On Sep 10, 2009, at 6:32 PM, Christoph Anton Mitterer wrote:
The people behind OpenPGP are working on a new OpenPGP proposal that
will use a stronger, better hash algorithm.
Have workings on an 4880 successor already started?
No, at this point things are mainly being proposed as *additions* to
4880. The first of these to reach completion is RFC-5581, which added
the Camellia cipher to OpenPGP (it's in 1.4.10, incidentally, but you
need to opt-in by adding it to your key prefs before it will be
used). Another addition would be ECC support, or the SHA-1 free key
format.
Perhaps some of you (David?) remember the discussion that took place
here and on the WG list some time ago about things like:
- how criticality and critical bit could be handled much stricter
- potential problems that arise because conforming implementation are
only recommended to ignore signatures of an older time (especially
self-sigs).
- some other places where OpenPGP could (and for security reasons
perhaps should) be more strict and demanding to (conforming)
implementations
- Ideas for much broader use of attributes (different types of names,
birth-dates, -places, sex, etc. etc.)
So I wonder who's doing the (main) work for the writing this time? And
is there perhaps a wiki or so, where one could collect such
suggestions?
The place for all such suggestions is the IETF OpenPGP working group:
http://www.imc.org/ietf-openpgp/
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
