[openpgp] Replacing the OpenPGP Encryption Mode is Harmful and Pointless

Bruce Walzer <bwalzer@59.ca> Fri, 15 July 2022 11:11 UTC

Return-Path: <bwalzer@59.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28CFDC18873B for <openpgp@ietfa.amsl.com>; Fri, 15 Jul 2022 04:11:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EFgMgTHk49y5 for <openpgp@ietfa.amsl.com>; Fri, 15 Jul 2022 04:11:53 -0700 (PDT)
Received: from mail.59.ca (mail.59.ca [205.200.229.83]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 787B7C14F74C for <openpgp@ietf.org>; Fri, 15 Jul 2022 04:11:53 -0700 (PDT)
Received: from [104.246.140.18] (helo=watt.59.ca) by mail.59.ca with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <bwalzer@59.ca>) id 1oCJEZ-0008pm-Aw for openpgp@ietf.org; Fri, 15 Jul 2022 06:11:47 -0500
Date: Fri, 15 Jul 2022 06:11:45 -0500
From: Bruce Walzer <bwalzer@59.ca>
To: openpgp@ietf.org
Message-ID: <YtFLcfKMEC/vRXY+@watt.59.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/z5WueaZvUn-n0soWU3XWW1PsXEA>
Subject: [openpgp] Replacing the OpenPGP Encryption Mode is Harmful and Pointless
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2022 11:11:58 -0000

The article in question:

* https://articles.59.ca/doku.php?id=pgpfan:no_new_ae

This editorial fell out of a series of OpenPGP advocacy articles I wrote. The position:

* The current OpenPGP encryption mode is secure and appropriate and
  should not be replaced.

* The OpenPGP standard should not suggest or attempt to mandate that
  data that is suspected of malicious modification should be withheld
  from any entity. It is better to complete the operation and then
  provide the status.

I realize that this is not at all a mainstream position to take. I am
only posting this here in case it gains any traction. I don't want to
blindside anyone.

Bruce