[Standards-JIG] The Great Encryption Debate

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Wed Aug 3 02:12:10 UTC 2005


On Tuesday 02 August 2005 05:01 pm, Ian Paterson wrote:
> >  2) section 9.5 makes no mention of MAC algorithms
>
> JEP-0116 standardises on HMAC. The associated hash algorithm is
> negotiated instead (since the hash needs to be negotiated anyway).

I think it would still be worth mentioning that HMAC is a necessary algorithm 
in section 9.5.  It's nice to have a checklist of all the necessary 
algorithms before you begin coding so there are less surprises.  I found the 
list in xmlenc to be very handy when developing.

On that note, you should probably list Diffie-Hellman as well.

> I think we should include the SSH formats, if only because they are far
> less complex than Generic/Base64-ASN.1's X.509 DER-encoded
> SubjectPublicKeyInfo object (see RFC 1422).

Yes, that's probably it.  As far as I know, all crypto libraries can read the 
subjectPublicKeyInfo format, but only ssh can read the ssh formats.

Since everyone can parse the standard format and not necessarily the ssh 
format, keeping the ssh format as a MUST creates unnecessary burden for the 
majority of developers.  Is there a reason you need the ssh format?  What 
crypto lib are you using?  At the very least I suggest making 
subjectPublicKeyInfo the MUST and changing ssh format to SHOULD.

-Justin



More information about the Standards mailing list