Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>

"Robert J. Hansen" <> Mon, 03 July 2017 19:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A7D74131767 for <>; Mon, 3 Jul 2017 12:51:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LrRfs7IFEb7x for <>; Mon, 3 Jul 2017 12:51:10 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 47521126BFD for <>; Mon, 3 Jul 2017 12:51:10 -0700 (PDT)
Received: from quorra.local ( []) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: rjh-sixdemonbag) by (Postfix) with ESMTPSA id 858BB136B9FBB for <>; Mon, 3 Jul 2017 12:51:09 -0700 (PDT)
References: <> <> <> <> <> <> <> <>
From: "Robert J. Hansen" <>
Message-ID: <>
Date: Mon, 3 Jul 2017 15:51:05 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 ( []); Mon, 03 Jul 2017 12:51:10 -0700 (PDT)
Archived-At: <>
Subject: Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 03 Jul 2017 19:51:12 -0000

> May I kindly ask if part of the critcal an necessary changes is
> sunsetting 3DES, SHA1.

The latest draft minimizes (but does not eliminate) SHA-1.  3DES is
still a MUST-implement algorithm, and will likely be so for the ongoing
future.  3DES has been a MUST algorithm since RFC2440, way back when;
there's a lot of data encrypted with it and the RFC will continue to
require 3DES be supported in order to help interoperate with old traffic.

> I expierence in private an buisness live extra efforts to ensure pgp
> communication is not using 3DES for example which
> costs percious time in our projects.

Why?  What problem is presented by using 3DES for your work, which is so
severe that you have to ensure 3DES isn't used?

Seriously: it's still believed to be a strong cipher, there are no
practical attacks on it, and no new attacks are looming on the horizon.
3DES is slow and it only has a 64-bit block size, but for the vast
majority of OpenPGP usage that's not a problem.