ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis

2017-10-30 13:19:31
from [Derek Atkins] [Permanent Link] 

On Mon, October 30, 2017 2:00 pm, Paul Wouters wrote:

On Oct 30, 2017, at 19:29, Rick van Rein <rick(_at_)openfortress(_dot_)nl> 
wrote:


Hi Derek,



I have files encrypted 20+ years ago (to a 20+ year old key) sitting
around in storage.  Are you saying that those encrypted files should
not
be readable anymore?


So when do we stop supporting an algorithm? When it can be brute forces in
a month? A year ? A day?


That's a good question, but considering none of it applies to pretty much
any method we've supported (except, perhaps, MD5) it's a bit moot.


One might question if current-day crypto software should continue to
support old encrypted files though, or that a fork would be wiser.


Like pgp 2.6 and pgp 5. Yes.

A way to also stimulate upgrading could be to demote algorithms to
decrypt/verify only and not allow them for creating new encrypted/signed
material.


We've already done that.  It "works" (to some degree) to get people to
upgrade.


As for we have been doing this for  20 years argument, I am still carrying
idea.c and still have to manually compile it every time gpg upgrades. So
the “current” scheme has proven to not work well at all for me.


Honestly, AFAIK there has never been a security issue with IDEA; just
patent/licensing.  At this point I think all those issues are gone, too,
so honestly there's little reason not to include it natively.

But the real point is that there are so few methods that people want to
support *IN THE PROTOCOL* that there is little reason, IMNSHO, to prevent
them from doing so in a standard way.

Remember, just because the protocol supports a method does not mean
implementations will.  But if the protocol does NOT support some methods
it might prevent some users from using the protocol.  Hence, if we want to
encourage adoption (even if it's in a closed environment) we should
encourage method adoption.  Again, it's not that expensive to do so on our
part.


Paul


-derek

-- 
       Derek Atkins                 617-623-3745
       derek(_at_)ihtfp(_dot_)com             www.ihtfp.com
       Computer and Internet Security Consultant

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis, Paul Wouters
Next by Date:  Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis, Paul Wouters
Previous by Thread:  Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis, Paul Wouters
Next by Thread:  Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis, Paul Wouters
Indexes:  [Date] [Thread] [Top] [All Lists]