On Mon, Dec 7, 2015 at 12:38 PM, Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote:
Hiya,
On 07/12/15 16:44, Phillip Hallam-Baker wrote:
> On Mon, Dec 7, 2015 at 6:30 AM, Stephen Farrell <stephen.farrell@xxxxxxxxx>
> wrote:
>
CMS is in scope and noted as such. If more drafts are needed though
then folks would need to write those soonish, assuming we end up with
consensus for a short-lived WG.
Fair enough. I just want to make sure that this is inclusive.
One other related question is XML Encryption. given that all that is needed to define code points in XML Encryption is to generate a URL, I suggest that there be some sort of statement in the charter that allows that to happen, whether through a liaison with W3C or just doing it.
> I would like us to have a common format for presenting fingerprints of keys
> across applications and at minimum use that for both SSH and OpenPGP.
I would also like that but a) I don't think it's for curdle and b) while
it'd be good, we (IETF) never seem to quite manage to avoid doing those
in protocol-specific ways.
How about if I write up my UDF proposal as an independent submission or AD sponsored draft or whatever and at least we can say that we tried.
The reason I don't think it fits curdle is that it's not only a
crypto algorithm - the hash input is the real issue there and that's
not in scope as far as I can see.
In UDF I push that off to the MIME types registry. Whatever you want to hash, you define a MIME type for it.
> I can't see much chance CURDLE comes up with consensus for a set of
> algorithms that isn't acceptable to TLS. If that happened the WG has
> failed. So the TLS chairs might as well consider CURDLE to be a way to take
> default algorithm choices off their plate.
Sure, if the TLS folks wanted the work to happen in the curdle WG
that'd be no problem. I don't believe that is actually the case
though, at least for TLS codepoints. (The PKI stuff needed for TLS
does fit curdle for sure.)
TLS can certainly decide which of the 50+ possible permutations of the algorithms that they want to identify suites for.