Re: [openpgp] Intent to deprecate: Insecure primitives
Christoph Anton Mitterer <calestyo@scientia.net> Wed, 08 April 2015 18:36 UTC
Return-Path: <calestyo@scientia.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 506F41A8F38 for <openpgp@ietfa.amsl.com>; Wed, 8 Apr 2015 11:36:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DchU8TAB29jB for <openpgp@ietfa.amsl.com>; Wed, 8 Apr 2015 11:36:32 -0700 (PDT)
Received: from mailgw02.dd24.net (mailgw-02.dd24.net [193.46.215.43]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EA3A1A8BC5 for <openpgp@ietf.org>; Wed, 8 Apr 2015 11:36:32 -0700 (PDT)
Received: from mailpolicy-01.live.igb.homer.key-systems.net (mailpolicy-01.live.igb.homer.key-systems.net [192.168.1.26]) by mailgw02.dd24.net (Postfix) with ESMTP id 2DE335FB4C for <openpgp@ietf.org>; Wed, 8 Apr 2015 18:36:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mailpolicy-01.live.igb.homer.key-systems.net
Received: from mailgw02.dd24.net ([192.168.1.36]) by mailpolicy-01.live.igb.homer.key-systems.net (mailpolicy-01.live.igb.homer.key-systems.net [192.168.1.25]) (amavisd-new, port 10236) with ESMTP id NPrviEDlBBn5 for <openpgp@ietf.org>; Wed, 8 Apr 2015 18:36:29 +0000 (UTC)
Received: from heisenberg.fritz.box (ppp-188-174-180-118.dynamic.mnet-online.de [188.174.180.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailgw02.dd24.net (Postfix) with ESMTPSA for <openpgp@ietf.org>; Wed, 8 Apr 2015 18:36:29 +0000 (UTC)
Message-ID: <1428518188.5137.61.camel@scientia.net>
From: Christoph Anton Mitterer <calestyo@scientia.net>
To: openpgp@ietf.org
Date: Wed, 08 Apr 2015 20:36:28 +0200
In-Reply-To: <CAA7UWsWNWoj_5tv=TKnQaFXvpGqJgX+jcZyT1EAdJ=tAM10qGg@mail.gmail.com>
References: <r422Ps-1075i-0DF0A0ED5D364ECAABA63F541D9C6A16@Williams-MacBook-Pro.local> <sjmmw3bk6lt.fsf@securerf.ihtfp.org> <1427138741.10191.48.camel@scientia.net> <CAA7UWsWNWoj_5tv=TKnQaFXvpGqJgX+jcZyT1EAdJ=tAM10qGg@mail.gmail.com>
Content-Type: multipart/signed; micalg="sha-512"; protocol="application/x-pkcs7-signature"; boundary="=-IteE4pmBpLQLp3AneUu0"
X-Mailer: Evolution 3.12.9-1+b1
Mime-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/h9ZAAELXjEBtoW7aukwpOFGM5bY>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 18:36:34 -0000
On Wed, 2015-04-08 at 15:32 +0000, David Leon Gil wrote: > Brief update on plans for deprecation: The tracking issue is at > https://github.com/yahoo/end-to-end/issues/31 > > Please feel free to open another issue if you have specific > objections. I will either be convinced by your arguments, and change > the plan, or explain why I don't. Look, as I've pointed out previously, I personally think that crypto, done as a web app is inherently untrustworthy. Maybe I just got something wrong, but AFAIU the idea of "e2e" projects like your's is to add e2e crypto into your webapps, e.g. via javascript. Thus the software doing crypto is each time downloaded again from the server by the client, right? So ultimately control is again fully at the vendor (at any time he could send other code and no one would notice), and fully dependent on a working https (which is as we should all know by now inherently insecure due to the issues of the CA system). So to me, the whole e2e crypto campaigns run by some of the bigger vendors is just a marketing thing, at best. Actually, if I'd be part of organisations doing mass surveillance, fearing that people could now switch to properly used crypto, then these would be the two things I'd tried to do as a countermeasure: - TOFU and - propagating actually weak e2e crypto systems on a broad scale, giving people a wrong sense of being secure[0]. That being said, at least I probably won't focus myself on what Yahoo, Google or any other big company does. Looking at the the ticket you mention, *some* things you plan to deprecate are definitely a good idea, for others I'd see simply no good reason that anyone would follow these now. Especially some of the "eventually" things seem a bit crude. And I guess my personal opinion about algorithm diversity is known as well. But more important: Implementations have always been free to implement what they like (even if, strictly speaking, they may have lost the status of a conforming implementation). But you shouldn't expect that others follow your steps, just because big-company-xyz is doing so now. However, the more you depart from "standard" usage of OpenPGP, the more you should probably call it something else. This would especially apply for anyone who would think he drives the standardisation process and not the community of real/serious OpenPGP users. And even more important, none of the big companies which add that IMHO at best questionable web-based e2e crypto to their services, should expect that this would make them represent the majority of OpenPGP users and thus would give them a strong voice in decisions. Just because e.g. google would automatically enable questionable e2e crypto for millions of their gmail users, doesn't mean that one as a real "legitimate" OpenPGP user base there. For all the above reasons, I personally feel, that it's not appropriate here at the OpenPGP WG list, to discuss single unilateral decisions made by an OpenPGP implementation[1]. If one says "hey, let's discuss whether we should deprecate twofish in OpenPGP" that's totally fine,... but informing the standardisation body "hey we drop now support for x, y and z" with an implicit "and since we represent n users, you better follow our decision" is not appropriate. Cheers, Chris. [0] Ever wondered why nearly each totalitarian regime still carries out elections? It still gives people a little feeling of having choice. [1] And exception might be GnuPG, simply because *it* likely actually represents the majority of all serious users of OpenPGP.
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Wyllys Ingersoll
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Farrell
- Re: [openpgp] Intent to deprecate: Insecure primi… Kristian Fiskerstrand
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… vedaal
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Ryan Carboni
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… Peter Gutmann
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Phillip Hallam-Baker
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Andrew Skretvedt
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Ben McGinnes
- Re: [openpgp] Intent to deprecate: Insecure primi… Tom Ritter
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil