Werner,
On Mon, June 1, 2015 3:19 pm, Werner Koch wrote:
On Mon, 1 Jun 2015 19:40, dkg(_at_)fifthhorseman(_dot_)net said:
I think i'm still not convinced by this -- can you give an example of
what kind of confusion you're hoping to avoid?
Alice reads her 40 hex digit fingerprints on the phone using oldtool;
Bob comapres it using his newtool, which shows a different fingerprint.
Both don't know anything about fingerprint details but have been advised
to compare them character by character. Their conclusion will be that
this is not the right key.
Well, most likely the new fingerprint will not be 40 hex digits, it would
be a different length. So oldtool and newtool would have different
lengths and, as a result, they would (hopefully) know they were looking at
different values.
That doesn't necessarily help them figure out how to get newtool to output
something that oldtool can verify.
I think the main difference you're offering with a v5 format is the
ability to explicitly disavow the 4880 MTI algorithms. Is that right?
Yes. So that we won't need to support all old algorithms till 2106.
BTW, why do you and some others use the term MTI? That term seems to
mean mandatory-to-implement and comes from Jabber, to me this sounds
very much like MUST (cf. RFC-2119).
The term MTI (Mandatory to Implement) is used to differentiate it from MTU
(Mandatory to Use). I.e., an MTI algorithm is one that you're guaranteed
to be ABLE to use, but there is no requirement that you actually DO use
it.
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp