ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Intent to deprecate: Insecure primitives

2015-03-16 03:59:31
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 03/16/2015 05:05 AM, Daniel Kahn Gillmor wrote:
Hi David--



- Symmetric cipher algorithms: IDEA, TDES, CAST5, Blowfish,
Twofish - Asymmetric algorithms, generally: RSA-ES, DSA.

Are you referring to Public Key Algorithms specifically here?  in 
particular, this table:

https://tools.ietf.org/html/rfc4880#section-9.1

If so, RSA-ES (pubkey algorithm 1) is very widely used, even for
keys that are only marked for one usage (signatures or encryption).
In fact, i don't think there are many RSA keys labeled RSA-E (algo
2) and RSA-S (algo 3) at all.  Why treat RSA-ES separately for
deprecation?

On a relatively up-to-date keyring with a couple-thousand OpenPGP 
certificates, i did this check (the first column is the count, the 
second column is the algorithm ID):

Just to add a bit more data to this, on a keyserver (a hockeypuck
instance not supporting ECC) the corresponding figures (primary +
subkey) for 3882360 primary keys and 3612096 subkeys shows.

- -----------+---------
        16 | 2658039
         1 | 2185612
         3 |     627
        17 | 2649388
         0 |     196
         2 |     594

(this is not adjusting for revoked / expired keys etc)

On an older copy (around January 2014, this time dumped from SKS
supporting ECC) with 3532268 primary keys and 3288749 subkeys, but it
shows a bit of the trend

+------+----------+
| algo | COUNT(1) |
+------+----------+
|    0 |      352 |
|    1 |  1552104 |
|    2 |      341 |
|    3 |      371 |
|   16 |  2636715 |
|   17 |  2629639 |
|   18 |       37 |
|   19 |       44 |
|   20 |     1380 |
|  101 |        2 |
|  103 |       32 |
+------+----------+
11 rows in set (3.76 sec).

If interesting I can always do a refreshed dump from SKS also adding
support for Ed25519 (experimental), if tracking the development of
number of keys here is of interest.


- Asymmetric algorithms, unless > 3070 bit key length: RSA-S,
RSA-E, ELG-E.

How did you choose this cutoff?  I'm happy to see a high bar
personally, but this is likely to invalidate many 2048-bit keys
that people have been generating with (e.g.) the GnuPG defaults
today.  Do you think that GnuPG should change its defaults to the
higher cutoff?

And if believing so, what rationale is behind this?

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Nosce te ipsum!
Know thyself!
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJVBptOAAoJEP7VAChXwav6VN0H/iGwKBSh1w47jaOf9pP9uEKL
dV1Z4uHSjTTAMZAqWHiX6coRNtBtBzh00RqhFDVhsVm516Dsu0rcWwAQrg17r34w
AMgxS/f6DY+TKQFM9jdrZVov2XKkLlOuqSDNlGLumy9X2k9I7HOg0FNt4yHuVLGJ
glGPsGYRl9qXdq9e9aVPhzsYFNEkxukhrujgrAWRWm/8WJ1Wj7kO4EZ2cGK2RWzJ
g4d+2kxqeuCS0U+i+Pn3S1RqntiEf1KGGLQPhSxAOgK6YYIUJm6k2PMOC+j75qph
br4PPRysxAWC+c7+LdCzJH7cdjbRkGQ4ertbt9zRZ6Pksk+iTop7cHjWJ1f0094=
=N/um
-----END PGP SIGNATURE-----

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>