Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>

Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com> Tue, 04 July 2017 09:06 UTC

Return-Path: <kristian.fiskerstrand@sumptuouscapital.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D139E131C33 for <openpgp@ietfa.amsl.com>; Tue, 4 Jul 2017 02:06:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sumptuouscapital-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rsli8nEBK7ok for <openpgp@ietfa.amsl.com>; Tue, 4 Jul 2017 02:06:35 -0700 (PDT)
Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FEED131B3A for <openpgp@ietf.org>; Tue, 4 Jul 2017 02:06:35 -0700 (PDT)
Received: by mail-lf0-x234.google.com with SMTP id b207so115150709lfg.2 for <openpgp@ietf.org>; Tue, 04 Jul 2017 02:06:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sumptuouscapital-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=wRnaLPIdJuIwEKQvnilcLpxZs/02Qu7dSAjHSEcmsSs=; b=zuRFcSfH1/0dXVd+kY9FDJlDB9oXBhH/knwy60WuF5WyawHxpx8lR4s3f4TF0D075q cXisqaRxJX+NE91X8hkv/vZ6tzihoAhiA/TK7lDy5hDhWMNwscCXkO0SnGIthAqfUi8G VORMp/M4NmYEQinERLWkpstJ13oz7XhkZ2BU1UqYpqTakLuxezVSo/9WBnriEiBiy5BM ATRTv1Zo3B2hqL9ddefSaRXSHDfeaw2qLqslEtZHuCxp2jb1mgRReY/+4xPAhjKq2gCX /CbR3NH3RCn3cUth57uLF5Fo9DT/B0HM7H/7TVj0FnFRVqGQVkNhoC5tZQbwsIZwRiRO CltA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=wRnaLPIdJuIwEKQvnilcLpxZs/02Qu7dSAjHSEcmsSs=; b=H+DAwMyv2xR1DcOK56RlrnQshtWt4raW6L1+iEpH3UlvjN7ynedDXan+0mYeEVSyiG cjnCP44Ba68dphGHJwkQkMF1Z1hB6zMaE/iTLuFon1bdkBJkTSlO56e5yhAIWFaR0p2/ GHE2Koxy3XIVRIg0unt0hJ0HTF4fmjXf1yO2f7Dn2cFDP8S6iXbWFnoY+4muumY8eh6k cRmNwXUeIkR9asGCsicnn1kvzjhLM5usR31Ynvg2OqX7qba/r8gjI3BbQKMpx/wKFwjG pRxMdQc/o98IxlDf5et2bf8KdTDy0m4aNiG/i6VfRy+khFHt081KQ1kpWVK3KgXLLUPH c4AA==
X-Gm-Message-State: AKS2vOyg8Pdb8znuaMsFdA5VsIjyxq6wG6PUROPO0pQZA2Vx75uS9Rqr Lxic4tTI2BQ30A7GorbVZw==
X-Received: by 10.46.82.23 with SMTP id g23mr10278930ljb.32.1499159192979; Tue, 04 Jul 2017 02:06:32 -0700 (PDT)
Received: from [10.201.206.55] ([88.151.161.13]) by smtp.googlemail.com with ESMTPSA id h88sm3785583ljh.57.2017.07.04.02.06.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Jul 2017 02:06:31 -0700 (PDT)
To: "Robert J. Hansen" <rjh@sixdemonbag.org>, openpgp@ietf.org
References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <CALaySJKxWevOZYv1hOBFV-+3T=2x43vmie50t6ko2A+a-gTS_A@mail.gmail.com> <a3a82aab-a0d9-f044-21c0-26de346bf6b3@sixdemonbag.org> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> <f3e7ad3f-4ce1-d3fc-f2a3-2981382d6a8e@sixdemonbag.org> <87o9t0sitc.fsf@wheatstone.g10code.de>
From: Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com>
Message-ID: <458264d0-9774-c07f-85fd-90725aa55c65@sumptuouscapital.com>
Date: Tue, 4 Jul 2017 11:06:25 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0
MIME-Version: 1.0
In-Reply-To: <87o9t0sitc.fsf@wheatstone.g10code.de>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="bULpsAQvoqidaP5J4WfFDjwTmpwAtJ1p2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/RY4wDmJiaEvQp6TdqfK0krVoz3M>
Subject: Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 09:06:38 -0000

On 07/04/2017 10:33 AM, Werner Koch wrote:
> On Mon,  3 Jul 2017 21:51, rjh@sixdemonbag.org said:
> 
>> The latest draft minimizes (but does not eliminate) SHA-1.  3DES is
>> still a MUST-implement algorithm, and will likely be so for the ongoing
> 
> The problem with TripleDES is that it is the only implicit symmetric
> algorithm preference.  This makes it hard to remove.  However there is a
> way to do that: We should define a new key flag requesting the use of
> the to-be-specified new Symmetrically Encrypted Data Packet.  That new
> data packet will require the use of a 128 bit block length algorithm and
> can also require that AESnnn is the new implicit symmetric algorithm
> preference.

Given that we're introducing a new keyblock version anyways, can't this
just be the default for v5 keys, which anyways requires updating on
implementations to support? iirc something similar is done in RFC6637
for ECC keys already

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"History is a gallery of pictures in which there are few originals and
many copies."
(Alexis de Tocqueville)