cipher ID's

John W. Moore III jmoore3rd at bellsouth.net
Wed Jun 25 01:22:50 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Robert J. Hansen wrote:

> People add ciphers to the OpenPGP suite which are not explicitly
> included in the spec.  E.g., Camellia right now, or the people who are
> experimenting around with ECDSA, or... etc.
> 
> If it was just "add it to the end", then every experimental OpenPGP
> platform out there would have problems.  If S14 (to pick a random unused
> cipher number) is an experimental implementation of RC6, then what
> happens when AES-256.5 (a full 1.414 times stronger than AES256!) gets
> assigned to S14?
> 
> Fine, the experimental group moves up to S15.  But all of the traffic
> they've already generated is still marked as S14.  That means when they
> try to decrypt their traffic, they'll be decrypting it with AES-256.5
> instead of RC6.  Which means decryptions will fail.  Which means ugly
> kluges will have to be written to handle this.  And... etc., etc.
> 
> It's easier on everyone if it's done OpenPGP's way.

Most Excellent Answer!  FWIW; the 'Working Group' is still mulling the
inclusion of OID as part of ECC.  Who knows what, if anything, will be
assigned to these identifiers.  If One follows the 'David Shaw'
proposals for Camellia algorithm it will be found that the identify
nomenclature changed several times.  It still isn't 'final adopted' and
may change again.

I Love the "Hansen/Clizbe" Warning; if Ya follow the /Bleeding Edge/ and
things get broken You 'own' all the pieces!

JOHN ;)
Timestamp: Tuesday 24 Jun 2008, 19:21  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.5.0-svn4754: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIYYHIAAoJEBCGy9eAtCsPVisIAIonv1JwEKeQVp6gtdP8HyoY
WFLzTPvQCMdLbuAyen66xSbnLYsLKx70CjY/l6Ku9xpyIvXv5HNeUU80l8AbGAFM
fhLjOldLQWrAgaBcC0HNa4DIJUTirKYRZy1iRYxF+Q45d7QICd1S7/hC1Zm+xMqs
haJKrvh0KGg7x9braUKuItMzIs8Gv5FvF0g1CrYD217noRKj9b9ew9y0RuAweXNw
XrbZAfQmxniXRME+TL7GGn75sxq1p8HqgvkSNM4X/8eH/F2UF5R4XoODhrhK44mR
V5BMPc4qWTtRVlaRR6cvAcZC4rXoNivjfHKJ0RHNicZTU5ScO/TSO+Nip20ObN8=
=Nadv
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list