Hi list,
For RFC4880bis[0] in section 14.2. {13.2.} it's planned to stick with
TripleDES as least common denominator preference for a symmetric
algorithm. I suggest to switch to AES128, AES192 or even AES256 as least
common denominator preference.
These are my thoughts:
* AES is a good and more modern alternative to TripleDES
* AES has wide HW support (better performance)
* This RFC shall last for a couple of years, a reasonable algorithm
and key length should be defined
I'm aware of Werner Kochs suggestion for deprecate legacy hash
algorithms[1]. In the current RFC4880bis[0] section 14.3.2 {13.3.2}
still mentions SHA1 as a MUST-implementation as well as an default
hashing preference. I suggest to deprecate SHA1 and remove it as a
default preference and switch to SHA256 or even SHA512.
These are my thoughts:
* SHA1 is broken
* This RFC shall last for a couple of years, a reasonable algorithm
should be defined
I also broached this topic at the GnuPG mailing list[2].
Best regards,
Pascal
[0] https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-01
[1] https://www.ietf.org/mail-archive/web/openpgp/current/msg08807.html
[2] https://lists.gnupg.org/pipermail/gnupg-users/2017-March/057882.html
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp