[Standards-JIG] The Great Encryption Debate
justin-keyword-jabber.093179 at affinix.com
Wed Aug 3 02:12:10 UTC 2005
On Tuesday 02 August 2005 05:01 pm, Ian Paterson wrote:
> > 2) section 9.5 makes no mention of MAC algorithms
> JEP-0116 standardises on HMAC. The associated hash algorithm is
> negotiated instead (since the hash needs to be negotiated anyway).
I think it would still be worth mentioning that HMAC is a necessary algorithm
in section 9.5. It's nice to have a checklist of all the necessary
algorithms before you begin coding so there are less surprises. I found the
list in xmlenc to be very handy when developing.
On that note, you should probably list Diffie-Hellman as well.
> I think we should include the SSH formats, if only because they are far
> less complex than Generic/Base64-ASN.1's X.509 DER-encoded
> SubjectPublicKeyInfo object (see RFC 1422).
Yes, that's probably it. As far as I know, all crypto libraries can read the
subjectPublicKeyInfo format, but only ssh can read the ssh formats.
Since everyone can parse the standard format and not necessarily the ssh
format, keeping the ssh format as a MUST creates unnecessary burden for the
majority of developers. Is there a reason you need the ssh format? What
crypto lib are you using? At the very least I suggest making
subjectPublicKeyInfo the MUST and changing ssh format to SHOULD.
More information about the Standards