On Tue, 02 Apr 2019 03:46:43 +0200,
vedaal(_at_)nym(_dot_)hush(_dot_)com wrote:
On 4/1/2019 at 12:03 AM, "Daniel Kahn Gillmor"
<dkg(_at_)fifthhorseman(_dot_)net> wrote:
On Sun 2019-03-31 13:10:24 +0100, Damien Goutte-Gattat wrote:
* Is there any interest for a “more modern” S2K, or is the
Iterated+Salted S2K still considered fine enough for
RFC4880bis?
I think having argon2i included in rfc4880bis would be concretely
useful; iterated+salted hasn't been the best practice for S2K for
well
over a decade.
The main argument i can imagine against it is if no OpenPGP
implementation has any plans or desire to implement it, or if
there are
specific objections related to IPR.
=====
Will the new S2K be only for the V5 key format?
Or will it also be used for Conventionally Encrypted messages?
If it will be used for Conventionally Encrypted messages too, then there can
be backward incompatibility issues,
as well as intercompatibility issues with different implementations.
(I still think it's a good idea, but may be a really lot of extra work, so
maybe only for V5 keys now).
s2k is also used for SK-ESKs (symmetric-key encrypted session keys)
[1]. When using SK-ESKs, we may not have a key as a reference point.
That is, it doesn't make sense to add a restriction of the form: only
use argon with v5 keys, as there may not be any keys when we want to
use argon!
I agree with Jon that the implementations can figure out when to phase
it in. That's at least something that we have experience with.
[1] https://tools.ietf.org/html/rfc4880#section-5.3
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp