ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[openpgp] Summary of WG status

2017-07-12 17:39:12
from [brian m. carlson] [Permanent Link] 
Our charter includes several goals that we should accomplish.  I'm going
to summarize where we are with each of them so we can see where we need
to make progress.

If you're going to respond to one or more of these, please respond to
each one in a separate thread so that we can have a logical set of
discussions.

CFRG Curves
-----------

We've included EdDSA with Curve25519.  I'd suggest including Curve448 as
an additional option for EdDSA.  That might necessitate including
SHAKE256 limited to this purpose only.

Curve25519 is defined for ECDH.  We probably also want to consider
Curve448.  The work needed for this purpose is probably limited to
including OIDs for the curve.

AEAD Algorithms
---------------

I've submitted a proposal to use EAX for data packets, and I'll be
sending out a new draft incorporating Werner's suggestions soon.  I'd
like additional feedback on if participants think this is a useful
direction.

We probably also want to consider SKESK and secret key packets.

Must-Implement Algorithms
-------------------------

We've specified SHA2-256 as the MTI hash algorithm.  This seems
uncontroversial.

3DES is still the must-implement encryption algorithm.  AES128 seems
like the logical choice here, since it's already MTI because of ECDH.

I suggest that we make the AEAD mode, whatever we pick, mandatory as
well.

Remember here that these are the obligatory options.  Most
implementations will (and already do) implement far more algorithms, so
this is just a baseline for interoperability.

Fingerprint Mechanism
---------------------

This seems to be the most controversial.  Werner has a proposal which
garnered a lot of discussion.  While it's not everything I want, I'm
happy enough with it to accept it and move forward as a goal of getting
us to done.

If there are concrete counterproposals, I suggest including sufficient
wording that can be discussed and potentially included into the
document.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>, Vincent Breitmoser
Next by Date:  Re: [openpgp] Summary of WG status, Werner Koch
Previous by Thread:  Re: [openpgp] AEAD encrypted data packet with EAX, brian m. carlson
Next by Thread:  Re: [openpgp] Summary of WG status, Werner Koch
Indexes:  [Date] [Thread] [Top] [All Lists]