ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Proposed Patch to RFC4880bis to reserve two public key numbers

2016-07-07 09:09:47
from [Derek Atkins] [Permanent Link] 

On Thu, July 7, 2016 8:43 am, Stephen Farrell wrote:



On 07/07/16 13:33, Derek Atkins wrote:

You brought up a paper showing a weak key/keyset and said there was no
response, I pointed out a response.  I wasn't trying to discuss relative
merits and agree this is not the place to do so.  But you started it ;)


Well, no - 'twas you guys started proposing AE I think:-)


No, I just asked to reserve some code points.  I suppose I could have
called them "Fred" and "George" if that makes you feel any better?  But
back to the technical side of things:

I chose OpenPGP because I feel it is the better fit for our company use
cases.  I had a lot of pushback at the time about why not use X.509? 
Indeed, looking back X.509 would have certainly been an easier route to
take; we just need an OID (gee, that was easy to acquire) and plug it in
and we're done.  But the arguments against X.509 (data size, code size,
strictness, etc) outweighed what I believed to be the "battle" of
obtaining OpenPGP code points.

Frankly, given the history of OpenPGP I thought it would be pretty easy. 
There's historically been very little pushback -- someone wants to get a
code point for their use, okay, let's give it to them.  This way everyone
else, when they see a message, knows *what* it is (even if they can't
actually decode it).

So yeah, mea culpa for bringing in the AE baggage.  Let's call them Fred
and George and move on?  Or do you have something against the Fred and
George algorithms having code points?  ;-)  Seriously, though, let me ask
you the same question that was posed the other week:  what is the *harm*
in defining these code points in the registry?  There is no harm in
thinking someone might use it unknowingly, because that's technically not
feasible.  There's no harm in someone being able to decipher a packet and
know "oh, this is a Fred packet".  Now, what is the harm of NOT defining
these in the registry?  Well, there is the possibility that down the road
it might get re-defined and used by some other algorihtm and now there are
two different things in the wild.  (c.f. historical openness of accepting
code point requests).

So let's look at this from a protocol/registry standpoint and not a
cryptographic standpoint, since that's what this request is really about.

Thanks,

-derek
-- 
       Derek Atkins                 617-623-3745
       derek(_at_)ihtfp(_dot_)com             www.ihtfp.com
       Computer and Internet Security Consultant

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Tag indicating a MIME content, Wyllys Ingersoll
Next by Date:  Re: [openpgp] Tag indicating a MIME content, Daniel Kahn Gillmor
Previous by Thread:  Re: [openpgp] Proposed Patch to RFC4880bis to reserve two public key numbers, Stephen Farrell
Next by Thread:  Re: [openpgp] Proposed Patch to RFC4880bis to reserve two public key numbers, Salz, Rich
Indexes:  [Date] [Thread] [Top] [All Lists]