Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>

"Robert J. Hansen" <rjh@sixdemonbag.org> Mon, 03 July 2017 19:51 UTC

Return-Path: <rjh@sixdemonbag.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7D74131767 for <openpgp@ietfa.amsl.com>; Mon, 3 Jul 2017 12:51:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LrRfs7IFEb7x for <openpgp@ietfa.amsl.com>; Mon, 3 Jul 2017 12:51:10 -0700 (PDT)
Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47521126BFD for <openpgp@ietf.org>; Mon, 3 Jul 2017 12:51:10 -0700 (PDT)
Received: from quorra.local (babcom.com [216.246.132.90]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id 858BB136B9FBB for <openpgp@ietf.org>; Mon, 3 Jul 2017 12:51:09 -0700 (PDT)
To: openpgp@ietf.org
References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <CALaySJKxWevOZYv1hOBFV-+3T=2x43vmie50t6ko2A+a-gTS_A@mail.gmail.com> <a3a82aab-a0d9-f044-21c0-26de346bf6b3@sixdemonbag.org> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch>
From: "Robert J. Hansen" <rjh@sixdemonbag.org>
Message-ID: <f3e7ad3f-4ce1-d3fc-f2a3-2981382d6a8e@sixdemonbag.org>
Date: Mon, 3 Jul 2017 15:51:05 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Mon, 03 Jul 2017 12:51:10 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ZQCB5JTM4JAqtmdTFty34VYUAks>
Subject: Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jul 2017 19:51:12 -0000

> May I kindly ask if part of the critcal an necessary changes is
> sunsetting 3DES, SHA1.

The latest draft minimizes (but does not eliminate) SHA-1.  3DES is
still a MUST-implement algorithm, and will likely be so for the ongoing
future.  3DES has been a MUST algorithm since RFC2440, way back when;
there's a lot of data encrypted with it and the RFC will continue to
require 3DES be supported in order to help interoperate with old traffic.

> I expierence in private an buisness live extra efforts to ensure pgp
> communication is not using 3DES for example which
> costs percious time in our projects.

Why?  What problem is presented by using 3DES for your work, which is so
severe that you have to ensure 3DES isn't used?

Seriously: it's still believed to be a strong cipher, there are no
practical attacks on it, and no new attacks are looming on the horizon.
3DES is slow and it only has a 64-bit block size, but for the vast
majority of OpenPGP usage that's not a problem.