IETF Logo Mail Archive

Re: [openpgp] Intent to deprecate: Insecure primitives

Andrew Skretvedt <andrew.skretvedt@gmail.com> Sun, 22 March 2015 09:18 UTC

Return-Path: <andrew.skretvedt@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 241811A8793 for <openpgp@ietfa.amsl.com>; Sun, 22 Mar 2015 02:18:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MA3mcJtS5FpG for <openpgp@ietfa.amsl.com>; Sun, 22 Mar 2015 02:18:24 -0700 (PDT)
Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EDF81A876E for <openpgp@ietf.org>; Sun, 22 Mar 2015 02:18:24 -0700 (PDT)
Received: by iedm5 with SMTP id m5so17216436ied.3 for <openpgp@ietf.org>; Sun, 22 Mar 2015 02:18:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:openpgp:content-type:content-transfer-encoding; bh=40Z09NvvJAw37jeh1MyTMx/FxKkVNCRQz/O4LqOGHHw=; b=x/R+zaphPuC5bVxEn1R+w6p9F+zqUCN8M69nZPWxprATnELn/Sb5Io4ztyRO8g44RO vaGEuVJlyswgaQCPfERARvfDqj7P5oFkkcPfSazzr8EHQWjK/Xl8s60fBZUAFzrHoP3I 5wtyafR2TEJilpisPOhwh6lIcTcarTddpHKIpstvN9KkXjd6pGB/XDlHk42PW3/vm8vj UM5MQNO/oqjvo0vJmVPiGjBhgv0VPEg1xpEzDAh0dQkGi5j38pXT8jT3wsIelCEpKS80 5k/GeMqa/2CGsyD97XxcJlv04H2GQWRykH6uMbdMeL8G61s+KSWTvwi+06d6DgKHPTWb NYpg==
X-Received: by 10.50.9.97 with SMTP id y1mr7456210iga.34.1427015903924; Sun, 22 Mar 2015 02:18:23 -0700 (PDT)
Received: from [192.168.37.5] (72-24-92-16.cpe.cableone.net. [72.24.92.16]) by mx.google.com with ESMTPSA id g76sm7359431iod.8.2015.03.22.02.18.22 for <openpgp@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 22 Mar 2015 02:18:23 -0700 (PDT)
Message-ID: <550E88DD.3050908@gmail.com>
Date: Sun, 22 Mar 2015 09:18:21 +0000
From: Andrew Skretvedt <andrew.skretvedt@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <r422Ps-1075i-0DAFD7F0DE904C66B37F279A05E0CB4A@Williams-MacBook-Pro.local> <sjm8uerhchh.fsf@securerf.ihtfp.org>
In-Reply-To: <sjm8uerhchh.fsf@securerf.ihtfp.org>
OpenPGP: id=6C976BB3; url=http://andrewskretvedt.blogspot.com/p/my-pgp-public-key.html
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/mA-giOOEVdNJV-CVpbsOUOAFvZI>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2015 09:18:26 -0000

I am a curious onlooker with no operational affiliation to the business 
of this list (and normally silent), with an observation/question at this 
point in this thread:

Is it considered best practice now to encrypt, then sign? I think I 
heard somewhere that SSL/TLS does it the other-way-round and has thereby 
innocently created certain problems. GnuPG allows these operations to be 
combined on the command line, and then I don't know in what order they 
actually occur.

If you receive an encrypted and signed message, and best practice would 
be to, in reasonable time, decrypt from wire-format and re-encrypt to 
local format for PFS (which seems to me a really sound policy, given 
modern experiences, and might be just as easy as leaving it to your 
full-disk-encryption system where you store your mail), might you lose 
the ability to provably authenticate the messages in your archive? I can 
think of situations where one would not want to lose this ability (e.g. 
some sort of dispute or legal proceeding).

Perhaps if they get signed, then encrypted, this problem goes away. But 
then why /should/ one do these two operations in one order in the e-mail 
context, but perhaps the opposite order in others? (Perhaps I betray my 
ignorance at this point.)

v2.23.0 | Report a Bug | By Email