Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94

ianG <iang@iang.org> Fri, 06 November 2015 02:01 UTC

Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B61D1A8A8E for <openpgp@ietfa.amsl.com>; Thu, 5 Nov 2015 18:01:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i33yl6UME8JK for <openpgp@ietfa.amsl.com>; Thu, 5 Nov 2015 18:00:58 -0800 (PST)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C5A11B2B85 for <openpgp@ietf.org>; Thu, 5 Nov 2015 18:00:58 -0800 (PST)
Received: from tormenta.local (iang.org [209.197.106.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by virulha.pair.com (Postfix) with ESMTPSA id 931476D748; Thu, 5 Nov 2015 21:00:56 -0500 (EST)
To: openpgp@ietf.org
References: <e4308a7bfcc443d5b9921babf8762a8b@usma1ex-dag1mb1.msg.corp.akamai.com>
From: ianG <iang@iang.org>
Message-ID: <563C09D7.8090404@iang.org>
Date: Fri, 6 Nov 2015 02:00:55 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <e4308a7bfcc443d5b9921babf8762a8b@usma1ex-dag1mb1.msg.corp.akamai.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Ca_QxJwVmm0K0amxc32wKEG2BAo>
Subject: Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 02:01:00 -0000

Thanks Rich, adding my 2 yen.


On 3/11/2015 09:41 am, Salz, Rich wrote:
> - General issue of deprecration for stored data?  Possibilities (? Marks possibly-controversial)
> 	MD5; SHA1?; RIPE-MD
> 	IDEA; 3DES?; CAST5?; Blowfish?  Twofish?
> 	DSA? Size limits on RSA? NIST ECC? ElGamal?
> What does deprecation mean?  Perhaps just encryption? Also decrypt if the content is known/believed to be not old

Yes - practically, deprecated in the standard means no encryption, and 
implementations are free to decrypt older stuff.

> Is signature verification different?

No signing using old algos.

> There are several usability issues around this; we need to be careful.
> Consensus is not to create new content with deprecated algorithms.

+1

> Perhaps address general issue of "what to do with old stuff"? And maybe answer is "lose it"


No, download an old copy of gpg or pgp2.3 and decrypt it.

> Stephen Farrell: Suggest reframe question as "everything deprecated unless shown that need to generate ones using old mechanism"
> Discussion of how appropriate to put UI items in a protocol/data-format spec.
> Strong consensus to start with everything removed, and then add the ones we want.


the one :)

>   - Symmetric crypto (Bryan Ford), draft-ford-openpgp-format  See slides in the proceedings.
> Consensus to use a new packet type for AEAD-protected


yes.

> Lots of information exposed by plaintext metadata
> 	Magic number -- this is an openpgp file, so its suspicious
> 	Cipher -- is it worth trying to crack (e.g., is it rc4 :)
> 	Passphrase: worth trying a password cracker
> 	Recipient key-id's: where to point the rubber hose?
> 	# of recipients: aha, it's *that* group of dissidents?
>   Should we aim to protect it all (at cost of "trial" encryptions)?

Yes - indistinguishable from random is the target.

This might not be achievable, but it should be the target.  We won't get 
there unless we start on the journey.



iang