Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>

"Robert J. Hansen" <rjh@sixdemonbag.org> Sun, 02 July 2017 20:49 UTC

Return-Path: <rjh@sixdemonbag.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EB0C12EB4B for <openpgp@ietfa.amsl.com>; Sun, 2 Jul 2017 13:49:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jYGS3kFyWozq for <openpgp@ietfa.amsl.com>; Sun, 2 Jul 2017 13:49:14 -0700 (PDT)
Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66D7E129AE8 for <openpgp@ietf.org>; Sun, 2 Jul 2017 13:49:14 -0700 (PDT)
Received: from quorra.local (babcom.com [216.246.132.90]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id A4E5612614B9E for <openpgp@ietf.org>; Sun, 2 Jul 2017 13:49:13 -0700 (PDT)
To: openpgp@ietf.org
References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <CALaySJKxWevOZYv1hOBFV-+3T=2x43vmie50t6ko2A+a-gTS_A@mail.gmail.com>
From: "Robert J. Hansen" <rjh@sixdemonbag.org>
Message-ID: <a3a82aab-a0d9-f044-21c0-26de346bf6b3@sixdemonbag.org>
Date: Sun, 2 Jul 2017 16:49:11 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CALaySJKxWevOZYv1hOBFV-+3T=2x43vmie50t6ko2A+a-gTS_A@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Sun, 02 Jul 2017 13:49:13 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/_n7KIRRlUcE8EKhRw64uZGnm_FU>
Subject: Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Jul 2017 20:49:15 -0000

> This working group has an impressive record of inaction, evidenced by
> both the impending expiration of the group's only document and the
> version number's being only -01.  There's been no work done here since I
> came into the chair position a little over a year ago.

I was also disheartened to see that SHA-1 is still baked into this draft
in a few places.

I personally don't feel that designing the next generation of RFC is
within my technical skillset -- I can make informed criticism, but
that's a little different from saying "trust me, I know what I'm doing."
 But I've been waiting patiently to see drafts, and for years I've been
telling people asking about SHA-1 deprecation "wait and let the Working
Group do its job."

I am absolutely sure there is interest in an RFC which gets rid of all
SHA-1 dependencies; however, the people who are interested are not
necessarily the ones who can draft a dependency-free RFC.

I feel let down.  I'm fairly sure there are others who feel similarly.