Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94

ianG <> Fri, 06 November 2015 02:01 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0B61D1A8A8E for <>; Thu, 5 Nov 2015 18:01:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id i33yl6UME8JK for <>; Thu, 5 Nov 2015 18:00:58 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6C5A11B2B85 for <>; Thu, 5 Nov 2015 18:00:58 -0800 (PST)
Received: from tormenta.local ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 931476D748; Thu, 5 Nov 2015 21:00:56 -0500 (EST)
References: <>
From: ianG <>
Message-ID: <>
Date: Fri, 6 Nov 2015 02:00:55 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Nov 2015 02:01:00 -0000

Thanks Rich, adding my 2 yen.

On 3/11/2015 09:41 am, Salz, Rich wrote:
> - General issue of deprecration for stored data?  Possibilities (? Marks possibly-controversial)
> 	MD5; SHA1?; RIPE-MD
> 	IDEA; 3DES?; CAST5?; Blowfish?  Twofish?
> 	DSA? Size limits on RSA? NIST ECC? ElGamal?
> What does deprecation mean?  Perhaps just encryption? Also decrypt if the content is known/believed to be not old

Yes - practically, deprecated in the standard means no encryption, and 
implementations are free to decrypt older stuff.

> Is signature verification different?

No signing using old algos.

> There are several usability issues around this; we need to be careful.
> Consensus is not to create new content with deprecated algorithms.


> Perhaps address general issue of "what to do with old stuff"? And maybe answer is "lose it"

No, download an old copy of gpg or pgp2.3 and decrypt it.

> Stephen Farrell: Suggest reframe question as "everything deprecated unless shown that need to generate ones using old mechanism"
> Discussion of how appropriate to put UI items in a protocol/data-format spec.
> Strong consensus to start with everything removed, and then add the ones we want.

the one :)

>   - Symmetric crypto (Bryan Ford), draft-ford-openpgp-format  See slides in the proceedings.
> Consensus to use a new packet type for AEAD-protected


> Lots of information exposed by plaintext metadata
> 	Magic number -- this is an openpgp file, so its suspicious
> 	Cipher -- is it worth trying to crack (e.g., is it rc4 :)
> 	Passphrase: worth trying a password cracker
> 	Recipient key-id's: where to point the rubber hose?
> 	# of recipients: aha, it's *that* group of dissidents?
>   Should we aim to protect it all (at cost of "trial" encryptions)?

Yes - indistinguishable from random is the target.

This might not be achievable, but it should be the target.  We won't get 
there unless we start on the journey.