vanity crypto out of 
the IETF, etc. If we touch a spec, the vendor can pretend that we endorse it.

So what I propose is a two level scheme:

Mandatory and Recommended algorithms are registered in a short identifier 

For everything else there is a reserved 'escape code' that states the algorithm 
is specified by OID. 

OIDs do get a little large sometimes. But they do have the advantage that 
nobody can claim that they have IETF endorsement. That is not true of any 
scheme we could devise ourselves. 

This approach means that there is a real difference between being one of the 
supported algorithms and the recommended algorithm.
openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>