Thanks Rich, adding my 2 yen.
On 3/11/2015 09:41 am, Salz, Rich wrote:
- General issue of deprecration for stored data? Possibilities (? Marks
possibly-controversial)
MD5; SHA1?; RIPE-MD
IDEA; 3DES?; CAST5?; Blowfish? Twofish?
DSA? Size limits on RSA? NIST ECC? ElGamal?
What does deprecation mean? Perhaps just encryption? Also decrypt if the
content is known/believed to be not old
Yes - practically, deprecated in the standard means no encryption, and
implementations are free to decrypt older stuff.
Is signature verification different?
No signing using old algos.
There are several usability issues around this; we need to be careful.
Consensus is not to create new content with deprecated algorithms.
+1
Perhaps address general issue of "what to do with old stuff"? And maybe answer is
"lose it"
No, download an old copy of gpg or pgp2.3 and decrypt it.
Stephen Farrell: Suggest reframe question as "everything deprecated unless shown
that need to generate ones using old mechanism"
Discussion of how appropriate to put UI items in a protocol/data-format spec.
Strong consensus to start with everything removed, and then add the ones we
want.
the one :)
- Symmetric crypto (Bryan Ford), draft-ford-openpgp-format See slides in the
proceedings.
Consensus to use a new packet type for AEAD-protected
yes.
Lots of information exposed by plaintext metadata
Magic number -- this is an openpgp file, so its suspicious
Cipher -- is it worth trying to crack (e.g., is it rc4 :)
Passphrase: worth trying a password cracker
Recipient key-id's: where to point the rubber hose?
# of recipients: aha, it's *that* group of dissidents?
Should we aim to protect it all (at cost of "trial" encryptions)?
Yes - indistinguishable from random is the target.
This might not be achievable, but it should be the target. We won't get
there unless we start on the journey.
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp