Re: [openpgp] Intent to deprecate: Insecure primitives

[Falcon Darkstar Momot <falcon@iridiumlinux.org>]

I'm not sure this approach scales.

More importantly, I'm not sure it's common practice.  The IETF is at its
best when it is codifying existing practice to promote interop, not when
it's trying to radically change practice with fairly onerous new
recommendations.

Perhaps if anyone desires to modify practice, they should start by
promoting their new approach so that multiple software platforms and the
reference implementation support it.  Perhaps modifications to
open-source mail clients to support a distinction between "wire format"
and "data at rest" and an encryption rollover format would be useful.

On 16/03/2015 10:35, Bill Frantz wrote:
> On 3/16/15 at 6:51 AM, warlord@MIT.EDU (Derek Atkins) wrote:
>
>> Oh, you expected me to decrypt/re-encrypt my encrypted email as I got
>> it???
>
> For many uses, decrypting from the wire format and re-encrypting in
> the "data at rest" security format makes excellent sense. Having only
> one encryption scheme for long-term storage allows easy (relatively)
> upgrade and helps to ensure that the data is still accessible, i.e.
> the decryption still works. I probably have a bunch of old PGP
> encrypted email I can't read anymore because I don't have the secret
> key, or its passphrase. If that mail had been re-encrypted in a format
> that I decrypt every day, I would still be able to read the mail.
> Encryption that isn't regularly exercised gets rusty.
>
> Cheers - Bill
>
> -----------------------------------------------------------------------
> Bill Frantz        | If the site is supported by  | Periwinkle
> (408)356-8506      | ads, you are the product.    | 16345 Englewood Ave
> www.pwpconsult.com |                              | Los Gatos, CA 95032
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp