Hello,
Around the time the OpenPGP WG was re-chartered in 2015, one of
the changes considered for the RFC4880bis was to update the list
of "string-to-key" (S2K) specifiers by adding “something more
modern” [1] such as PBKDF2 or the winner of the (at the time
unfinished) PHC competition.
Nils Durner proposed a patch reserving the S2K type 4 for Argon2i
and describing its use [2]. This patch has not made it to the
current draft but I don’t recall seeing the proposal explicitly
rejected. On the contrary, at the times it seems to have
generated a genuine interest.
I personally have no strong opinion as to whether new S2K
specifiers should be added to RFC4880bis. But since there was a
proposal to add Argon2i, I would like to be sure that if that
algorithm does not make it to the final draft, it is because
there was no consensus to include it (or because there was a
consensus *against* its inclusion), and not simply because the
proposal was overlooked.
So:
* Is there any interest for a “more modern” S2K, or is the
Iterated+Salted S2K still considered fine enough for RFC4880bis?
* If we want a more modern S2K, then is Argon2i the right choice?
* If we want Argon2i, is there any issue with Nils Durner’s
proposal?
As I recall, the only issue that was raised at the time was the
fact that Argon2i was not described in a RFC. There is now a
draft for it [3], so I don’t think this is an issue anymore.
Cheers,
- Damien
[1] https://mailarchive.ietf.org/arch/msg/openpgp/ll36RGS81vXSXkVey0cR0zZ7WkI
[2] https://mailarchive.ietf.org/arch/msg/openpgp/IORjkQR17EURj9HQaKCqoQ2TKkI
[3] https://datatracker.ietf.org/doc/draft-irtf-cfrg-argon2/
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp