Re: [openpgp] First 4880bis drafts

Aaron Zauner <> Thu, 05 November 2015 18:14 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 58FA81A1A57 for <>; Thu, 5 Nov 2015 10:14:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id K32Dsn4gmA4x for <>; Thu, 5 Nov 2015 10:14:53 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6FE651A1A4A for <>; Thu, 5 Nov 2015 10:14:53 -0800 (PST)
Received: by wicll6 with SMTP id ll6so15615878wic.0 for <>; Thu, 05 Nov 2015 10:14:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gmail; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=YX3hXT++8QqhhxSvJydtM53JTwH40FZDBT8j+2VlTuo=; b=Jjpywk1j806dsxpEiJbzvbm2wp8x7q34Xwb8qN/iw/FAO0Tu6h2UErCII7G9g0t4oS 0tFOLYKXlWvMnfvFCSRbFl4Lf9suyxlg7b3TSMvOevYTk9s+LbhfojAeFEe4Ec7XxSeu ts/CsPt8Ej1FvZ3MEv1wFnjjoWLbiiFRDlYrs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=YX3hXT++8QqhhxSvJydtM53JTwH40FZDBT8j+2VlTuo=; b=IU+6z3xsHxc0xrPQ69UTAkJZj+/h39I4VTIiDp5E9Q7sJ8V/uutIuDMGcNJv+0hmff gei3yyx2NiZkGz/Cm6HP1ziap4cXNP6x51vbvdCXJLjQGNIBG1n2wl3J96nwGIgGQHfC qX8/y9HhxqIDiphuibw0bDnK4BQZy6zLZnIxIXWv7qqlGTxsnzACtJCYfbailBVKYq61 MIMJGLBFcZ42rZUrw0dk78xQ/ve5vfA2lav9wxODwrNa9n9ptg4LbYhee4JSCZWCQxjb VNq7AYkQWFtzM6OyOlw8Z6hjgFCTcjFsAgvTvEE4etqDXCUuhSmXFWSk/NyCuFbMGPDb zWgw==
X-Gm-Message-State: ALoCoQnSXVcg55uS+lD2s5RzAezS6WxXG/lblxRZaNAhzD4+Xco9XBCWK7u7KmfHL+LELeFBxHyf
X-Received: by with SMTP id a13mr10284055wjx.20.1446747292047; Thu, 05 Nov 2015 10:14:52 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id q204sm35352087wmg.4.2015. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 05 Nov 2015 10:14:51 -0800 (PST)
Message-ID: <>
Date: Thu, 05 Nov 2015 19:14:52 +0100
From: Aaron Zauner <>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Daniel Kahn Gillmor <>
References: <> <20151104182705.86af2e43c8@baae13974eb4556> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigA877232984054D01C6672A4D"
Archived-At: <>
Cc: Werner Koch <>,
Subject: Re: [openpgp] First 4880bis drafts
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Nov 2015 18:14:55 -0000


Apparently my message came of the wrong way (and I'm to blame for that,
because of my wording):

Daniel Kahn Gillmor wrote:
> On Thu 2015-11-05 04:14:08 +0900, Werner Koch <> wrote:
>> On Wed,  4 Nov 2015 18:34, said:
>>> Hrm. I'm against this. CAMELLIA is going to be deprecated in e.g.
>> You may be against it but it is a matter of fact that CAMELLIA is an
>> officially assigned OpenPGP cipher algorithm for 6 years.
> As discussed in the meeting tuesday, deprecation is a tricky subject for
> formats with stored data (as distinguished from on-the-wire network
> traffic).  people have archives of encrypted data that may still use
> this cipher.

Totally agree there. And PGP implementations will support these ciphers
for years because of stored data that might have been encrypted with one
of these ciphers.

>> We may latter decide to deprecate certain algorithms but that is not a
>> question right now.
> The sense of the room in Yokohama was to deprecate as much as possible,
> and encourage a limited, sensible set of algorithms for message creation
> and signing.  But sensible implementations will likely continue to allow
> decryption of these ciphers for years to come.

Yes. But we should discourage further use. I'm not sure if the right
place is the updated RFC or another document entirely. My concern is
that we'll end up with a unmanageable 'cipher-zoo'. I'm happy to help
with such a document and am _not_ trying to get in the way of updating
the current OpenPGP spec.

Hope that clears things up a bit,