Re: [openpgp] Intent to deprecate: Insecure primitives
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 16 March 2015 10:46 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBA451A86F2 for <openpgp@ietfa.amsl.com>; Mon, 16 Mar 2015 03:46:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQXqzRft62Jc for <openpgp@ietfa.amsl.com>; Mon, 16 Mar 2015 03:46:49 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D8F81A86F0 for <openpgp@ietf.org>; Mon, 16 Mar 2015 03:46:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id E2C65BE4C; Mon, 16 Mar 2015 10:46:45 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eJ_bUM5JKlOa; Mon, 16 Mar 2015 10:46:44 +0000 (GMT)
Received: from [10.87.48.73] (unknown [86.46.20.71]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 8D237BE47; Mon, 16 Mar 2015 10:46:44 +0000 (GMT)
Message-ID: <5506B493.5050209@cs.tcd.ie>
Date: Mon, 16 Mar 2015 10:46:43 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, David Leon Gil <coruus@gmail.com>, "openpgp@ietf.org" <openpgp@ietf.org>, "dgil@yahoo-inc.com" <dgil@yahoo-inc.com>
References: <CAA7UWsWBoXpZ2q=Lv151R593v3u=SPNif39ySX_-8=fqMniiVg@mail.gmail.com> <87sid5si30.fsf@alice.fifthhorseman.net>
In-Reply-To: <87sid5si30.fsf@alice.fifthhorseman.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/hUF13ADNoM8P3SLz2zvUPPwneHM>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2015 10:46:52 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (with no hats) On 16/03/15 04:05, Daniel Kahn Gillmor wrote: > I'm happy to see a high bar personally, but this is likely to > invalidate many 2048-bit keys My experience is that it's far far easier to deprecate things that only have an effect in-line compared to wanting to invalidate long term things like key values, esp. public key values that are distributed around the Internet. So even if one would like to do the latter then I think it'd be a really good plan to separate that part of the argument as it's likely to be much trickier. We had a similar set of issues as we transitioned from DomainKeys to DKIM - in that case the proponents of DomainKeys were (correctly) extremely reluctant to break the few deployments that were then-current. And I think we got that right in that the WG changed the wire-formats and signature algorithm requirements but in such a way that already-deployed public keys continued to work. I'd also note that we ought be cognizant that the fall back here is e2e plaintext. If one considers RFC7435 then I think there's an argument to be considered for allowing crypto that is perhaps approaching it's sell-by date but that is clearly not yet past it's use-by date. (And of course one can have fine arguments about both dates;-) And if we wanted to invalidate current keys, then I think that also puts an onus on us to consider how to figure out the migration path from working->broken->working-again. Lastly, I'd note that e2e email security is a thing where we (IETF and the broader tech community) have failed pretty consistently because we made it too hard. By failed, I mean e2e security is not something that is commonly used by billions of folks. Part of that is UI, but some of it is IMO also because we chose to try to gold-plate security which made usability even worse. I think the classic example with smime was requiring a certificate before anything works - while such decisions may have made sense for the 1990's enterprise, they do not make sense in today's environment. So I think we should be very wary of failing again through attempting to gold-plate by mandating less commonly supported (by dev. environments) algorithms or keys. If there's a real need to invalidate old keys then let's see that technically justified and if we must, then try do that in a way that brings along the few million current users rather than in a way that locks those out. But I'm not yet convinced that there really is such a need. S. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVBrSTAAoJEC88hzaAX42i7+AH/ilxL3Yc9qnNRMEejGaAva+l JXBuR9yig1xipFeN3nB+5tI6MOjGkgsfv0HC6OmdaACfF3PZIlLQT9B2B0DUCALD EkmVUWCNGpiwduv3qMVnNb11Ryf/vr8KJMkAzAOqGwGHd1LjBOuMpIoOtDgcLnqq iWOXBwkCl+RIuGp3afXQKtcb6K329WnwewaC6rEA1rueVx25bbfQLAVpN8o92eGH sbroL7Ih4Wp3EM6oqoJTRvAUiKNEQ1mN/YaH0vRsmccbu1ekN+qvR13PW2GpOFj/ 8H4tWF52MxXxF7pOIP9nfZicBgPcrUwQ3MD4fxu7Rih3UbR8SDJM4p+xC5rge6s= =IDUt -----END PGP SIGNATURE-----
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Wyllys Ingersoll
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Farrell
- Re: [openpgp] Intent to deprecate: Insecure primi… Kristian Fiskerstrand
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… vedaal
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Ryan Carboni
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… Peter Gutmann
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Phillip Hallam-Baker
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Andrew Skretvedt
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Ben McGinnes
- Re: [openpgp] Intent to deprecate: Insecure primi… Tom Ritter
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil