ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Intent to deprecate: Insecure primitives

2015-03-18 02:22:38
from [Falcon Darkstar Momot] [Permanent Link] 
I'm not sure this approach scales.

More importantly, I'm not sure it's common practice.  The IETF is at its
best when it is codifying existing practice to promote interop, not when
it's trying to radically change practice with fairly onerous new
recommendations.

Perhaps if anyone desires to modify practice, they should start by
promoting their new approach so that multiple software platforms and the
reference implementation support it.  Perhaps modifications to
open-source mail clients to support a distinction between "wire format"
and "data at rest" and an encryption rollover format would be useful.

On 16/03/2015 10:35, Bill Frantz wrote:

On 3/16/15 at 6:51 AM, warlord(_at_)MIT(_dot_)EDU (Derek Atkins) wrote:


Oh, you expected me to decrypt/re-encrypt my encrypted email as I got
it???


For many uses, decrypting from the wire format and re-encrypting in
the "data at rest" security format makes excellent sense. Having only
one encryption scheme for long-term storage allows easy (relatively)
upgrade and helps to ensure that the data is still accessible, i.e.
the decryption still works. I probably have a bunch of old PGP
encrypted email I can't read anymore because I don't have the secret
key, or its passphrase. If that mail had been re-encrypted in a format
that I decrypt every day, I would still be able to read the mail.
Encryption that isn't regularly exercised gets rusty.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | If the site is supported by  | Periwinkle
(408)356-8506      | ads, you are the product.    | 16345 Englewood Ave
www.pwpconsult.com |                              | Los Gatos, CA 95032

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] "OpenPGP Simple", Peter Gutmann
Next by Date:  Re: [openpgp] Intent to deprecate: Insecure primitives, Falcon Darkstar Momot
Previous by Thread:  Re: [openpgp] Intent to deprecate: Insecure primitives, Christoph Anton Mitterer
Next by Thread:  Re: [openpgp] Intent to deprecate: Insecure primitives, Wyllys Ingersoll
Indexes:  [Date] [Thread] [Top] [All Lists]