Re: [openpgp] Regulation of algo deprecation
ianG <iang@iang.org> Fri, 06 November 2015 02:09 UTC
Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB1C01B2B91 for <openpgp@ietfa.amsl.com>; Thu, 5 Nov 2015 18:09:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DPnIao6rb3Au for <openpgp@ietfa.amsl.com>; Thu, 5 Nov 2015 18:09:43 -0800 (PST)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C148F1B2C01 for <openpgp@ietf.org>; Thu, 5 Nov 2015 18:09:40 -0800 (PST)
Received: from tormenta.local (iang.org [209.197.106.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by virulha.pair.com (Postfix) with ESMTPSA id A55486D748; Thu, 5 Nov 2015 21:09:39 -0500 (EST)
To: openpgp@ietf.org
References: <563931B6.9050107@googlemail.com>
From: ianG <iang@iang.org>
Message-ID: <563C0BE2.80105@iang.org>
Date: Fri, 06 Nov 2015 02:09:38 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <563931B6.9050107@googlemail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/cty78gHriAKi8gHNeQO0NfbShgg>
Subject: Re: [openpgp] Regulation of algo deprecation
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 02:09:44 -0000
On 3/11/2015 22:14 pm, Nils Durner wrote: > Hi, > > I would like to elaborate on why I feel that algorithm deprecation > should also be guided by regulations. For Germany, the algorithm catalog > for Electronic Signatures[0] issued by the Federal Network Agency, > dictates that >> SHA-1 and RIPEMD-160, respectively, are suitable only for verification >> of qualified certificates until the end of 2015. > > I feel that implementations should help users use crypto correctly - and > incorrect use also includes use of methods deemed insufficient by law, > IMO. IANAL, but repudiability based on algorithm choice should be > prevented against. I think this is an over-reading of the dig-sig laws. Although I haven't followed it for a couple of years, there have been court cases in Germany that have accepted digital signatures from non-qualified sources. Also, the qualified signature programme in Europe is basically a failure. I would recommend completely ignoring what some law says, and doing it right by the user. You'll get into more trouble in trying to align with the law than by doing the right thing, in my not so humble opinion. iang
- [openpgp] Regulation of algo deprecation Nils Durner
- Re: [openpgp] Regulation of algo deprecation Aaron Zauner
- Re: [openpgp] Regulation of algo deprecation Werner Koch
- Re: [openpgp] Regulation of algo deprecation Werner Koch
- Re: [openpgp] Regulation of algo deprecation Stan Borinski
- Re: [openpgp] Regulation of algo deprecation ianG