Re: [openpgp] Deprecating compression support

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 23 March 2019 22:25 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B80191228B7 for <openpgp@ietfa.amsl.com>; Sat, 23 Mar 2019 15:25:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=2XuqJu/c; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=FKPYxzuc
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mSoLc1UYDSZ7 for <openpgp@ietfa.amsl.com>; Sat, 23 Mar 2019 15:25:18 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4F631200B3 for <openpgp@ietf.org>; Sat, 23 Mar 2019 15:25:17 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1553379916; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=D49e0tw99uEIcRwga4hcThDGQ0iEvpeP3gk7Sa/LPck=; b=2XuqJu/c0HN2JONJ3sGAUTe3XxueLDl1NDjdcPRfL1QUG+qXYp1m47vX Bd89YOzrB2dMxam6/3S5jlzTo0GuBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1553379916; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=D49e0tw99uEIcRwga4hcThDGQ0iEvpeP3gk7Sa/LPck=; b=FKPYxzucXbkHvP/Qh/lIe84HVBXelQ1xqiMWdij316qcnMYn8LnIsPav ze67EhSqVYNsBGWnu139L9Kur9Bl6zLTXGr7BmiZRDUF5wLMgAQDyctgAu eTWw1T7b8pbIvoCGScWKcNEzIi43MNH/7lDSzKbD6iJHjnTeiAsCx8E6c4 VHBf5ifHGI4ums/Gm9CCouYcdlE6y7hIUGwdPCurbDDGKj8Ks5PYQvEiSd oa6oziWe+lzI1obM5mXM8VmX2D33a8fLCSOvy0uVU0LqEShwEiD0kp6hDk S2cbYVZLWGAGM8iCIbN0MKOxGRUbXnRAuyzujwAWYBgk08L6ONf5CQ==
Received: from fifthhorseman.net (ip-78-45-46-183.net.upcbroadband.cz [78.45.46.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 94934F99D; Sat, 23 Mar 2019 18:25:15 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 9A3FC206B9; Sat, 23 Mar 2019 18:13:30 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: ilf <ilf@zeromail.org>, openpgp@ietf.org, gnupg-devel@gnupg.org
In-Reply-To: <20190323170723.GC1497@zeromail.org>
References: <CAKUk3bvBWoh9jz+T6t5yGs-P-P4cSg8AnSo_md3OFnzqVN-3=A@mail.gmail.com> <871s3475dy.fsf@europa.jade-hamburg.de> <96055353-B0EB-4E25-95CC-B25D9C5A0BA8@icloud.com> <2RAT852LYMAQD.3U70IQJPU0VPO@my.amazin.horse> <0092256D-94EB-4FE5-9560-FEB0B8E3769E@icloud.com> <20190323170723.GC1497@zeromail.org>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Mail-Followup-To: gnupg-devel@gnupg.org
Date: Sat, 23 Mar 2019 23:13:30 +0100
Message-ID: <87imw9jl2t.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/VJbW7WfgIm-6H3PkA-PvPOHL0EE>
Subject: Re: [openpgp] Deprecating compression support
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2019 22:25:20 -0000

On Sat 2019-03-23 18:07:23 +0100, ilf wrote:
> So can we change GnuPG to default-preference Uncompressed?

[ switching this implementation-specific message to
  gnupg-devel@gnupg.org, please respect Mail-Followup-To: ]

The current implementation of GnuPG creates OpenPGP certificates with
this preference listing:

     Compression: ZLIB, BZIP2, ZIP, Uncompressed

Are you suggesting that we change it to:

     Compression: Uncompressed, ZLIB, BZIP2, ZIP

or to:

     Compression: Uncompressed

?

Setting aside the question of defaults, for your own OpenPGP certificate
right now you can do this with any modern version of GnuPG, if you're
willing to poke at the command line with some arcana:

For the less severe change:

    gpg --edit-key $FINGERPRINT showpref 'setpref S9 S8 S7 S2 H10 H9 H8 H11 H2 Z0 Z2 Z3 Z1'  save

For the more severe change:

    gpg --edit-key $FINGERPRINT showpref 'setpref S9 S8 S7 S2 H10 H9 H8 H11 H2 Z0' save

then of course you'll need to re-publish the cert via whatever your
standard publication mechanism is (keyservers, WKD, keybase, etc).

        --dkg