IETF Logo Mail Archive

Re: [openpgp] Intent to deprecate: Insecure primitives

ianG <iang@iang.org> Fri, 10 April 2015 16:46 UTC

Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E6051AD34C for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 09:46:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9It3fMoTLZpu for <openpgp@ietfa.amsl.com>; Fri, 10 Apr 2015 09:46:17 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AF061A86F6 for <openpgp@ietf.org>; Fri, 10 Apr 2015 09:46:17 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 3E4366D78D; Fri, 10 Apr 2015 12:46:16 -0400 (EDT)
Message-ID: <5527FE57.5020305@iang.org>
Date: Fri, 10 Apr 2015 17:46:15 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <r422Ps-1075i-0DF0A0ED5D364ECAABA63F541D9C6A16@Williams-MacBook-Pro.local> <sjmmw3bk6lt.fsf@securerf.ihtfp.org> <1427138741.10191.48.camel@scientia.net> <CAA7UWsWNWoj_5tv=TKnQaFXvpGqJgX+jcZyT1EAdJ=tAM10qGg@mail.gmail.com> <1428518188.5137.61.camel@scientia.net>
In-Reply-To: <1428518188.5137.61.camel@scientia.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/h0lWuytf0V_voykwTkepfrzgAXk>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 16:46:19 -0000

On 8/04/2015 19:36 pm, Christoph Anton Mitterer wrote:
> On Wed, 2015-04-08 at 15:32 +0000, David Leon Gil wrote:
>> Brief update on plans for deprecation: The tracking issue is at
>> https://github.com/yahoo/end-to-end/issues/31
>>
>> Please feel free to open another issue if you have specific
>> objections. I will either be convinced by your arguments, and change
>> the plan, or explain why I don't.
>
> Look, as I've pointed out previously, I personally think that crypto,
> done as a web app is inherently untrustworthy.


Which is out of scope for this list, right?


> If one says "hey, let's discuss whether we should deprecate twofish in
> OpenPGP" that's totally fine,... but informing the standardisation body
> "hey we drop now support for x, y and z" with an implicit "and since we
> represent n users, you better follow our decision" is not appropriate.


I saw no such implication.  I personally appreciate it when vendors 
actually do tell us what they are doing when that effects the way many 
users are going to be using the product.  In our fishbowl, we sometimes 
lack the context of what happens out in the field, so news of that 
nature - hopefully concise and clear - is welcome.  To me at least.



iang

v2.23.0 | Report a Bug | By Email