ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: WG Review: CURves, Deprecating and a Little more Encryption (curdle)

2015-12-07 14:53:42
from [Phillip Hallam-Baker] [Permanent Link] 
On Mon, Dec 7, 2015 at 12:38 PM, Stephen Farrell 
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
wrote:



Hiya,

On 07/12/15 16:44, Phillip Hallam-Baker wrote:

On Mon, Dec 7, 2015 at 6:30 AM, Stephen Farrell <

stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>

wrote:




CMS is in scope and noted as such. If more drafts are needed though
then folks would need to write those soonish, assuming we end up with
consensus for a short-lived WG.




Fair enough. I just want to make sure that this is inclusive.

One other related question is XML Encryption. given that all that is needed
to define code points in XML Encryption is to generate a URL, I suggest
that there be some sort of statement in the charter that allows that to
happen, whether through a liaison with W3C or just doing it.




I would like us to have a common format for presenting fingerprints of

keys

across applications and at minimum use that for both SSH and OpenPGP.


I would also like that but a) I don't think it's for curdle and b) while
it'd be good, we (IETF) never seem to quite manage to avoid doing those
in protocol-specific ways.



How about if I write up my UDF proposal as an independent submission or AD
sponsored draft or whatever and at least we can say that we tried.




The reason I don't think it fits curdle is that it's not only a
crypto algorithm - the hash input is the real issue there and that's
not in scope as far as I can see.



In UDF I push that off to the MIME types registry. Whatever you want to
hash, you define a MIME type for it.



I can't see much chance CURDLE comes up with consensus for a set of

algorithms that isn't acceptable to TLS. If that happened the WG has
failed. So the TLS chairs might as well consider CURDLE to be a way to

take

default algorithm choices off their plate.


Sure, if the TLS folks wanted the work to happen in the curdle WG
that'd be no problem. I don't believe that is actually the case
though, at least for TLS codepoints. (The PKI stuff needed for TLS
does fit curdle for sure.)



TLS can certainly decide which of the 50+ possible permutations of the
algorithms that they want to identify suites for.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Request for further input - ART area, Scott O. Bradner
Next by Date:  Re: WG Review: CURves, Deprecating and a Little more Encryption (curdle), Donald Eastlake
Previous by Thread:  Re: WG Review: CURves, Deprecating and a Little more Encryption (curdle), Stephen Farrell
Next by Thread:  Re: WG Review: CURves, Deprecating and a Little more Encryption (curdle), Donald Eastlake
Indexes:  [Date] [Thread] [Top] [All Lists]