Den Mon, 01 Jun 2015 09:52:18 -0400
skrev Re: Proposed WG charter:
On Mon 2015-06-01 08:18:23 -0400, Simon Josefsson wrote:
Good starting point. It looks rather open ended when it comes to
the actual issues with RFC 4880 though. Can you mention at least
five top-priority issues in RFC 4880 that needs to be adressed?
This would tighten the scope a bit, without limiting ability to
adress other issues.
I think it would only tighten the scope if we *did* prohibit
addressing any un-mentioned issues, and i'd rather not commit to
something with that kind of wording.
I agree. I suppose this is up to the ADs though.
OTOH, having some explicit targets listed here (without limiting the
work to those targets) would help the group to make sure that 4880bis
did cover the relevant ground.
Yes.
Simon, if you had to list items that you thought were "must-haves",
which would they be?
I don't know. That is the primary reason for asking the charter to
include a list, to give me and others a sense of direction. The
charter proposal is written in a broad way now, which can be
counter-productive (it leads to meta-discussions).
Some highlights I'd go for (needs wordsmithing, just brainstorming
here, and not in any particular order):
* inclusion of the CFRG elliptic curves
Yes. I would mention Curve25519 and Ed25519 directly, or keep it
general and say "new elliptic curve key agreement and digital
signatures" instead.
There appears to be interest in Curve25519/EdDSA algorithms from people
on this list, and I haven't seen interest in any other algorithms.
Referring to CFRG explicitly is problematic because of timeline and
authority reasons. The CFRG hasn't published anything or made
any decisions, so referring to CFRG seems unnecessarily
limiting in when we can publish. Regarding authority: the CFRG can
make general recommendations, and I'm sure reasonable arguments will be
listened to, but I believe the decision on which algorithms are useful
for OpenPGP is one that belongs here and not in the CFRG.
* proper AEAD symmetric crypto
Sure. Is there any proposals on the table?
* updated mandatory-to-implement algorithms
Makes sense.
* updated fingerprints
No idea.
I'm not sure they need to be in the charter, but if there's a general
sense from the group that they should be, and a prompt proposal for
the language change, i have no objection to including them.
I suggest to mention everything you can think of that there is no
controversy over.
I recall improvements to PGP/MIME was discussed?
There is also my old OpenPGP mail/news header proposal [1], but I'm not
sure there is energy for it. I have also started to think that it ended
up being too complex for its own good.
/Simon
[1] https://tools.ietf.org/html/draft-josefsson-openpgp-mailnews-header-07
pgpu0Yb3Pd3dc.pgp
Description: OpenPGP digital signatur
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp