Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94

[ianG <iang@iang.org>]

Thanks Rich, adding my 2 yen.


On 3/11/2015 09:41 am, Salz, Rich wrote:
> - General issue of deprecration for stored data?  Possibilities (? Marks possibly-controversial)
> 	MD5; SHA1?; RIPE-MD
> 	IDEA; 3DES?; CAST5?; Blowfish?  Twofish?
> 	DSA? Size limits on RSA? NIST ECC? ElGamal?
> What does deprecation mean?  Perhaps just encryption? Also decrypt if the content is known/believed to be not old

Yes - practically, deprecated in the standard means no encryption, and 
implementations are free to decrypt older stuff.

> Is signature verification different?

No signing using old algos.

> There are several usability issues around this; we need to be careful.
> Consensus is not to create new content with deprecated algorithms.

+1

> Perhaps address general issue of "what to do with old stuff"? And maybe answer is "lose it"


No, download an old copy of gpg or pgp2.3 and decrypt it.

> Stephen Farrell: Suggest reframe question as "everything deprecated unless shown that need to generate ones using old mechanism"
> Discussion of how appropriate to put UI items in a protocol/data-format spec.
> Strong consensus to start with everything removed, and then add the ones we want.


the one :)

>   - Symmetric crypto (Bryan Ford), draft-ford-openpgp-format  See slides in the proceedings.
> Consensus to use a new packet type for AEAD-protected


yes.

> Lots of information exposed by plaintext metadata
> 	Magic number -- this is an openpgp file, so its suspicious
> 	Cipher -- is it worth trying to crack (e.g., is it rc4 :)
> 	Passphrase: worth trying a password cracker
> 	Recipient key-id's: where to point the rubber hose?
> 	# of recipients: aha, it's *that* group of dissidents?
>   Should we aim to protect it all (at cost of "trial" encryptions)?

Yes - indistinguishable from random is the target.

This might not be achievable, but it should be the target.  We won't get 
there unless we start on the journey.



iang