On 2021-02-28 at 23:09 +0100, Ángel wrote:
I would suggest a didactic approach, something like
Simple S2K and Salted S2K specifiers are not particularly secure
when used with a low-entropy secret, such as those typically
provided
by users, and implementations SHOULD avoid using these methods on
encryption of both keys and messages.
Best regards
As there were no further opinions, I have proposed this on
https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/42
Note: I'm purposefully not adding anything at the Security section.
That section is currently a chaotic mixture. I think it would be best
to keep local issues at their corresponding section (maybe even
creating security subsections) and leave §15 for general one. By its
own nature, this spec will have many security-related points, and we
can't expect to repeat everything there.
In any case, imho we should organize it first, stripping it as much as
possible. It can be discussed later if some points really need to come
back.
Best regards
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp