Hi.
Previously I had passed along two comments on the openpgp
spec to the chair:
* Concerns about the MDC
* A desire for an IANA section.
I'm evaluating the response to my concerns about the MDC.
It's
definitely true that I did not think through the use of the
MDC in
detail, although even after doing so, I'm still
uncomfortable.
I'm trying to talk to other security experts and get a
second opinion; expect to hear back from me on this issue
within a few days.
I'm working the IANA issue with the chair.
I have two minor comments about the security considerations
section;
these comments will round out my review of the spec.
1) random oracle is used instead of oracle every time the
word oracle
is used. An oracle is a construct with special
computational
ability (access to a key, access to extra storage,
ability to
perform long-running operations in one time step) that
is useful
in analysis of computability, complexity or security
constructions. A random oracle is an oracle that has a
random
function in it and exposes this function.
2) RFC 1750 is obseleted. Please update to 4086.
thanks much,
--Sam
|