Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>

Peter Gutmann <> Tue, 04 July 2017 04:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B4A99124C27 for <>; Mon, 3 Jul 2017 21:01:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TCP5qH4rNWqB for <>; Mon, 3 Jul 2017 21:01:48 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C245C120726 for <>; Mon, 3 Jul 2017 21:01:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1499140907; x=1530676907; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=gZEVNHqCUirYERgHhxc5KCHbTPChx6ILhHRqbYwIUsQ=; b=IjQ2vuESDVmmk9mhjdyxAsaaEk3uRCjUCN5c+povEaYGe89LTbSxTbPf IcVm3hwwNSk+KiETQk2Oq9/LLr6bbuTa52m9Mo0bCIq3E8htYCoIV+p3P ySCGA2XQjIIaAAXyczoy77lYQCMrO+PXIJp5Q3atRH5xtLh+W8rLYSRJp 2ptVGeFg7vyBVZGi6nwIq9lfXMXlxV3ces5SgNqGT/hOf2bXuMVnHMmFy 5ZkjfZ4Zghv76THw5af61rU7BIyhCA9X/HXZcGC5nJ+tT4VPm3HxAn5h+ N0ujTFWQWYzzaN4KDOwoYof2u/zq12tPBaldntYpaKaiNL1WYxcGozIfB A==;
X-IronPort-AV: E=Sophos;i="5.40,306,1496059200"; d="scan'208";a="163123709"
X-Ironport-Source: - Outgoing - Outgoing
Received: from (HELO ([]) by with ESMTP/TLS/AES256-SHA; 04 Jul 2017 16:01:46 +1200
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 4 Jul 2017 16:01:45 +1200
Received: from ([fe80::6929:c5b:e4d6:fd92]) by ([fe80::6929:c5b:e4d6:fd92%14]) with mapi id 15.00.1263.000; Tue, 4 Jul 2017 16:01:45 +1200
From: Peter Gutmann <>
To: "Salz, Rich" <>, "" <>, "" <>
Thread-Topic: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>
Date: Tue, 4 Jul 2017 04:01:45 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 04 Jul 2017 04:01:51 -0000

Salz, Rich <> writes:

>The WG has been stalled for a very long time and it's not clear this "last
>minute" flurry of interest would fundamentally change that.

A complaint I heard many years ago about PGP 2 was that it wasn't obviously
flawed.  What I'd say is that it was too good enough.  There were problems,
but none of them were sufficiently fatal (at the time) to motivate any kind of
expedited move to a new version.  OpenPGP is still too good enough, there's
lots of things there that you can nitpick but nothing really fatal, or even
close to fatal.  For example the MDC is a rather a kludge compared to an HMAC,
but it's good enough.  The weird CFB mode is kind of a mess, but it's good
enough. The whole thing is just too good enough.

If you wanted to update OpenPGP now, you'd be breaking compatibility with vast
amounts of data stored in the current format, and lots of deployed PGP
implementations that aren't GPG and that can't readily be updated.  In
addition, since what we've got now is too good enough, there are no obvious
bits that need to be replaced, just a huge pile of everyone's favourite trendy
things to add that no two people can agree over.

Or you could throw everything out and start again, get rid of the hand-
Huffman-code of lengths, replace the kludgy KDF with Argon2, replace the MDC
with HMAC, and so on, and suddenly you've got a totally new protocol.  Sort of
what the HTTP WG did with HTTP 2.0, or the TLS WG did with TLS "1.3".  The
HTTP WG essentially forked HTTP, it's too early to tell what the TLS WG will
achieve but it's probably the same thing.

So, I'd say leave it as it is.  It's already too good enough, and having two
incompatible versions floating around will do the exact opposite of helping
with PGP adoption.