From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 10A1E138334 for ; Wed, 4 Jul 2018 08:42:56 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 48C99E0995; Wed, 4 Jul 2018 08:42:49 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C8061E0984 for ; Wed, 4 Jul 2018 08:42:48 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id E7B7D335C7F; Wed, 4 Jul 2018 08:42:45 +0000 (UTC) Message-ID: <1530693762.914.30.camel@gentoo.org> Subject: Re: [gentoo-dev] [PATCH 5/4] glep-0063: Allow ECC keys From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Cc: robbat2@gentoo.org Date: Wed, 04 Jul 2018 10:42:42 +0200 In-Reply-To: References: <20180703132957.29200-1-mgorny@gentoo.org> <20180704072254.3643-1-mgorny@gentoo.org> <751a88c0-e367-4394-825e-baba66c95fb6@gentoo.org> <1530690857.914.18.camel@gentoo.org> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-F/Vcqc8fO/qXUw9CMNFO" X-Mailer: Evolution 3.24.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Archives-Salt: b757eb77-65bd-46f6-82af-5f9d10d703bb X-Archives-Hash: da9887dc3c909da153a8b391065ffb8e --=-F/Vcqc8fO/qXUw9CMNFO Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable W dniu =C5=9Bro, 04.07.2018 o godzinie 10=E2=88=B601=E2=80=89+0200, u=C5=BC= ytkownik Kristian Fiskerstrand napisa=C5=82: > On 07/04/2018 09:54 AM, Micha=C5=82 G=C3=B3rny wrote: > > > We also keep gnupg 1.4 in tree that does not, and will not, support e= cc. > >=20 > > Well, we have developers using ECC (Curve 25519, to be specific). > > I don't really know enough about this to judge but we either need to > > allow at least this, or convince those devs to change to RSA. >=20 > incidentally curve25519 is the one I'm thinking of that isn't > standardized, although it is part of current draft version of rfc4880bis > (but WG is stalled so no update expected any time soon there). > NIST/brainpool are included in RFC6637, but we wouldn't want to accept > them for various reasons. >=20 > There are good reasons these are not provided in the regular interface > of gnupg, but requires --expert >=20 To be honest, I have mixed feelings here. While I agree interoperability is a problem in general, I'm not sure if it's really a problem this large. I agree that we shouldn't recommend ECC but should we ban it entirely? Things to note: 1. I suppose the ECC/cv25519 packets won't change in incompatible manner at this point. 2. Hardware incompatibility issues are not really relevant to us but to the person using the key. 3. Developer keys are mostly for internal use, while the majority of users verify only the infra signatures, so I don't think we have to be that concerned about interoperability of the algos, provided that it works for infra purposes. --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-F/Vcqc8fO/qXUw9CMNFO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEbbsHzE8NrQbqCv5BsHoa6u+0Rk4FAls8iIJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDZE QkIwN0NDNEYwREFEMDZFQTBBRkU0MUIwN0ExQUVBRUZCNDQ2NEUACgkQsHoa6u+0 Rk6d4hAAzSSGYsTlqSapGCQwG2gDXPNUgZb6IIuZkCrzwT5A4Jgv8i9UsPkWuokk Emj1pj98ZA9WpEOg23WxYc8/eIVhhs/ZRj7tFiZqR66jLf6VP+WsQaBW3YcYPZB2 Wwl8pzpBTEp5ViE8MbufXPrMv9WVEFATYNczzVv1iJPmlP5YX/vBDWPN3AwkSYIT ze2SczttrNDCwRYnYO3DcwPzjp3DVv0h3iRr62C2GwRzB6/ZxPP5xZwsZqy6tZ2D 4oRPSW8gKstoqubKi6OU4vwn5TVA04s9jl3RxOct0s35wcErpJV5X2IWJGx+4sG6 vXXbvAAQckn7f9gOn0n7Jhfm0yILQPWXR/zWaCAmUm0A/5ZX00xTntK0x2rs+ikZ k4R7rdt/OVjRVlZM0HLsFfVU3tPg7X2GuqF8eX4ul1DPG1flOtONv/s0+DHeWrRC 7LBFx3i4EaZ8NfWTDttfhvzbIWusqtVjhBm6cpmuj57Q8htT7l24XrpXVTTcvYPk kyjp45Nr3SMTTHAlCQ+k7jC8DwSyHvkXVpRmMbUxMjw7tAKjNC5Pa6GhBR9uelCj BlkXLIlSart0Dmb6IxPAW8gWOkgRFE1GmSJwVnhFQy2ZqC6BXsgcIHyCfTjWtfBd lixFpay6GhZAiXYGmmpFgMOOvkcayc4n0+tk2QVbdaSUuxg6wmI= =fk/r -----END PGP SIGNATURE----- --=-F/Vcqc8fO/qXUw9CMNFO--