[Top] [All Lists]

Re: [openpgp] Intent to deprecate: Insecure primitives

2015-03-18 02:22:38
I'm not sure this approach scales.

More importantly, I'm not sure it's common practice.  The IETF is at its
best when it is codifying existing practice to promote interop, not when
it's trying to radically change practice with fairly onerous new

Perhaps if anyone desires to modify practice, they should start by
promoting their new approach so that multiple software platforms and the
reference implementation support it.  Perhaps modifications to
open-source mail clients to support a distinction between "wire format"
and "data at rest" and an encryption rollover format would be useful.

On 16/03/2015 10:35, Bill Frantz wrote:
On 3/16/15 at 6:51 AM, warlord(_at_)MIT(_dot_)EDU (Derek Atkins) wrote:

Oh, you expected me to decrypt/re-encrypt my encrypted email as I got

For many uses, decrypting from the wire format and re-encrypting in
the "data at rest" security format makes excellent sense. Having only
one encryption scheme for long-term storage allows easy (relatively)
upgrade and helps to ensure that the data is still accessible, i.e.
the decryption still works. I probably have a bunch of old PGP
encrypted email I can't read anymore because I don't have the secret
key, or its passphrase. If that mail had been re-encrypted in a format
that I decrypt every day, I would still be able to read the mail.
Encryption that isn't regularly exercised gets rusty.

Cheers - Bill

Bill Frantz        | If the site is supported by  | Periwinkle
(408)356-8506      | ads, you are the product.    | 16345 Englewood Ave |                              | Los Gatos, CA 95032

openpgp mailing list

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

openpgp mailing list
<Prev in Thread] Current Thread [Next in Thread>