Re: [openpgp] Intent to deprecate: Insecure primitives

[Falcon Darkstar Momot <falcon@iridiumlinux.org>]

Yes, I can get behind that.  Make it so!  Users should be presented with
secure defaults and not given the opportunity to unknowingly decrease
security.  Deprecating lower-security but equivalently performant
algorithms is especially commendable.

That said, archived encrypted data may require decryption support well
into the future.  OpenPGP-encrypted data is not ephemeral like
TLS-encrypted data.

--Falcon Darkstar Momot
--Shadytel

On 13/03/2015 18:22, David Leon Gil wrote:
> First, the fait accompli:
>
> 1. Yahoo and Google have both already deprecated and removed support
> for the following packet type specified for use with OpenPGPv4:
>
>     Tag 9 (symmetrically encrypted) packets
>
> These packets provide unauthenticated encryption and -- if supported
> -- can be used in a downgrade attack on senders who only use SEIPD
> packets. See https://github.com/coruus/cooperpair/tree/master/encrux
> for details.
>
> 2. Yahoo and GnuPG have both already deprecated V3 public keys for any
> use. We recommend that other implementations do the same.
>
> --
>
> Second, the near future:
>
> Yahoo has deprecated, and intends to disable support for all uses, of
> the following primitives and packet types specified for use with
> OpenPGP v4:
>
> - Symmetric cipher algorithms: IDEA, TDES, CAST5, Blowfish, Twofish
> - Asymmetric algorithms, generally: RSA-ES, DSA.
> - Asymmetric algorithms, unless > 3070 bit key length: RSA-S, RSA-E, ELG-E.
> - Compression algorithms: ZLIB. (It provides no benefits over DEFLATE,
> and is more malleable.)
> - Hash algorithms: MD5, SHA-1, RIPEMD160, SHA-2-224.
>
> We do not, at present, support any of the CAMELLIA algorithms or
> BZIP2. It is unlikely that we will do so in future.
>
> At present, we anticipate removing support for these primitives no
> later than May 1, 2015.
>