Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94

Lutz Donnerhacke <lutz@iks-jena.de> Fri, 06 November 2015 08:58 UTC

Return-Path: <lutz@iks-jena.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E23211ACE53 for <openpgp@ietfa.amsl.com>; Fri, 6 Nov 2015 00:58:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.562
X-Spam-Level:
X-Spam-Status: No, score=-1.562 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8HzQ0vOV5TuW for <openpgp@ietfa.amsl.com>; Fri, 6 Nov 2015 00:58:41 -0800 (PST)
Received: from annwfn.iks-jena.de (annwfn-eth.iks-jena.de [IPv6:2001:4bd8:0:104:20a:e4ff:fe80:3138]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28BEB1ACE51 for <openpgp@ietf.org>; Fri, 6 Nov 2015 00:58:40 -0800 (PST)
X-SMTP-Sender: IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f
Received: from belenus.iks-jena.de (belenus.iks-jena.de [IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f]) by annwfn.iks-jena.de (8.14.9/8.14.1) with ESMTP id tA68wR5b029343 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 Nov 2015 09:58:29 +0100
X-MSA-Host: belenus.iks-jena.de
Received: (from lutz@localhost) by belenus.iks-jena.de (8.14.3/8.14.1/Submit) id tA68wQev025410; Fri, 6 Nov 2015 09:58:26 +0100
Date: Fri, 6 Nov 2015 09:58:26 +0100
From: Lutz Donnerhacke <lutz@iks-jena.de>
To: ianG <iang@iang.org>
Message-ID: <20151106085826.GA25362@belenus.iks-jena.de>
References: <e4308a7bfcc443d5b9921babf8762a8b@usma1ex-dag1mb1.msg.corp.akamai.com> <563C09D7.8090404@iang.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <563C09D7.8090404@iang.org>
X-message-flag: Please send plain text messages only. Thank you.
User-Agent: Mutt/1.5.17 (2007-11-01)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/V9UMDdgTXQ8X7q7QfU8qvyc2HDM>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 08:58:43 -0000

On Fri, Nov 06, 2015 at 02:00:55AM +0000, ianG wrote:
>> Perhaps address general issue of "what to do with old stuff"? And maybe answer is "lose it"
>
> No, download an old copy of gpg or pgp2.3 and decrypt it.

I oppose that.
One important use case for PGP is to sign binary blobs in archives in order
to verify their integrity. (take for instance the distribution of software)

Requiring the user to stick with old, unmaintained software (which might not
even run on it's current system and can't be compiled for the new
environment) is a no go.