|
Size: 2141
Comment:
|
Size: 2765
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = dkg's list = | = RFC-4880bis = |
| Line 3: | Line 3: |
| Up to "New MUST algorithms" the topics are from dkg's list. | |
| Line 4: | Line 5: |
| {{{ | == Fingerprints == |
| Line 6: | Line 7: |
| a) update the fingerprint format (avoid inclusion of creation date, use | Update the fingerprint format (avoid inclusion of creation date, use |
| Line 12: | Line 13: |
| b) get rid of keyids entirely -- when referring to a key, use the | == Key IDs == get rid of keyids entirely -- when referring to a key, use the |
| Line 19: | Line 22: |
| c) deprecate MD5, SHA1, and RIPEMD160 | == Hash algo == |
| Line 21: | Line 24: |
| d) clarify that cleartext signatures should all use charset/encoding | deprecate MD5, SHA1, and RIPEMD160 == Cleartext sigs == clarify that cleartext signatures should all use charset/encoding |
| Line 24: | Line 31: |
| e) update S2K with something more modern (PBKDF2, HKDF, scrypt?), | == S2K == update S2K with something more modern (PBKDF2, HKDF, scrypt?), |
| Line 27: | Line 36: |
| f) standardize the two new curves coming out of the CFRG: 25519 and | * Jon Callas suggests the use of PBKDF2. * Peter Gutmann suggests to wait for the outcome of PHC and use that. == Curves == standardize the two new curves coming out of the CFRG: 25519 and |
| Line 31: | Line 46: |
| g) remove compression entirely | == Compression == |
| Line 33: | Line 48: |
| h) clean up the language: clearly distinguish between "public key" and | remove compression entirely == Terminology == clean up the language: clearly distinguish between "public key" and |
| Line 37: | Line 56: |
| i) declare a literal data packet type "m" that means "MIME content" so | == Literal data packet == declare a literal data packet type "m" that means "MIME content" so |
| Line 41: | Line 62: |
| j) deprecate 3DES, IDEA, and as many of the weaker ciphers as we can | == Depcreated 3DES et al. == deprecate 3DES, IDEA, and as many of the weaker ciphers as we can |
| Line 44: | Line 67: |
| k) provide a modern streamable/chunkable AEAD replacement for | == AEAD == provide a modern streamable/chunkable AEAD replacement for |
| Line 47: | Line 72: |
| l) change MTI algorithms: SHA512, the two new ECs, and the new AEAD | == New MUST algorithms == change MTI algorithms: SHA512, the two new ECs, and the new AEAD |
| Line 50: | Line 77: |
| }}} | |
| Line 52: | Line 78: |
| = RFC-3156bis ? = | == New key flags == * A new key flag to support GNS == New notation data == In the past we add a few requests for new IETF namespace notations: * "nick" for GNS * [fixme] = RFC-3156bis = |
RFC-4880bis
Up to "New MUST algorithms" the topics are from dkg's list.
Fingerprints
Update the fingerprint format (avoid inclusion of creation date, use stronger digest algorithm; i'm dubious about embedding algorithm agility in the fingerprint itself, but explicit version info in the fingerprint might be reasonable so we don't have to keep guessing by fpr structure for future versions)
Key IDs
get rid of keyids entirely -- when referring to a key, use the fingerprint where a compact hint is needed (e.g. in a replacement of the issuer subpacket) or the full primary key where it is more sensitive (e.g. in designated revoker). With EC keys, we could consider using the full key (not the full cert) even in the issuer subpacket case, which could make things cleaner.
Hash algo
deprecate MD5, SHA1, and RIPEMD160
Cleartext sigs
clarify that cleartext signatures should all use charset/encoding UTF-8.
S2K
update S2K with something more modern (PBKDF2, HKDF, scrypt?), deprecate all the other mechnanisms explicitly
- Jon Callas suggests the use of PBKDF2.
- Peter Gutmann suggests to wait for the outcome of PHC and use that.
Curves
standardize the two new curves coming out of the CFRG: 25519 and curve448 ("goldilocks") for both signatures and encryption (Werner has already started this process for 25519 signatures)
Compression
remove compression entirely
Terminology
clean up the language: clearly distinguish between "public key" and "certificate", and ensure that the use of the terms "trust" and "validity", if still present, are used unambiguously.
Literal data packet
declare a literal data packet type "m" that means "MIME content" so that we can punt on the rest of the message structure/format/encoding/type craziness to MIME.
Depcreated 3DES et al.
deprecate 3DES, IDEA, and as many of the weaker ciphers as we can get away with.
AEAD
provide a modern streamable/chunkable AEAD replacement for Symmetrically-Encrypted Integrity-Protected Data (SEIPD) packets
New MUST algorithms
change MTI algorithms: SHA512, the two new ECs, and the new AEAD mechanism should be the baseline.
New key flags
- A new key flag to support GNS
New notation data
In the past we add a few requests for new IETF namespace notations:
- "nick" for GNS
- [fixme]
RFC-3156bis
- Define application/pgp-message for binary OpenPGP messages
- Define application/pgp-keydata for binary OpenPGP keys
- Remove the micalg parameter