Re: [openpgp] Intent to deprecate: Insecure primitives
Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com> Mon, 16 March 2015 08:59 UTC
Return-Path: <kristian.fiskerstrand@sumptuouscapital.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26E8B1A82E2 for <openpgp@ietfa.amsl.com>; Mon, 16 Mar 2015 01:59:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.335
X-Spam-Level:
X-Spam-Status: No, score=-1.335 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_12=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FKyDVhSUBJFU for <openpgp@ietfa.amsl.com>; Mon, 16 Mar 2015 01:59:15 -0700 (PDT)
Received: from mail-lb0-f179.google.com (mail-lb0-f179.google.com [209.85.217.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 465731A8032 for <openpgp@ietf.org>; Mon, 16 Mar 2015 01:59:15 -0700 (PDT)
Received: by lbcgn8 with SMTP id gn8so15832255lbc.2 for <openpgp@ietf.org>; Mon, 16 Mar 2015 01:59:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=wmB0AuWWgnXkarAEzUBatXDpeOOOAXC+E+FkuGjktX4=; b=EhXMQ5TTFWvZ6uEueMX68Le50T7AxtdtikZ2oG+d4jTFUkjo37FiIvE/TPoZJp+uxf YfMZpizQkQ8/0n5JMqg/Sb/Rwy5RPJD72XsJVjDUD7K3oPYBoerexUcNgl3Ydw2vaZhD Vp/LSw4tccN2fIVaBE9ZUXkgnarQy3Z9VGOx6dBCoWB+Cy/0u33YFqaXZz7xHjnQqfDO l4B/jXE0Ez5SMl4W76xBJMkd5lyFjWTL7zNvSz9G/QHlPJH+a1FxbWLS9ElEQSsxByRg /3qwM5B0eTtYvblGCMeNf/fPbsOlh0CVSkVdau/tb6N1vkAJ6zSuNFa5a/N/gHuVgTHg 66dw==
X-Gm-Message-State: ALoCoQkw2jHKdWQS+eeHyrXi6dYd/EfB2lJKiEjiNCs2ubVQrfOTA47fdyrsTw3puNMFcOQz/miZ
X-Received: by 10.152.9.98 with SMTP id y2mr53867174laa.94.1426496353661; Mon, 16 Mar 2015 01:59:13 -0700 (PDT)
Received: from [192.168.4.145] ([195.1.8.34]) by mx.google.com with ESMTPSA id n12sm2062424lbg.31.2015.03.16.01.59.12 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Mar 2015 01:59:12 -0700 (PDT)
Message-ID: <55069B5E.6000404@sumptuouscapital.com>
Date: Mon, 16 Mar 2015 09:59:10 +0100
From: Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
References: <CAA7UWsWBoXpZ2q=Lv151R593v3u=SPNif39ySX_-8=fqMniiVg@mail.gmail.com> <87sid5si30.fsf@alice.fifthhorseman.net>
In-Reply-To: <87sid5si30.fsf@alice.fifthhorseman.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ssaLZmHSPYLNfkWUcFPVbG-72Ds>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2015 08:59:17 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/16/2015 05:05 AM, Daniel Kahn Gillmor wrote: > Hi David-- > >> >> - Symmetric cipher algorithms: IDEA, TDES, CAST5, Blowfish, >> Twofish - Asymmetric algorithms, generally: RSA-ES, DSA. > > Are you referring to Public Key Algorithms specifically here? in > particular, this table: > > https://tools.ietf.org/html/rfc4880#section-9.1 > > If so, RSA-ES (pubkey algorithm 1) is very widely used, even for > keys that are only marked for one usage (signatures or encryption). > In fact, i don't think there are many RSA keys labeled RSA-E (algo > 2) and RSA-S (algo 3) at all. Why treat RSA-ES separately for > deprecation? > > On a relatively up-to-date keyring with a couple-thousand OpenPGP > certificates, i did this check (the first column is the count, the > second column is the algorithm ID): Just to add a bit more data to this, on a keyserver (a hockeypuck instance not supporting ECC) the corresponding figures (primary + subkey) for 3882360 primary keys and 3612096 subkeys shows. - -----------+--------- 16 | 2658039 1 | 2185612 3 | 627 17 | 2649388 0 | 196 2 | 594 (this is not adjusting for revoked / expired keys etc) On an older copy (around January 2014, this time dumped from SKS supporting ECC) with 3532268 primary keys and 3288749 subkeys, but it shows a bit of the trend +------+----------+ | algo | COUNT(1) | +------+----------+ | 0 | 352 | | 1 | 1552104 | | 2 | 341 | | 3 | 371 | | 16 | 2636715 | | 17 | 2629639 | | 18 | 37 | | 19 | 44 | | 20 | 1380 | | 101 | 2 | | 103 | 32 | +------+----------+ 11 rows in set (3.76 sec). If interesting I can always do a refreshed dump from SKS also adding support for Ed25519 (experimental), if tracking the development of number of keys here is of interest. >> - Asymmetric algorithms, unless > 3070 bit key length: RSA-S, >> RSA-E, ELG-E. > > How did you choose this cutoff? I'm happy to see a high bar > personally, but this is likely to invalidate many 2048-bit keys > that people have been generating with (e.g.) the GnuPG defaults > today. Do you think that GnuPG should change its defaults to the > higher cutoff? And if believing so, what rationale is behind this? - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Nosce te ipsum! Know thyself! -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVBptOAAoJEP7VAChXwav6VN0H/iGwKBSh1w47jaOf9pP9uEKL dV1Z4uHSjTTAMZAqWHiX6coRNtBtBzh00RqhFDVhsVm516Dsu0rcWwAQrg17r34w AMgxS/f6DY+TKQFM9jdrZVov2XKkLlOuqSDNlGLumy9X2k9I7HOg0FNt4yHuVLGJ glGPsGYRl9qXdq9e9aVPhzsYFNEkxukhrujgrAWRWm/8WJ1Wj7kO4EZ2cGK2RWzJ g4d+2kxqeuCS0U+i+Pn3S1RqntiEf1KGGLQPhSxAOgK6YYIUJm6k2PMOC+j75qph br4PPRysxAWC+c7+LdCzJH7cdjbRkGQ4ertbt9zRZ6Pksk+iTop7cHjWJ1f0094= =N/um -----END PGP SIGNATURE-----
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Wyllys Ingersoll
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Farrell
- Re: [openpgp] Intent to deprecate: Insecure primi… Kristian Fiskerstrand
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… vedaal
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Ryan Carboni
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… Peter Gutmann
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Phillip Hallam-Baker
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Andrew Skretvedt
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Ben McGinnes
- Re: [openpgp] Intent to deprecate: Insecure primi… Tom Ritter
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil