[Top] [All Lists]

Re: [openpgp] Intent to deprecate: Insecure primitives

2015-03-17 17:12:33
On 3/17/15 at 8:04 AM, warlord(_at_)MIT(_dot_)EDU (Derek Atkins) wrote:

Bill Frantz <frantz(_at_)pwpconsult(_dot_)com> writes:

On 3/16/15 at 6:51 AM, warlord(_at_)MIT(_dot_)EDU (Derek Atkins) wrote:

Oh, you expected me to decrypt/re-encrypt my encrypted email as I got it???

For many uses, decrypting from the wire format and re-encrypting in
the "data at rest" security format makes excellent sense. Having only
one encryption scheme for long-term storage allows easy (relatively)
upgrade and helps to ensure that the data is still accessible,
i.e. the decryption still works. I probably have a bunch of old PGP
encrypted email I can't read anymore because I don't have the secret
key, or its passphrase. If that mail had been re-encrypted in a format
that I decrypt every day, I would still be able to read the
mail. Encryption that isn't regularly exercised gets rusty.

Show me an MUA that does this, please?  None of the OpenPGP-aware MUAs
I've ever used have this feature, as far as I know.  I suppose I could
go out of my way to replace the encrypted email with a
re-encrypted/plaintext email.

I was thinking of the system level disk encryption for the data at rest. It is available for most systems these days.

But frankly I'd like my encryption software to just maintain the ability
to decrypt it later.

Well, the problem isn't the software. It is the user.

Cheers - Bill

Bill Frantz        | I don't have high-speed      | Periwinkle
(408)356-8506 | internet. I have DSL. | 16345 Englewood Ave | | Los Gatos, CA 95032

openpgp mailing list