On 4/2/2019 at 2:15 AM, "Neal H. Walfield" <neal(_at_)walfield(_dot_)org> wrote:
s2k is also used for SK-ESKs (symmetric-key encrypted session keys)
[1]. When using SK-ESKs, we may not have a key as a reference
point.
That is, it doesn't make sense to add a restriction of the form:
only
use argon with v5 keys, as there may not be any keys when we want
to
use argon!
I agree with Jon that the implementations can figure out when to
phase
it in. That's at least something that we have experience with.
[1] https://tools.ietf.org/html/rfc4880#section-5.3
=====
The issue is, that if it is not expressly implemented otherwise, the S2K used
for the V4 or V5 key private key,
will be the one that automatically defaults to the S2K for SK-ESK
(reasonable behavior, actually:
The most important security choice for the user is how to protect the user's
private key,
and presumably the user would like to give ESK's the same protection. This is
also why the symmetric encryption algorithm choice for the private key, becomes
the default algorithm for the ESK).
Current Implementations already do this by default,
and implementers need to be aware to actively 'undo' it once the new S2K is
adopted.
vedaal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp