IETF Logo Mail Archive

Re: [openpgp] How to re-launch the OpenPGP WG

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 20 March 2015 14:24 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97F081B2E0F for <openpgp@ietfa.amsl.com>; Fri, 20 Mar 2015 07:24:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AK6QFmiEpVge for <openpgp@ietfa.amsl.com>; Fri, 20 Mar 2015 07:24:13 -0700 (PDT)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F83D1B2DEC for <openpgp@ietf.org>; Fri, 20 Mar 2015 07:24:13 -0700 (PDT)
Received: by lagg8 with SMTP id g8so88320884lag.1 for <openpgp@ietf.org>; Fri, 20 Mar 2015 07:24:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=eifWdlV+wvJkqFwN4xWs1jzF8DYLqgEsMQa0jH0Nus8=; b=wrqwijiLjfBDwpPAvxWeuG7IkR13GrFG7RdNkt1IF4qBxXdfQLcFjkRNNA0vKTI3Q1 tidshXxU5pxC9hEVR26coBX3riMlHIoRmbKEELKIosto8H35NknqeC8Os/zNrHUV7vXa 8fKTx6CMnr7xg6t36W1oe/Tm4tZ6wkLmp9YBvv6fWlnHij/bem/WjbAKwTe7hcN+AV+X 5ENUcBO5hVdyrSl74XvDsXC0PWjJ0NSoNGfN16tI/WTgC2Qn3FWIsqkv4Hvfe+QbDXQu 5CDD/alh7PENIC8a9fm/vbAmws/zFXpuGMJqKHYuu8lnqRgK/v78JDz6PRk+TRJQIowS x8vQ==
MIME-Version: 1.0
X-Received: by 10.112.236.68 with SMTP id us4mr1180513lbc.91.1426861451888; Fri, 20 Mar 2015 07:24:11 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.45.203 with HTTP; Fri, 20 Mar 2015 07:24:11 -0700 (PDT)
In-Reply-To: <CAHRa8=V1987kj9_1E+TBb1HwJbrYYv9LN8HE7RFKUGTUpY4rAw@mail.gmail.com>
References: <878uf2iehi.fsf@vigenere.g10code.de> <1426218768.22326.80.camel@scientia.net> <874mppgyez.fsf@vigenere.g10code.de> <sjm3859nhe1.fsf@securerf.ihtfp.org> <1426564752.18487.35.camel@scientia.net> <5507E916.4040307@sumptuouscapital.com> <1426719900.4249.40.camel@scientia.net> <alpine.GSO.1.10.1503191359220.3953@multics.mit.edu> <1426788650.13059.16.camel@scientia.net> <alpine.GSO.1.10.1503191843080.3953@multics.mit.edu> <CAMm+Lwgsnb64ohAXL4=zP4vpW3==6U=vC+w9TsY-CBDNV-pHOg@mail.gmail.com> <CAHRa8=V1987kj9_1E+TBb1HwJbrYYv9LN8HE7RFKUGTUpY4rAw@mail.gmail.com>
Date: Fri, 20 Mar 2015 10:24:11 -0400
X-Google-Sender-Auth: A8k2CyqyHlTg5LIvu18FjSsNIWA
Message-ID: <CAMm+Lwi68RuC1As65PXUnUaFDuLMofXPCeCKW+F1x210q2Zg=Q@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Wyllys Ingersoll <wyllys@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/fX_jL9y1BkfGKdfsqmoWxBLFHKY>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, IETF OpenPGP <openpgp@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Subject: Re: [openpgp] How to re-launch the OpenPGP WG
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Mar 2015 14:24:14 -0000

On Fri, Mar 20, 2015 at 9:46 AM, Wyllys Ingersoll <wyllys@gmail.com> wrote:
> MIME is fine for PGP over email, but do keep in mind that PGP is not
> strictly used in email and using MIME is not necessarily helpful and is
> possibly needlessly complicated in some of the other use cases (just
> encrypting personal files and data at rest, for example).

Absolutely. Which is why PGP should be properly layered and abstracted
so that all the mail specific parts are in 'MIME' and all the
encryption parts are in the 'PGP' bit.


> And if we are going to start talking about "PGP/MIME", then I think revising
> RFC-3156 should be part of the discussion at some point. As it is stands
> today, it is impossible to craft a proper "PGP/MIME" message unless your
> mail client directly supports 3156.  It requires special SMTP headers that
> are usually set by the mail client and over which the user has no control
> (and don't get me started on that extra "version 1" MIME section...).

Absolutely.

The stalemate has to end at some point. PGP does its own thing in too
many places. What we have is a description of a product rather than a
multi-vendor standard.

Winning means that everyone gets access to email encryption with full
control of their trust environment.


Tonight there are two crypto parties in my neighborhood where people
will be taught how to use PGP. This is really good and really sad. The
good part is that it shows that people are really interested in
getting crypto. The sad part is that the tools we have today require
user education. Teaching people how to use vim/PGP to send and receive
secure mail is actually a sign that we are doing something wrong.

Every browser comes with TLS built in and everyone uses it at least
some of the time. Every email client comes with an email encryption
solution but almost nobody uses it.

v2.23.0 | Report a Bug | By Email