ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] ECC point encoding and "flag byte"

2021-02-27 13:47:58
from [Andrey Jivsov] [Permanent Link] 
I think OpenPGP should adopt
https://tools.ietf.org/html/draft-jivsov-ecc-compact-05. I wish I thought
about this earlier.

This entirely avoid the issue of flag byte, because there is none, makes
all point encodings uniform, and the encoding then is an MPI.

I don't know if this is in the charter...

On Sat, Feb 27, 2021, 9:48 AM Daniel Kahn Gillmor 
<dkg(_at_)fifthhorseman(_dot_)net>
wrote:


Hi folks--

(no hats on, this message is as an implementer, a tester, and a WG
participant)

The ECC point encoding rules introduced in crypto-refresh-02 (taken from
RFC 6637) seem fragile and easy to get wrong, especially as expanded
from the introduction of Curve25519's representation.

I think it would be worthwhile to try to write down the rules for point
encoding clearly and deliberately, and to treat the ECC point
compression "flag byte" as its own registry, rather than throwing it in
as an aside in the appendix.  By asking IANA to register a table of
these "flag bytes", we'll probably help clarify our own thinking about
what belongs in that table (e.g. are there specific things that need to
be known about each flag, how can it be used), and maybe some of the
other tables as well (e.g. in the ECC Curve OIDs table, maybe we want to
refer to the preferred representation for each curve?)

The initial values of the "flag byte" registry should probably just
include 0x04 and 0x40 (the only two directly contemplated by the draft),
and leave speculative uses like 0x41 and 0x42 for later definitions.

The draft suggests that applications should only use special encodings
("conversion formats") if they are not "in doubt that any recipient can
support it", but offers no mechanism for signalling or detecting that
support, which itself is a bit problematic.

I've noted this as https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/21
and i'm willing to try to draft some text to try to address it, but
haven't done so yet.

Please let me know if you think this seems off-base.

       --dkg
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp


_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [openpgp] Sec. Considerations MUST about S2K [was: Re: I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt], Daniel Kahn Gillmor
Next by Date:  [openpgp] v5 fingerprints in ECDH, brian m. carlson
Previous by Thread:  [openpgp] ECC point encoding and "flag byte", Daniel Kahn Gillmor
Indexes:  [Date] [Thread] [Top] [All Lists]