Re: [openpgp] v5 in the crypto-refresh draft

Daniel Kahn Gillmor <dkg(_at_)fifthhorseman(_dot_)net> wrote:
    > On Fri 2021-06-04 14:10:36 -0400, Michael Richardson wrote:
    >> > (2) appears to prepare for keys larger than 65536 octets.  This looks
    >> > like post-quantum planning to me, but we are not including any PQ
    >> > schemes in the specification, and it's not clear that this change on
    >> > its own would be sufficient to support such a new scheme (especially
    >> > because there doesn't seem to be any CFRG consensus on what PQ scheme
    >> > to endorse yet).
    >>
    >> Sure, but wouldn't it help a v5 implementation to more intelligently skip
    >> such a thing?  I don't know if we can support multiple signatures with
    >> different algorithms.

    > Would it?  In what context?  The change for (2) has to do with how to
    > structure data fed into a hash algorithm for a certification ("key
    > signature") but isn't anything on the wire.

Assume in the future that we have keys larger than 64K octets.  We are doing
that, not because there has been a quantum event, but because we are preparing 
for it.
We may still not even be sure which PQ scheme is the right one.

(There are multiple keys present, and possibly multiple signatures over both
end-user-data, and over keys)

A v5-capable tool, which does not speak these new formats can still process
the packets.  It could also verify that these large keys are signed by our
legacy algorithms.

--
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>   . o O ( IPv6 IøT 
consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp