Excellent start!
On 31/10/2015 08:50 am, Bryan Ford wrote:
Title: Modernizing the OpenPGP Message Format
URL: https://datatracker.ietf.org/doc/draft-ford-openpgp-format/
Abstract:
This draft proposes and solicits discussion on methods of modernizing
OpenPGP's encrypted message format to support more state-of-the-art
authenticated encryption schemes, and optionally to protect format
metadata as well as data via metadata encryption and judicious
padding.
I object to the use of the word "identity" in the text. Wrong layer.
I'd suggest either integrity or authentication?
I like the absolute separation of the the AEAD Protected Data packet -
makes it easier to squash all the old stuff.
"additional data" == 0. I'm fine with that.
nonce as 0 for non-reuse - disagree. I would strongly prefer the nonce
to always be there and always be randomly generated by requirement,
because we can't trust the rest of the software. Multiple, redundant
protections are great when they are free. Which they are in this case.
Nonce to be always present, big and random, and the secret key should
not be re-used.
2.2 looks great! Never heard of MonkeyDunkey but happy to endorse it
sight unseen ;-)
It covers two topics, the first being the AEAD evolution, the second
being a somewhat more ambitious idea to provide better metadata
protection and anonymization properties at the "outer-wrapper" level;
see the draft for (some more, still sketchy) details.
2.3 also good, I'm very keen on that. The "bucket expansion" scheme is
likely to signal which tool was used, unless we can convince other
packages to do that (pretty unlikely).
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp