Re: [openpgp] Intent to deprecate: Insecure primitives
Falcon Darkstar Momot <falcon@iridiumlinux.org> Sat, 14 March 2015 01:30 UTC
Return-Path: <falcon@iridiumlinux.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA9421A90F7 for <openpgp@ietfa.amsl.com>; Fri, 13 Mar 2015 18:30:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mgN24gMfBXjQ for <openpgp@ietfa.amsl.com>; Fri, 13 Mar 2015 18:30:40 -0700 (PDT)
Received: from smtp.iridiumlinux.org (akira.iridiumlinux.org [184.70.203.174]) by ietfa.amsl.com (Postfix) with ESMTP id DCA161A88F8 for <openpgp@ietf.org>; Fri, 13 Mar 2015 18:30:39 -0700 (PDT)
Received: by smtp.iridiumlinux.org (Postfix, from userid 65534) id 8665F13F42DF; Fri, 13 Mar 2015 19:30:39 -0600 (MDT)
X-Spam-ASN:
Received: from [192.168.0.5] (c-24-143-80-128.customer.broadstripe.net [24.143.80.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.iridiumlinux.org (Postfix) with ESMTPSA id BB89D13F428C for <openpgp@ietf.org>; Fri, 13 Mar 2015 19:30:37 -0600 (MDT)
Message-ID: <55038F3C.40207@iridiumlinux.org>
Date: Fri, 13 Mar 2015 18:30:36 -0700
From: Falcon Darkstar Momot <falcon@iridiumlinux.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <CAA7UWsWBoXpZ2q=Lv151R593v3u=SPNif39ySX_-8=fqMniiVg@mail.gmail.com>
In-Reply-To: <CAA7UWsWBoXpZ2q=Lv151R593v3u=SPNif39ySX_-8=fqMniiVg@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms080803000008080004060203"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/t7diU_gBh7StXf2GmN7Ra_W2nf4>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Mar 2015 01:30:42 -0000
Yes, I can get behind that. Make it so! Users should be presented with secure defaults and not given the opportunity to unknowingly decrease security. Deprecating lower-security but equivalently performant algorithms is especially commendable. That said, archived encrypted data may require decryption support well into the future. OpenPGP-encrypted data is not ephemeral like TLS-encrypted data. --Falcon Darkstar Momot --Shadytel On 13/03/2015 18:22, David Leon Gil wrote: > First, the fait accompli: > > 1. Yahoo and Google have both already deprecated and removed support > for the following packet type specified for use with OpenPGPv4: > > Tag 9 (symmetrically encrypted) packets > > These packets provide unauthenticated encryption and -- if supported > -- can be used in a downgrade attack on senders who only use SEIPD > packets. See https://github.com/coruus/cooperpair/tree/master/encrux > for details. > > 2. Yahoo and GnuPG have both already deprecated V3 public keys for any > use. We recommend that other implementations do the same. > > -- > > Second, the near future: > > Yahoo has deprecated, and intends to disable support for all uses, of > the following primitives and packet types specified for use with > OpenPGP v4: > > - Symmetric cipher algorithms: IDEA, TDES, CAST5, Blowfish, Twofish > - Asymmetric algorithms, generally: RSA-ES, DSA. > - Asymmetric algorithms, unless > 3070 bit key length: RSA-S, RSA-E, ELG-E. > - Compression algorithms: ZLIB. (It provides no benefits over DEFLATE, > and is more malleable.) > - Hash algorithms: MD5, SHA-1, RIPEMD160, SHA-2-224. > > We do not, at present, support any of the CAMELLIA algorithms or > BZIP2. It is unlikely that we will do so in future. > > At present, we anticipate removing support for these primitives no > later than May 1, 2015. >
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Wyllys Ingersoll
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Farrell
- Re: [openpgp] Intent to deprecate: Insecure primi… Kristian Fiskerstrand
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… vedaal
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Stephen Paul Weber
- Re: [openpgp] Intent to deprecate: Insecure primi… David Shaw
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Ryan Carboni
- Re: [openpgp] Intent to deprecate: Insecure primi… Jon Callas
- Re: [openpgp] Intent to deprecate: Insecure primi… Peter Gutmann
- Re: [openpgp] Intent to deprecate: Insecure primi… Werner Koch
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Daniel Kahn Gillmor
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Falcon Darkstar Momot
- Re: [openpgp] Intent to deprecate: Insecure primi… Phillip Hallam-Baker
- Re: [openpgp] Intent to deprecate: Insecure primi… Bill Frantz
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Derek Atkins
- Re: [openpgp] Intent to deprecate: Insecure primi… Andrew Skretvedt
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… David Leon Gil
- Re: [openpgp] Intent to deprecate: Insecure primi… Christoph Anton Mitterer
- Re: [openpgp] Intent to deprecate: Insecure primi… ianG
- Re: [openpgp] Intent to deprecate: Insecure primi… Ben McGinnes
- Re: [openpgp] Intent to deprecate: Insecure primi… Tom Ritter
- [openpgp] Intent to deprecate: Insecure primitives David Leon Gil