On Wednesday, 1 April 2015, Stephen Farrell
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
wrote:
Hi all,
So I think the volume and content of discussions over the
last few weeks clearly indicates a desire to do something
about openpgp, but that discussion doesn't seem to be closing
in on exactly what to do, in the IETF context. It'd help me
to try figure that out if folks would respond to this saying
which of the options below you think can make sense. Picking
more than one is fine, but if so, please say which you prefer.
Annotating/explaining your choice(s) is very welcome but
please try resist the temptation to change this into a chat
about a different set of options:-
[snip]
FWIIW I favour option 2. That is to say, making the necessary changes to
the cypher list etc and the packet format that allow us to move away from
obsolete and deprecated algorithms -- especially moving to something better
than SHA-1 in those places where that is currently hard-coded.
I do not think that we should be talking about successors to OpenPGP, nor
do I think that we should use this as an opportunity to hard-code
particular security policies or usages, which is where some of this
discussion has sometimes veered.
Werner has the best sense of what needs fixing is within the scope of
option 2 or 3, but my vote is for evolutionary changes not a radical
departure.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp