IETF Logo Mail Archive

Re: [openpgp] Intent to deprecate: Insecure primitives

Christoph Anton Mitterer <calestyo@scientia.net> Mon, 23 March 2015 19:25 UTC

Return-Path: <calestyo@scientia.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA2131B29AE for <openpgp@ietfa.amsl.com>; Mon, 23 Mar 2015 12:25:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KqtDgxP8BivE for <openpgp@ietfa.amsl.com>; Mon, 23 Mar 2015 12:25:47 -0700 (PDT)
Received: from mailgw01.dd24.net (mailgw-01.dd24.net [193.46.215.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 252811AD34D for <openpgp@ietf.org>; Mon, 23 Mar 2015 12:25:47 -0700 (PDT)
Received: from mailpolicy-01.live.igb.homer.key-systems.net (mailpolicy-02.live.igb.homer.key-systems.net [192.168.1.27]) by mailgw01.dd24.net (Postfix) with ESMTP id 020F05FBA8 for <openpgp@ietf.org>; Mon, 23 Mar 2015 19:25:46 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mailpolicy-02.live.igb.homer.key-systems.net
Received: from mailgw01.dd24.net ([192.168.1.35]) by mailpolicy-01.live.igb.homer.key-systems.net (mailpolicy-02.live.igb.homer.key-systems.net [192.168.1.25]) (amavisd-new, port 10235) with ESMTP id Bz24KCg5S4Iu for <openpgp@ietf.org>; Mon, 23 Mar 2015 19:25:43 +0000 (UTC)
Received: from heisenberg.fritz.box (ppp-93-104-121-105.dynamic.mnet-online.de [93.104.121.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailgw01.dd24.net (Postfix) with ESMTPSA for <openpgp@ietf.org>; Mon, 23 Mar 2015 19:25:43 +0000 (UTC)
Message-ID: <1427138741.10191.48.camel@scientia.net>
From: Christoph Anton Mitterer <calestyo@scientia.net>
To: openpgp@ietf.org
Date: Mon, 23 Mar 2015 20:25:41 +0100
In-Reply-To: <sjmmw3bk6lt.fsf@securerf.ihtfp.org>
References: <r422Ps-1075i-0DF0A0ED5D364ECAABA63F541D9C6A16@Williams-MacBook-Pro.local> <sjmmw3bk6lt.fsf@securerf.ihtfp.org>
Content-Type: multipart/signed; micalg="sha-512"; protocol="application/x-pkcs7-signature"; boundary="=-3FWUw8vwBNNkfQE7vRQl"
X-Mailer: Evolution 3.12.9-1+b1
Mime-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ykMOEx36gU6X9t3YPCbxzfj-b6M>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2015 19:25:49 -0000

On Tue, 2015-03-17 at 11:04 -0400, Derek Atkins wrote: 
> Show me an MUA that does this, please?  None of the OpenPGP-aware MUAs
> I've ever used have this feature, as far as I know.  I suppose I could
> go out of my way to replace the encrypted email with a
> re-encrypted/plaintext email.
> 
> But frankly I'd like my encryption software to just maintain the ability
> to decrypt it later.

While I don't think that implementations should throw away old algos
(even if insecure) - the should just no longer use it for creating new
content, and should only decrypt/verify signatures with appropriate
warnings, I'd say that the question of long term storage of
encrypted/signed content (e.g. mails) is (and should be) beyond the
scope of OpenPGP.
That being said, the WG shouldn't alter the decisions it makes based on
that question, but rather only on security considerations.


As for e.g. long term email storage:
- if you just store them as received over the wire (i.e.
encrypted/signed) they may very well become insecure over time, so the
original purpose of confidentiality and authenticity is no longer
guaranteed (by leaving them with the old encryption/signature).

- constantly re-encrypting them seems to be not feasible, and you cannot
re-sign mails from someone else.

- IMHO the appropriate way would be for a MUA to record that the mail
was sent encrypted to you and by whom of your contacts it was signed (if
any of that was the case) - for later reference.
And any further protection of the content should be handled by disk
encryption.


Cheers,
Chris.

v2.23.0 | Report a Bug | By Email