ianG <iang(_at_)iang(_dot_)org> writes:
Hi Werner,
On 17/09/2015 19:41 pm, Werner Koch wrote:
I'd like to get opinions on one specific aspect of a new fingerprint
format in 4880bis.
In the past we bound the fingerprint format to the key packet version:
v3 keys used MD5 and v4 keys SHA-1 fingerprints. This gained us the
benefit of having a bijective connection between fingerprint and key.
I'm hugely on that side. I'll always vote for that. I even staked my
rep on it :)
http://iang.org/ssl/h1_the_one_true_cipher_suite.html
Which came directly from the experience of hacking PGP & OpenPGP in
Perl/Java as part of Cryptix. The tears, the fears, the costs.
So: the only choice for me is which hash you pick for v5. If you
want another one, start planning for v6.
+1
I believe sub-negotiating in security protocol leads to obscure problems
and makes security evaluation harder. If we can avoid that, and that
appears to be the case, I'm all for it.
Regarding which hash to use, SHA-256 is probably the simplest choice
From a practicallity and consensus point of view. Are there any strong
reasons to favor something else?
What would be the relevant options be anyway? SHA-256, BLAKE2,
SHA3-256, SHA-512, CubeHash? Would there be value in being able to use
variable length SHAKE variants?
/Simon
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp