Re: [openpgp] To bind or not to bind
Justus Winter <justus@sequoia-pgp.org> Mon, 25 March 2024 10:21 UTC
Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 363C5C14F6B8 for <openpgp@ietfa.amsl.com>; Mon, 25 Mar 2024 03:21:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=sequoia-pgp.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dp1VX9kfcTPj for <openpgp@ietfa.amsl.com>; Mon, 25 Mar 2024 03:21:37 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1D48C14F739 for <openpgp@ietf.org>; Mon, 25 Mar 2024 03:21:35 -0700 (PDT)
Received: (qmail 13041 invoked by uid 500); 25 Mar 2024 10:21:33 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/3.0.1) with ESMTPSA; Mon, 25 Mar 2024 11:21:32 +0100
From: Justus Winter <justus@sequoia-pgp.org>
To: Falko Strenzke <falko.strenzke@mtg.de>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
Cc: Aron Wussler <aron@wussler.it>, openpgp@ietf.org
In-Reply-To: <cd9a18d9-2d13-48d2-98e0-2ae268f68215@mtg.de>
References: <87a5mqi0xi.fsf@europ.lan> <23B46D65-EAF7-43D0-A5F1-04D28B698559@andrewg.com> <87sf0h32d3.fsf@fifthhorseman.net> <cd9a18d9-2d13-48d2-98e0-2ae268f68215@mtg.de>
Date: Mon, 25 Mar 2024 11:21:31 +0100
Message-ID: <87y1a6has4.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Rspamd-Bar: ----
X-Rspamd-Report: BAYES_HAM(-2.894008) SIGNED_PGP(-2) MIME_GOOD(-0.2) R_MISSING_CHARSET(0.5)
X-Rspamd-Score: -4.594008
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sequoia-pgp.org; s=uberspace; h=from:to:cc:subject:date; bh=BH5xFZy0cFCysNJOr2oZSHxSVdJVUHcWZDGaciz3X7s=; b=bHrpW6jua8wkmTUbDOJ4tunyWHBUJs1nPrUpEXm6IZUmZIJx0g+6TDmJYCQPlDgEwlvp1TTxLz XgTdOfIbNkBscx5MCIM6IHtl/jH39TIgU443yvVXIiQMkNzQWI8rCsPtgeXj+va71KAYlntVTJzz v0V3HSZzekZFEP5c0lMRoBJYRAqKG0GMesyUqTgaY5cinO6889rUcpaZr1k/YOlZT9t/9yrWPP3D CN07XlnBHkak2KBXo7c1jmy1xR1glmfr2qTA6ZXiOFkiqEi1joYhc4tVcod3PByNisvQfrHGuNDw 4pn+wSVHIdzPqH4PuS1ZuvbazC3k/lHn6NU0XWR4JGi5t8m0jZ7PgkE9Ts0gvIsbsKziPAEmQPO5 8nBPNYtVJKMSWb8EUJCI0oFAFRvPRtgrPGGokCLfj0nqytq3tTspo01b/lzGm7YSxXimlGWGZ9XB /h4AsaWUcuAC/lnNIWQZHdmeuGvARYRB9E2Cf+5G3dPP8RuUDCnELxuH7ey2QkuFHBWIj63pzHFp ckr6ghYPS0AGfM7YLduslzKvf55RR1z8XI7tWjXUhVQl5a1G/1i3lFP5DVqlqYMcjkOqyw5IfHpT Kdu3VQ3D35hqRQGBhg5Y9hYSCawvGkBhmD1EygiO2T8nOJx2+R3SMILd0HJx0R1k1gp1BuKfNF8E M=
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/k9aCU11jPP1gjzVKp79-kqNtTSg>
Subject: Re: [openpgp] To bind or not to bind
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 10:21:41 -0000
Hi Falko :) Falko Strenzke <falko.strenzke@mtg.de> writes: > Am 23.03.24 um 07:10 schrieb Daniel Kahn Gillmor: >>> pgpy is fairly niche. >> pgpy upstream has also been unresponsive for nearly a year, sadly. the >> branch i worked on for the crypto-refresh probably has the most active >> maintenance, and i haven't even tried to release it :( I should probably >> consider releasing it myself (maybe under another python module name) at >> some point if upstream remains unresponsive. I don't really want to >> shoulder the full maintainer burden though. > > Based on what you write and what I can see in PGPy's GitHub repository, > it seems PGPy has to be considered as unmaintained. In that case it > should not be considered in the interop tests. We're trying to understand how the existing v4 ecosystem will react to introducing an as-of-yet unknown algorithms with as-of-yet unseen artifact encodings to v4 certificates. Whether or not an implementation is actively maintained seems to be irrelevant to that question. Or, one could even argue that not inadvertently breaking unmaintained implementations is more important. Along those lines, Aron has been arguing that gopenpgp reacting badly to unknown algorithms isn't that bad because gopenpgp is actively maintained. Best, Justus
- [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Johannes Roth
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Daniel Huigens
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Bart Butler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Daniel Kahn Gillmor
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Kai Engert
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Johannes Roth
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Nickolay Olshevsky
- Re: [openpgp] To bind or not to bind Nickolay Olshevsky
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Werner Koch
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Justus Winter
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Bart Butler
- Re: [openpgp] To bind or not to bind Michael Richardson
- Re: [openpgp] To bind or not to bind Falko Strenzke
- Re: [openpgp] To bind or not to bind Andrew Gallagher
- Re: [openpgp] To bind or not to bind Aron Wussler
- Re: [openpgp] To bind or not to bind Heiko Schäfer
- Re: [openpgp] To bind or not to bind Bart Butler