ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] How to re-launch the OpenPGP WG

2015-03-16 22:46:52
from [Christoph Anton Mitterer] [Permanent Link] 
On Fri, 2015-03-13 at 08:16 +0100, Werner Koch wrote:

- The WG should consider whether to just bring OpenPGP up to date... or
  whether to completely overhaul or even re-design it.

The please give the thing another name.  Recall the outcry whn I removed
PGP-2 support from 2.1.

Well I guess it happens very often that one has a very loud minority and
a silent majority.
Removing the support was definitely the right thing, especially since
it's still in the other branches.
All these very old keys are likely lather small (and thus weak) and
shouldn't be used therefore anymore.

IMO, security business can't really afford to always comfort those
living in the past and/or not doing their homework.
This model (leaving legacy stuff in for compatibility reasons) blew up
so often recently (RC4, SSL3, the export cipher suites, problematic CBC
mode usage in e.g. SSH)... these things should have been phased out long
ago, instead, people waited for questionable compatibility reasons way
too long until 5 past 12.

Someone who really wants security should have to suffer because of those
who want to keep old systems/alogs/etc., since the later anyway do not
really want security. 



We already have this.  You may either use a plain user ID with signed
attributes to implement this or, better

Well, as I've written before, using the plain UID packets in such ways
should IMHO be given up.


extend the attribute packet,
which is currently only used for photo ids, but designed for what you
want.  You may already start with this using the 100--110 subpacket
types.

Sure, just no one ever specified it, and thus no one every used it that way



Regarding the rest of your mail, I think it is better to postpone a
detailed discussion for now.

Fine,... it's now in the archives for the records =)


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] "OpenPGP Simple", David Shaw
Next by Date:  Re: [openpgp] How to re-launch the OpenPGP WG, Christoph Anton Mitterer
Previous by Thread:  Re: [openpgp] How to re-launch the OpenPGP WG, Phillip Hallam-Baker
Next by Thread:  Re: [openpgp] How to re-launch the OpenPGP WG, ianG
Indexes:  [Date] [Thread] [Top] [All Lists]