[Top] [All Lists]

Re: [openpgp] Intent to deprecate: Insecure primitives

2015-03-13 23:55:25
On Fri, Mar 13, 2015 at 6:30 PM, Falcon Darkstar Momot
<falcon(_at_)iridiumlinux(_dot_)org> wrote:
Yes, I can get behind that.  Make it so!  Users should be presented with
secure defaults and not given the opportunity to unknowingly decrease
security.  Deprecating lower-security but equivalently performant
algorithms is especially commendable.

That said, archived encrypted data may require decryption support well
into the future.  OpenPGP-encrypted data is not ephemeral like
TLS-encrypted data.

I agree: But note that it's possible to run, for example, programs
written for the Symbolics Lisp machine (c. 1982) on your Macbook Pro

And older versions of GnuPG are certainly still buildable! (As, I
anticipate, older versions of any extension will be.)

W.r.t. long-term storage of messages, however, I tend to think that
storing them in their wire format is exactly the wrong thing to do. If
you don't discard wire-format messages, you don't get PFS, even using
ephemeral-static ECDH.

openpgp mailing list