ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Intent to deprecate: Insecure primitives

2015-04-08 13:36:46
On Wed, 2015-04-08 at 15:32 +0000, David Leon Gil wrote:
Brief update on plans for deprecation: The tracking issue is at
https://github.com/yahoo/end-to-end/issues/31

Please feel free to open another issue if you have specific
objections. I will either be convinced by your arguments, and change
the plan, or explain why I don't.

Look, as I've pointed out previously, I personally think that crypto,
done as a web app is inherently untrustworthy.

Maybe I just got something wrong, but AFAIU the idea of "e2e" projects
like your's is to add e2e crypto into your webapps, e.g. via javascript.
Thus the software doing crypto is each time downloaded again from the
server by the client, right?
So ultimately control is again fully at the vendor (at any time he could
send other code and no one would notice), and fully dependent on a
working https (which is as we should all know by now inherently insecure
due to the issues of the CA system).


So to me, the whole e2e crypto campaigns run by some of the bigger
vendors is just a marketing thing, at best.
Actually, if I'd be part of organisations doing mass surveillance,
fearing that people could now switch to properly used crypto, then these
would be the two things I'd tried to do as a countermeasure:
- TOFU
and
- propagating actually weak e2e crypto systems on a broad scale, giving
people a wrong sense of being secure[0].


That being said, at least I probably won't focus myself on what Yahoo,
Google or any other big company does.
Looking at the the ticket you mention, *some* things you plan to
deprecate are definitely a good idea, for others I'd see simply no good
reason that anyone would follow these now. Especially some of the
"eventually" things seem a bit crude.
And I guess my personal opinion about algorithm diversity is known as
well.


But more important:
Implementations have always been free to implement what they like (even
if, strictly speaking, they may have lost the status of a conforming
implementation). But you shouldn't expect that others follow your steps,
just because big-company-xyz is doing so now.

However, the more you depart from "standard" usage of OpenPGP, the more
you should probably call it something else.
This would especially apply for anyone who would think he drives the
standardisation process and not the community of real/serious OpenPGP
users.


And even more important, none of the big companies which add that IMHO
at best questionable web-based e2e crypto to their services, should
expect that this would make them represent the majority of OpenPGP users
and thus would give them a strong voice in decisions.
Just because e.g. google would automatically enable questionable e2e
crypto for millions of their gmail users, doesn't mean that one as a
real "legitimate" OpenPGP user base there.


For all the above reasons, I personally feel, that it's not appropriate
here at the OpenPGP WG list, to discuss single unilateral decisions made
by an OpenPGP implementation[1].

If one says "hey, let's discuss whether we should deprecate twofish in
OpenPGP" that's totally fine,... but informing the standardisation body
"hey we drop now support for x, y and z" with an implicit "and since we
represent n users, you better follow our decision" is not appropriate.



Cheers,
Chris.


[0] Ever wondered why nearly each totalitarian regime still carries out
elections? It still gives people a little feeling of having choice.
[1] And exception might be GnuPG, simply because *it* likely actually
represents the majority of all serious users of OpenPGP.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp