Re: [openpgp] v5 in the crypto-refresh draft
2021-06-05 12:56:12On Fri 2021-06-04 14:10:36 -0400, Michael Richardson wrote:
> (2) appears to prepare for keys larger than 65536 octets. This looks
> like post-quantum planning to me, but we are not including any PQ
> schemes in the specification, and it's not clear that this change on
> its own would be sufficient to support such a new scheme (especially
> because there doesn't seem to be any CFRG consensus on what PQ scheme
> to endorse yet).
Sure, but wouldn't it help a v5 implementation to more intelligently skip
such a thing? I don't know if we can support multiple signatures with
different algorithms.
Would it? In what context? The change for (2) has to do with how to
structure data fed into a hash algorithm for a certification ("key
signature") but isn't anything on the wire.
Honestly, i find (2) the least problematic of the changes listed -- it
doesn't affect the wire format, and it's just a slight change to the
hashing algorithm which already needs a special case for the bytes
hashed (0x99 for v4 vs 0x9a for v5). If the WG decides that the change
in (2) is worth keeping because it just might come in handy for some
as-yet-unspecified scheme, that's a plausible argument to me, but i
don't see how it helps anyone skip over anything. Can you explain more?
--dkg
signature.asc
Description: PGP signature
_______________________________________________ openpgp mailing list openpgp(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/openpgp
| Previous by Date: | Re: [openpgp] [RFC4880bis PATCH] WIP: bind wire format representations to specific pubkey algorithms, Daniel Kahn Gillmor |
|---|---|
| Next by Date: | Re: [openpgp] v5 in the crypto-refresh draft, Daniel Kahn Gillmor |
| Previous by Thread: | Re: [openpgp] v5 in the crypto-refresh draft, Michael Richardson |
| Next by Thread: | Re: [openpgp] v5 in the crypto-refresh draft, Michael Richardson |
| Indexes: | [Date] [Thread] [Top] [All Lists] |