ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Fingerprints

2015-04-10 16:37:30
from [Christoph Anton Mitterer] [Permanent Link] 
On Fri, 2015-04-10 at 15:57 +0200, Werner Koch wrote: 

There is no need to have an algorithm field, a version field is
sufficient because we should only be using one algorithm at a given

Right.

Why? Isn't that exactly what the past has taught us? That using one
fixed fingerprint algo leads into all kinds of troubles?
And not just from the engineering side (i.e. that applications simply
take it for granted that the data will be SHA1, e.g. when parsing output
of programs).
Looking at other areas (e.g. SSH) tendency seems to be rather to support
multiple fingerprint algos, and people can chose what they want.

And from the crypto side, we also see how bad it was/is, to have fixed
algos,... first with MD5 now with SHA1.
It's simply naive to believe that current or future algos won't meet the
same fate ultimately.



It is often useful to have a keyid to quickly (but insecure) refer to a
key.

And it caused also issues, when people *did* assume they'd be secure.



I think that should be discussed in the context of the new default hash
algorithm.

SHA2 and Keccak?


Cheers.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] it's option 2 (was: Re: ways forward wrt IETF wg - please try answer by Apr 8th), Daniel Kahn Gillmor
Next by Date:  Re: [openpgp] details of 4880bis work, Christoph Anton Mitterer
Previous by Thread:  Re: [openpgp] Fingerprints, Phillip Hallam-Baker
Next by Thread:  Re: [openpgp] Fingerprints, Werner Koch
Indexes:  [Date] [Thread] [Top] [All Lists]