Re: [openpgp] Intent to deprecate: Insecure primitives
Ben McGinnes <ben@adversary.org> Sat, 11 April 2015 19:45 UTC
Return-Path: <ben@adversary.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73E591B2A95 for <openpgp@ietfa.amsl.com>; Sat, 11 Apr 2015 12:45:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.789
X-Spam-Level:
X-Spam-Status: No, score=0.789 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id khBcu4wrLUAs for <openpgp@ietfa.amsl.com>; Sat, 11 Apr 2015 12:45:54 -0700 (PDT)
Received: from seditious.adversary.org (seditious.adversary.org [59.167.194.34]) by ietfa.amsl.com (Postfix) with ESMTP id 9BCAC1B2AC5 for <openpgp@ietf.org>; Sat, 11 Apr 2015 12:45:53 -0700 (PDT)
Received: from localhost (seditious.adversary.org [127.0.0.1]) by seditious.adversary.org (Postfix) with ESMTP id 4961711C173E for <openpgp@ietf.org>; Sun, 12 Apr 2015 05:45:52 +1000 (EST)
X-Virus-Scanned: amavisd-new at adversary.org
Received: from seditious.adversary.org ([127.0.0.1]) by localhost (seditious.adversary.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 7y1yv5aDc6np for <openpgp@ietf.org>; Sun, 12 Apr 2015 05:45:45 +1000 (EST)
Received: from nefarious.adversary.org (seditious.adversary.org [127.0.0.1]) by seditious.adversary.org (Postfix) with ESMTP id B2E5C11C174B for <openpgp@ietf.org>; Sun, 12 Apr 2015 05:45:45 +1000 (EST)
Message-ID: <552979DE.1090106@adversary.org>
Date: Sun, 12 Apr 2015 05:45:34 +1000
From: Ben McGinnes <ben@adversary.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <r422Ps-1075i-0DF0A0ED5D364ECAABA63F541D9C6A16@Williams-MacBook-Pro.local> <sjmmw3bk6lt.fsf@securerf.ihtfp.org> <1427138741.10191.48.camel@scientia.net> <CAA7UWsWNWoj_5tv=TKnQaFXvpGqJgX+jcZyT1EAdJ=tAM10qGg@mail.gmail.com> <1428518188.5137.61.camel@scientia.net>
In-Reply-To: <1428518188.5137.61.camel@scientia.net>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="Gq7DMO9EQjSV0UrEP81G0GtGf8qoGu25A"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/rqrlwYsgtJ4esfPV3IcI5e7hhPs>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2015 19:45:55 -0000
On 9/04/2015 4:36 am, Christoph Anton Mitterer wrote: > On Wed, 2015-04-08 at 15:32 +0000, David Leon Gil wrote: >> Brief update on plans for deprecation: The tracking issue is at >> https://github.com/yahoo/end-to-end/issues/31 >> >> Please feel free to open another issue if you have specific >> objections. I will either be convinced by your arguments, and change >> the plan, or explain why I don't. > > Look, as I've pointed out previously, I personally think that crypto, > done as a web app is inherently untrustworthy. > > Maybe I just got something wrong, but AFAIU the idea of "e2e" projects > like your's is to add e2e crypto into your webapps, e.g. via javascript. > Thus the software doing crypto is each time downloaded again from the > server by the client, right? > So ultimately control is again fully at the vendor (at any time he could > send other code and no one would notice), and fully dependent on a > working https (which is as we should all know by now inherently insecure > due to the issues of the CA system). Yes, that's precisely the case and in the OpenPGP world we've already seen precisely this situation occur with Hushmail. IIRC it was at the insistence of the FBI that they replaced bits of their code in order to harvest passphrases and access messages. Even with private keys on the user's system it still wouldn't take too much more to compromise the system given enough pressure from a third party (i.e. government) source. > And even more important, none of the big companies which add that IMHO > at best questionable web-based e2e crypto to their services, should > expect that this would make them represent the majority of OpenPGP users > and thus would give them a strong voice in decisions. > Just because e.g. google would automatically enable questionable e2e > crypto for millions of their gmail users, doesn't mean that one as a > real "legitimate" OpenPGP user base there. Damn straight. I note, for example, that my key would be arbitrarily not supported by the proposed model simply for including an ELG-E subkey with the RSA master key for no apparent reason. Well, presumably the reason is Yahoo! doesn't want to pay people to write a solid enough implementation that they can actually use without breaking some kind of license. I suspect the same is true with regards to TWOFISH since, even though THREEFISH exists, there's been no indication that it is broken or ought to be deprecated. > For all the above reasons, I personally feel, that it's not appropriate > here at the OpenPGP WG list, to discuss single unilateral decisions made > by an OpenPGP implementation[1]. > > If one says "hey, let's discuss whether we should deprecate twofish in > OpenPGP" that's totally fine,... but informing the standardisation body > "hey we drop now support for x, y and z" with an implicit "and since we > represent n users, you better follow our decision" is not appropriate. Absolutely. Regards, Ben
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Wyllys Ingersoll
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Farrell
- Re: [openpgp] Intent to deprecate: Insecure primi… Kristian Fiskerstrand
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… vedaal
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Ryan Carboni
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… Peter Gutmann
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Phillip Hallam-Baker
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Andrew Skretvedt
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Ben McGinnes
- Re: [openpgp] Intent to deprecate: Insecure primi… Tom Ritter
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil