SHA3 IANA registration - method?
David Shaw
dshaw at jabberwocky.com
Wed Dec 12 17:04:57 CET 2012
On Dec 12, 2012, at 5:46 AM, Phil Pennock <gnupg-devel at spodhuis.org> wrote:
> Sorry for asking here, but mail to <ietf-openpgp-request at imc.org> is
> bouncing, so it looks as though the ietf-openpgp list is now completely
> dead. The only IETF forum I can spot is the concluded openpgp WG:
> http://www.ietf.org/wg/concluded/openpgp.html
The IETF OpenPGP WG completed their work, so that list was closed. There is another list, however, for ongoing discussions: https://www.ietf.org/mailman/listinfo/openpgp. That would be the appropriate place to discuss adding SHA-3 support to OpenPGP.
> So: what's the best mechanism for registering a "Hash Algorithms" entry
> in http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xml for
> SHA-3 ? RFC without implementation or implementation based on PRIVATE
> USE code-points and then RFC?
It's pretty simple to propose a new algorithm for OpenPGP: discuss it on the OpenPGP list, and then write and submit an RFC. The RFC is mainly boilerplate that says "This extends OpenPGP, here's a new hash algorithm, it's specified in such-and-such document, and its algorithm number is XXX. All the usual statements about hash algorithms from RFC-4880 apply here as well." IANA changes XXX to the algorithm number on publication. Take a look at the one I did for Camellia (http://tools.ietf.org/html/rfc5581) and feel free to steal any or all of it.
> I'm guessing that a working implementation using a PRIVATE USE
> code-point, per RFC4880 section 13.10, is a decent way to go? Or is PGP
> one of the protocols where folks have settled on avoiding private use
> fields because of the difficulty in migrating away from them?
The private algorithm numbers are useful for internal use and testing, but I would not ship code that uses them, except for interop testing and similar. Otherwise, the private algorithm number effectively becomes public, and implementers need to support the real number and the temporary private number for a long time, if not indefinitely.
David
More information about the Gnupg-devel
mailing list