Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>

"brian m. carlson" <> Sun, 02 July 2017 23:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8637F12F280 for <>; Sun, 2 Jul 2017 16:25:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (3072-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qTw7TsfSdAMr for <>; Sun, 2 Jul 2017 16:25:49 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f0e:3f1::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 093661200FC for <>; Sun, 2 Jul 2017 16:25:49 -0700 (PDT)
Received: from (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id D569F280AD for <>; Sun, 2 Jul 2017 23:25:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=default; t=1499037946; bh=ERgGZLZC9XYEE6hb4T2CfaH6uJhQCtbPdvGyN8asKgw=; h=Date:From:To:Subject:References:In-Reply-To:From; b=qFI/Lby+RiSzJCIzLKKc6z2fTiQX/5BA4I1L96aXTS7AlT6BmgXrhXmbABMR79P8Z dna0Gky8o/XRzE86n8a5Jt9WAnAcqANiXoY0QNqxnmAMUydrCWsUWwqUWdfvtNPe98 nSfcx9dOrHgLH9EW3DrSdHknc8kEH9iZYUoLxAzB58alWXFbOt9yfMZc/rLzXM6Ofz Ws8AbE3Lfy33mClGCvJ/ZJ0N3YFBfcAJbsH/zQ0UZqYQf/XKLOesIc7LNquhuWjH2x 2mOU+8UdiRmokeyw+TtaWLjN+fiwOcS2n2XmxuwG6QkEcxJcY1U7ypzYboUIvVdSO9 SQ/FG5hOAh9bnUUTDUa/kG9JOmnGwPZHJ0/a9jXGcXoUi+1m+Nxolu057BSpT0sB1v gmN2X3wBnAeIE0QKCmo51ufMLwavskSTDqK9KzHfniU1GdP6uSSvb9BdwAiIebRkSM GAn8bYUX/hSOq0EzWUI0nayDLgKEi2jv1yYX34oafNgXF429miP
Date: Sun, 2 Jul 2017 23:25:42 +0000
From: "brian m. carlson" <>
Message-ID: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="dxndqqasn34z6yvo"
Content-Disposition: inline
In-Reply-To: <>
X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.9.0-3-amd64)
User-Agent: NeoMutt/20170609 (1.8.3)
Archived-At: <>
Subject: Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 02 Jul 2017 23:25:50 -0000

On Sun, Jul 02, 2017 at 04:49:11PM -0400, Robert J. Hansen wrote:
> > This working group has an impressive record of inaction, evidenced by
> > both the impending expiration of the group's only document and the
> > version number's being only -01.  There's been no work done here since I
> > came into the chair position a little over a year ago.
> I was also disheartened to see that SHA-1 is still baked into this draft
> in a few places.
> I personally don't feel that designing the next generation of RFC is
> within my technical skillset -- I can make informed criticism, but
> that's a little different from saying "trust me, I know what I'm doing."
>  But I've been waiting patiently to see drafts, and for years I've been
> telling people asking about SHA-1 deprecation "wait and let the Working
> Group do its job."
> I am absolutely sure there is interest in an RFC which gets rid of all
> SHA-1 dependencies; however, the people who are interested are not
> necessarily the ones who can draft a dependency-free RFC.

I'm happy to try to contribute more in an effort to get the WG where it
needs to be.  However, I think the WG as a whole needs to provide more
input and response to ideas and drafts, including useful text that can
be incorporated by the editors, so that we can move forward at a
reasonable rate.
brian m. carlson / brian with sandals: Houston, Texas, US | My opinion only