John W. Moore III
jmoore3rd at bellsouth.net
Wed Jun 25 01:22:50 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Robert J. Hansen wrote:
> People add ciphers to the OpenPGP suite which are not explicitly
> included in the spec. E.g., Camellia right now, or the people who are
> experimenting around with ECDSA, or... etc.
> If it was just "add it to the end", then every experimental OpenPGP
> platform out there would have problems. If S14 (to pick a random unused
> cipher number) is an experimental implementation of RC6, then what
> happens when AES-256.5 (a full 1.414 times stronger than AES256!) gets
> assigned to S14?
> Fine, the experimental group moves up to S15. But all of the traffic
> they've already generated is still marked as S14. That means when they
> try to decrypt their traffic, they'll be decrypting it with AES-256.5
> instead of RC6. Which means decryptions will fail. Which means ugly
> kluges will have to be written to handle this. And... etc., etc.
> It's easier on everyone if it's done OpenPGP's way.
Most Excellent Answer! FWIW; the 'Working Group' is still mulling the
inclusion of OID as part of ECC. Who knows what, if anything, will be
assigned to these identifiers. If One follows the 'David Shaw'
proposals for Camellia algorithm it will be found that the identify
nomenclature changed several times. It still isn't 'final adopted' and
may change again.
I Love the "Hansen/Clizbe" Warning; if Ya follow the /Bleeding Edge/ and
things get broken You 'own' all the pieces!
Timestamp: Tuesday 24 Jun 2008, 19:21 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.5.0-svn4754: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage: http://tinyurl.com/yzhbhx
-----END PGP SIGNATURE-----
More information about the Gnupg-users