Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>

"Robert J. Hansen" <> Sun, 02 July 2017 20:49 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7EB0C12EB4B for <>; Sun, 2 Jul 2017 13:49:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jYGS3kFyWozq for <>; Sun, 2 Jul 2017 13:49:14 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 66D7E129AE8 for <>; Sun, 2 Jul 2017 13:49:14 -0700 (PDT)
Received: from quorra.local ( []) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: rjh-sixdemonbag) by (Postfix) with ESMTPSA id A4E5612614B9E for <>; Sun, 2 Jul 2017 13:49:13 -0700 (PDT)
References: <> <>
From: "Robert J. Hansen" <>
Message-ID: <>
Date: Sun, 2 Jul 2017 16:49:11 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 ( []); Sun, 02 Jul 2017 13:49:13 -0700 (PDT)
Archived-At: <>
Subject: Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 02 Jul 2017 20:49:15 -0000

> This working group has an impressive record of inaction, evidenced by
> both the impending expiration of the group's only document and the
> version number's being only -01.  There's been no work done here since I
> came into the chair position a little over a year ago.

I was also disheartened to see that SHA-1 is still baked into this draft
in a few places.

I personally don't feel that designing the next generation of RFC is
within my technical skillset -- I can make informed criticism, but
that's a little different from saying "trust me, I know what I'm doing."
 But I've been waiting patiently to see drafts, and for years I've been
telling people asking about SHA-1 deprecation "wait and let the Working
Group do its job."

I am absolutely sure there is interest in an RFC which gets rid of all
SHA-1 dependencies; however, the people who are interested are not
necessarily the ones who can draft a dependency-free RFC.

I feel let down.  I'm fairly sure there are others who feel similarly.