FYI, in the last few days, the IETF OpenPGP working group has 'reopened'. This is a good time to make sure any technical issues in OpenPGP are addressed. List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe> List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/> List-Post: <mailto:openpgp@ietf.org> List-Help: <mailto:openpgp-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
Like it being incompetently designed? I was hoping to avoid this, but... On Fri, Mar 13, 2015 at 7:02 PM Blibbet <blibbet@gmail.com> wrote:
FYI, in the last few days, the IETF OpenPGP working group has 'reopened'.
This is a good time to make sure any technical issues in OpenPGP are addressed.
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe> List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/> List-Post: <mailto:openpgp@ietf.org> List-Help: <mailto:openpgp-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
On Sat, Mar 14, 2015 at 05:23:16AM +0000, David Leon Gil wrote:
Like it being incompetently designed?
depends what the intended goal of said software is: 1/ winning a battle in the 1st cryptowars to make crypto exportable? i think it brilliantly succeeded at this design goal. 2/ making cryptograms stand out as strong selectors thanks to all this juicy plaintext metadata in the openpgp packet as defined per rfc4880. again, a smashing success. maybe if your usecase is not covered by the above two, maybe you should be looking for another solution. people-with-hammers ;) -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
On Saturday, March 14, 2015, stef <s@ctrlc.hu> wrote:
On Sat, Mar 14, 2015 at 05:23:16AM +0000, David Leon Gil wrote:
Like it being incompetently designed?
depends what the intended goal of said software is:
1/ winning a battle in the 1st cryptowars to make crypto exportable? i think it brilliantly succeeded at this design goal. 2/ making cryptograms stand out as strong selectors thanks to all this juicy plaintext metadata in the openpgp packet as defined per rfc4880. again, a smashing success.
maybe if your usecase is not covered by the above two, maybe you should be looking for another solution. people-with-hammers ;)
Fortunately, my goals do not include either of those. :) And I think my comment was somewhat unfair: The original OpenPGP standard was well thought out (but ultimately insecure). It just became a horrifying with three more major versions. As this is cypherpunks: I wish more folks were working on making steganography for encrypted mail more practical. It seems, for example, entirely feasible, to encode encrypted mail as (nonsense but grammatical) sentences in the user's language. I would be happy to deploy a proposal that accomplished something like this with < ~25% overhead, which seems doable, but hard. (This is something that will be essential for users in countries like China...)
participants (3)
-
Blibbet -
David Leon Gil -
stef