ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[openpgp] Regulation of algo deprecation

2015-11-03 16:14:29
from [Nils Durner] [Permanent Link] 
Hi,

I would like to elaborate on why I feel that algorithm deprecation
should also be guided by regulations. For Germany, the algorithm catalog
for Electronic Signatures[0] issued by the Federal Network Agency,
dictates that

SHA-1 and RIPEMD-160, respectively, are suitable only for verification
of qualified certificates until the end of 2015.


I feel that implementations should help users use crypto correctly - and
incorrect use also includes use of methods deemed insufficient by law,
IMO. IANAL, but repudiability based on algorithm choice should be
prevented against. Concrete example: a particular mail sent by Alice is
not considered legally binding because Bob failed to realize that the
algorithms used by Alice had already expired by regulation at the time
she sent the mail. In order not to burden implementers with such
considerations, I feel we should reflects this in the RFC already -
perhaps as RECOMMENDATIONs so that implementations may still provide a
--force parameter for anyone who exactly knows what they are doing or
just don't follow the legal canon (if there is one, I think this would
need some further research).

Responding to Werner's concern that, following this line of thought,
only Brainpool curves could be used: I don't see why. The 2014 version
of aforementioned catalog[0], as well as the 2015 draft (dated
28.10.2014), merely recommend Brainpool, but don't require it. For the
US, NIST naturally recommends NIST curves[2], but I don't see a
restriction to just P-384 there either. At any rate, I would just make
it RECOMMENDATIONs, not MUSTs - except for cases like MD5 where there is
general consensus for other, actually technical, reasons.


What do others think?


Regards,

Nils

[0]
https://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/Sachgebiete/QES/Veroeffentlichungen/Algorithmen/2014Algorithmenkatalog.pdf
[1] https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [openpgp] DRAFT minutes for OpenPGP at IETF 94, Salz, Rich
Next by Date:  Re: [openpgp] Regulation of algo deprecation, Aaron Zauner
Previous by Thread:  [openpgp] DRAFT minutes for OpenPGP at IETF 94, Salz, Rich
Next by Thread:  Re: [openpgp] Regulation of algo deprecation, Aaron Zauner
Indexes:  [Date] [Thread] [Top] [All Lists]