Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>

"brian m. carlson" <sandals@crustytoothpaste.net> Sun, 02 July 2017 23:25 UTC

Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8637F12F280 for <openpgp@ietfa.amsl.com>; Sun, 2 Jul 2017 16:25:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qTw7TsfSdAMr for <openpgp@ietfa.amsl.com>; Sun, 2 Jul 2017 16:25:49 -0700 (PDT)
Received: from castro.crustytoothpaste.net (sandals-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3f1::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 093661200FC for <openpgp@ietf.org>; Sun, 2 Jul 2017 16:25:49 -0700 (PDT)
Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id D569F280AD for <openpgp@ietf.org>; Sun, 2 Jul 2017 23:25:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1499037946; bh=ERgGZLZC9XYEE6hb4T2CfaH6uJhQCtbPdvGyN8asKgw=; h=Date:From:To:Subject:References:In-Reply-To:From; b=qFI/Lby+RiSzJCIzLKKc6z2fTiQX/5BA4I1L96aXTS7AlT6BmgXrhXmbABMR79P8Z dna0Gky8o/XRzE86n8a5Jt9WAnAcqANiXoY0QNqxnmAMUydrCWsUWwqUWdfvtNPe98 nSfcx9dOrHgLH9EW3DrSdHknc8kEH9iZYUoLxAzB58alWXFbOt9yfMZc/rLzXM6Ofz Ws8AbE3Lfy33mClGCvJ/ZJ0N3YFBfcAJbsH/zQ0UZqYQf/XKLOesIc7LNquhuWjH2x 2mOU+8UdiRmokeyw+TtaWLjN+fiwOcS2n2XmxuwG6QkEcxJcY1U7ypzYboUIvVdSO9 SQ/FG5hOAh9bnUUTDUa/kG9JOmnGwPZHJ0/a9jXGcXoUi+1m+Nxolu057BSpT0sB1v gmN2X3wBnAeIE0QKCmo51ufMLwavskSTDqK9KzHfniU1GdP6uSSvb9BdwAiIebRkSM GAn8bYUX/hSOq0EzWUI0nayDLgKEi2jv1yYX34oafNgXF429miP
Date: Sun, 02 Jul 2017 23:25:42 +0000
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: openpgp@ietf.org
Message-ID: <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net>
References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <CALaySJKxWevOZYv1hOBFV-+3T=2x43vmie50t6ko2A+a-gTS_A@mail.gmail.com> <a3a82aab-a0d9-f044-21c0-26de346bf6b3@sixdemonbag.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="dxndqqasn34z6yvo"
Content-Disposition: inline
In-Reply-To: <a3a82aab-a0d9-f044-21c0-26de346bf6b3@sixdemonbag.org>
X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.9.0-3-amd64)
User-Agent: NeoMutt/20170609 (1.8.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/kooQuYs0lnSsbAib7U7pnC74_w0>
Subject: Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Jul 2017 23:25:50 -0000

On Sun, Jul 02, 2017 at 04:49:11PM -0400, Robert J. Hansen wrote:
> > This working group has an impressive record of inaction, evidenced by
> > both the impending expiration of the group's only document and the
> > version number's being only -01.  There's been no work done here since I
> > came into the chair position a little over a year ago.
> 
> I was also disheartened to see that SHA-1 is still baked into this draft
> in a few places.
> 
> I personally don't feel that designing the next generation of RFC is
> within my technical skillset -- I can make informed criticism, but
> that's a little different from saying "trust me, I know what I'm doing."
>  But I've been waiting patiently to see drafts, and for years I've been
> telling people asking about SHA-1 deprecation "wait and let the Working
> Group do its job."
> 
> I am absolutely sure there is interest in an RFC which gets rid of all
> SHA-1 dependencies; however, the people who are interested are not
> necessarily the ones who can draft a dependency-free RFC.

I'm happy to try to contribute more in an effort to get the WG where it
needs to be.  However, I think the WG as a whole needs to provide more
input and response to ideas and drafts, including useful text that can
be incorporated by the editors, so that we can move forward at a
reasonable rate.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204