IETF Logo Mail Archive

[openpgp] Default preferences for the future

Ryru <ryru@addere.ch> Mon, 20 March 2017 22:11 UTC

Return-Path: <ryru@addere.ch>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 678F0129404 for <openpgp@ietfa.amsl.com>; Mon, 20 Mar 2017 15:11:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3d9cT-Gaxx4A for <openpgp@ietfa.amsl.com>; Mon, 20 Mar 2017 15:11:06 -0700 (PDT)
Received: from dohle.xiala.net (dohle.xiala.net [77.109.148.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 084DA1294A5 for <openpgp@ietf.org>; Mon, 20 Mar 2017 15:11:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by dohle.xiala.net (Postfix) with ESMTP id 32EA5121175 for <openpgp@ietf.org>; Mon, 20 Mar 2017 23:11:03 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at dohle.xiala.net
Received: from dohle.xiala.net ([127.0.0.1]) by localhost (dohle.xiala.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GELWQtw7D8e7 for <openpgp@ietf.org>; Mon, 20 Mar 2017 23:11:02 +0100 (CET)
Received: from [192.168.0.17] (unknown [31.10.147.249]) by dohle.xiala.net (Postfix) with ESMTPSA id A47F4121115 for <openpgp@ietf.org>; Mon, 20 Mar 2017 23:11:00 +0100 (CET)
To: openpgp@ietf.org
From: Ryru <ryru@addere.ch>
X-Enigmail-Draft-Status: N1110
Message-ID: <3b89c96a-0bb6-cd09-cbf7-1f9e26f04bd6@addere.ch>
Date: Mon, 20 Mar 2017 23:11:00 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/miwvVQT5Q7DtX646--QQOoGzeYM>
Subject: [openpgp] Default preferences for the future
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Mar 2017 22:13:11 -0000

Hi list,

For RFC4880bis[0] in section 14.2. {13.2.} it's planned to stick with
TripleDES as least common denominator preference for a symmetric
algorithm. I suggest to switch to AES128, AES192 or even AES256 as least
common denominator preference.

These are my thoughts:
  * AES is a good and more modern alternative to TripleDES
  * AES has wide HW support (better performance)
  * This RFC shall last for a couple of years, a reasonable algorithm
and key length should be defined

I'm aware of Werner Kochs suggestion for deprecate legacy hash
algorithms[1]. In the current RFC4880bis[0] section 14.3.2 {13.3.2}
still mentions SHA1 as a MUST-implementation as well as an default
hashing preference. I suggest to deprecate SHA1 and remove it as a
default preference and switch to SHA256 or even SHA512.

These are my thoughts:
  * SHA1 is broken
  * This RFC shall last for a couple of years, a reasonable algorithm
should be defined

I also broached this topic at the GnuPG mailing list[2].

Best regards,
Pascal

[0] https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-01
[1] https://www.ietf.org/mail-archive/web/openpgp/current/msg08807.html
[2] https://lists.gnupg.org/pipermail/gnupg-users/2017-March/057882.html

v2.23.0 | Report a Bug | By Email