Re: [openpgp] Intent to deprecate: Insecure primitives
David Leon Gil <coruus@gmail.com> Wed, 08 April 2015 15:32 UTC
Return-Path: <coruus@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A4A71B3230 for <openpgp@ietfa.amsl.com>; Wed, 8 Apr 2015 08:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pAYFBSDfUTlp for <openpgp@ietfa.amsl.com>; Wed, 8 Apr 2015 08:32:08 -0700 (PDT)
Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com [IPv6:2607:f8b0:4001:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30FC21A1B0D for <openpgp@ietf.org>; Wed, 8 Apr 2015 08:32:08 -0700 (PDT)
Received: by igblo3 with SMTP id lo3so41561284igb.0 for <openpgp@ietf.org>; Wed, 08 Apr 2015 08:32:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=LrPPXoUZ4QPE+WYNChK5yd4vpX36eYu1Kk5vKrssdFc=; b=z5B0GRD6OkOyRa0PJGzi9WW+tILOP/4eI7U4Mi3pgxkliMs8uMk6m4sHGVJBbzPQLK hyBLt5k4vnFBHPcQeNttDDlZ/qEU+Uv1YCdNVzmO2c/f7kAQjAzGmw6EAC5d1W36mEvK 1uJhw3UvFo3sR03vRGRyAHMBxIgtrwav8G+8NzwDglpCFWvCUH3fvLRU0eslbPFcdQJz LAU/tdi+Y9UiaLWKnO4gAFUm5DVUhVz2gjN8tSOIu8yRXkx2+E/3vxxvu64ezngJ/DLw 6zOA3aPO1wbidq586d+ullYKWdduNLoHROyDosYg46HG49aoN3XergHlDecqReyUt5cl IO8g==
X-Received: by 10.50.97.41 with SMTP id dx9mr12661393igb.1.1428507127741; Wed, 08 Apr 2015 08:32:07 -0700 (PDT)
MIME-Version: 1.0
References: <r422Ps-1075i-0DF0A0ED5D364ECAABA63F541D9C6A16@Williams-MacBook-Pro.local> <sjmmw3bk6lt.fsf@securerf.ihtfp.org> <1427138741.10191.48.camel@scientia.net>
In-Reply-To: <1427138741.10191.48.camel@scientia.net>
From: David Leon Gil <coruus@gmail.com>
Date: Wed, 08 Apr 2015 15:32:07 +0000
Message-ID: <CAA7UWsWNWoj_5tv=TKnQaFXvpGqJgX+jcZyT1EAdJ=tAM10qGg@mail.gmail.com>
To: Christoph Anton Mitterer <calestyo@scientia.net>, openpgp@ietf.org
Content-Type: multipart/alternative; boundary="047d7b10cd53e886070513383b7a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/JrLP7is6yvKgFPa93aK1SAqPEbE>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 15:32:13 -0000
Brief update on plans for deprecation: The tracking issue is at https://github.com/yahoo/end-to-end/issues/31 Please feel free to open another issue if you have specific objections. I will either be convinced by your arguments, and change the plan, or explain why I don't. On Mon, Mar 23, 2015 at 12:25 PM Christoph Anton Mitterer < calestyo@scientia.net> wrote: > On Tue, 2015-03-17 at 11:04 -0400, Derek Atkins wrote: > > Show me an MUA that does this, please? None of the OpenPGP-aware MUAs > > I've ever used have this feature, as far as I know. I suppose I could > > go out of my way to replace the encrypted email with a > > re-encrypted/plaintext email. > > > > But frankly I'd like my encryption software to just maintain the ability > > to decrypt it later. > > While I don't think that implementations should throw away old algos > (even if insecure) - the should just no longer use it for creating new > content, and should only decrypt/verify signatures with appropriate > warnings, I'd say that the question of long term storage of > encrypted/signed content (e.g. mails) is (and should be) beyond the > scope of OpenPGP. > That being said, the WG shouldn't alter the decisions it makes based on > that question, but rather only on security considerations. > > > As for e.g. long term email storage: > - if you just store them as received over the wire (i.e. > encrypted/signed) they may very well become insecure over time, so the > original purpose of confidentiality and authenticity is no longer > guaranteed (by leaving them with the old encryption/signature). > > - constantly re-encrypting them seems to be not feasible, and you cannot > re-sign mails from someone else. > > - IMHO the appropriate way would be for a MUA to record that the mail > was sent encrypted to you and by whom of your contacts it was signed (if > any of that was the case) - for later reference. > And any further protection of the content should be handled by disk > encryption. > > > Cheers, > Chris. > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp >
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Wyllys Ingersoll
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Farrell
- Re: [openpgp] Intent to deprecate: Insecure primi… Kristian Fiskerstrand
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… vedaal
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Ryan Carboni
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… Peter Gutmann
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Phillip Hallam-Baker
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Andrew Skretvedt
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Ben McGinnes
- Re: [openpgp] Intent to deprecate: Insecure primi… Tom Ritter
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil