Breaking changes

Here's my own set of suggestions for breaking changes to GnuPG: 1. End-of-life 1.4 already. Yes, it's the only option for PGP 2.6. Yes, it's the only option for old and out-of-date stuff. Yes, there will be people who need to decrypt this stuff. All of that is true, but *we* don't need to be

Re: Break backwards compatibility

And that is my opinion, too. Some people have the necessity to decrypt old data, so there should be a separate tool for them to do exactly that. It's the only way to start off fresh. But I believe many people shouting out against the developers really have no such reason. They are described very

Re: Break backwards compatibility already: it’s time. Ignore the haters. I trust you.

On 05/20/2018 08:51 PM, Jeremy Davis wrote: > I just read the awesome article "Efail: A Postmortem" by Robert Hansen. > > Thanks for this Robert. Great work! > > As suggested by Robert, I've signed up to say: > > Break backwards compatibility already: it’s time. Ignore the haters. I > trust

Re: Break backwards compatibility

On 21/05/2018 02:12, Jochen Schüttler wrote: > I'm all for breaking backwards compatibility. > > What's the worst the haters can do? Turn their back on GnuPG? Shout out > really loud once more? I think they should get a life! I rather suspect they do have a life supporting scenarios that they

Re: A postmortem on Efail

On 20/05/2018 21:32, Damien Goutte-Gattat via Gnupg-users wrote: > On 05/20/2018 08:45 PM, Mark Rousell wrote: >> I think it is important that they can still do this with a maintained >> (2.x.y) code base. > > Support for PGP 2 has already been dropped from the current stable > branch, I don't

Break backwards compatibility

I'm all for breaking backwards compatibility. What's the worst the haters can do? Turn their back on GnuPG? Shout out really loud once more? I think they should get a life! ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Break backwards compatibility already: it’s time. Ignore the haters. I trust you.

I just read the awesome article "Efail: A Postmortem" by Robert Hansen. Thanks for this Robert. Great work! As suggested by Robert, I've signed up to say: Break backwards compatibility already: it’s time. Ignore the haters. I trust you! :) Cheers, Jeremy

Re: A postmortem on Efail

On 05/19/2018 11:44 PM, Aleksandar Lazic wrote: > Hi Robert. > > On 20/05/2018 02:26, Robert J. Hansen wrote: >> Writing just for myself -- not for GnuPG and not for Enigmail and >> definitely not for my employer -- I put together a postmortem on Efail. >> You may find it worth reading. You may

Re: A postmortem on Efail

On 2018-05-20 07:26, Robert J. Hansen wrote: Writing just for myself -- not for GnuPG and not for Enigmail and definitely not for my employer -- I put together a postmortem on Efail. You may find it worth reading. You may also not. Your mileage will probably vary. :)

Re: A postmortem on Efail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 20 May 2018 at 2:51:40 PM, in , Dirk Gottschalk via Gnupg-users wrote:- > I think the backwards compatiblity should be broken > to improve things. Backwards

Re: A postmortem on Efail

On 2018-05-20 at 02:26 -0400, Rob J Hansen wrote: > https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08 Excellent post. I favor breaking backwards compatibility and including in the shipped README a description of "The conditions under which we anticipate future backwards

Re: A postmortem on Efail

Am 20.05.2018 um 09:28 schrieb Robert J. Hansen : >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > > :) :) :) :) :) Yes, please! I DO trust you! Juergen Polster ___ Gnupg-users mailing

A postmortem on Efail

On 05/20/2018 08:45 PM, Mark Rousell wrote: I presume that one day the 1.x.y code will reach end of life. There's no plan to terminate the 1.x branch. It will not gain any new features, but as stated by Werner Koch a few months ago, it "will be kept alive for use with PGP 2 encrypted and

Re: A postmortem on Efail

On 20/05/2018 20:16, Damien Goutte-Gattat via Gnupg-users wrote: > On 05/20/2018 02:51 PM, Dirk Gottschalk via Gnupg-users wrote: >> It would be possible to implement something like --legacy to >> re-enable the old functionality. > > For information, for the problem at hand, two things have been

A postmortem on Efail

On 05/20/2018 02:51 PM, Dirk Gottschalk via Gnupg-users wrote: It would be possible to implement something like --legacy to re-enable the old functionality. For information, for the problem at hand, two things have been done in that direction: In GnuPG itself: GnuPG will now error out when

Re: A postmortem on Efail

On 20/05/2018 11:44, Aleksandar Lazic wrote: > I do not want to create a conspiracy theory but it's wiggy that > EFF favors *NO* security ,pgp or s/mime, instead to fix the current > possibilities and promote signal. > > As serveral people mentioned in the different Internet medias is signal > not

Re: A postmortem on Efail

On 20/05/2018 14:51, Dirk Gottschalk via Gnupg-users wrote: > I think the backwards compatiblity should be broken to improve things. > It would be possible to implement something like --legacy to re-enable > the old functionality. Agreed. > This could also be implemented in email clients > and

Re: A postmortem on Efail

On 20/05/2018 12:11, Philipp Klaus Krause wrote: > I don't think breaking backwards-compability is an all-or-nothing question. > > IMO, it is important to still be able to decrypt old data. On the other > hand one wants sane, secure use with current data. > The functionality needed to decrpyt old

Re: A postmortem on Efail

Hi. Am Sonntag, den 20.05.2018, 02:26 -0400 schrieb Robert J. Hansen: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on > Efail. > You may find it worth reading. You may also not. Your mileage will > probably

Re: A postmortem on Efail

Am 20.05.2018 um 08:26 schrieb Robert J. Hansen: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > probably vary. :) > >

Re: Efail or OpenPGP is safer than S/MIME

On 19/05/2018 14:15, Werner Koch wrote: > On Fri, 18 May 2018 12:18, patr...@enigmail.net said: > > > How far back will that solution work? I.e. is this supported by all > > 2.0.x and 2.2.x versions of gpg? > > 2.0.19 (2012) was the first to introduce DECRYPTION_INFO In any case > 2.0 is

Re: A postmortem on Efail

Hi Robert. On 20/05/2018 02:26, Robert J. Hansen wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > probably vary. :) > >

Re: A postmortem on Efail

I've used PGP ever since I discovered it when I ran a BBS back in the late 80's early 90's. I rarely post but always listening. Definitely time to break backward compatibility if it will help move it forward! Go for it! On 5/20/2018 3:28 AM, Robert J. Hansen wrote: >> Break backwards

Re: A postmortem on Efail

> On 20 May 2018, at 07:26, Robert J. Hansen wrote: > > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will >

Re: A postmortem on Efail

On Sun, 20 May 2018 02:26:47 -0400 "Robert J. Hansen" wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on > Efail. You may find it worth reading. You may also not. Your > mileage

Re: A postmortem on Efail

I want to get involved and give a damn! Break backwards compatibility already: it’s time. Ignore the haters. I trust you. On 20/05/2018 09:26, Robert J. Hansen wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a

S/MIME and AE

I can't see anyway that S/MIME gets resolved with anything other than heuristics that look for the footprints of the CBC malleability in efail (random blocks and/or 8bit content) etc. There are two other alternatives, only one is plausible, IMO 1) Only allow emails where the signature verifies.

Re: A postmortem on Efail

“We be of one blood, ye and I” ― Rudyard Kipling, The Jungle Books On 20/05/2018 10:28, Robert J. Hansen wrote: >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > > :) :) :) :) :) > ___ Gnupg-users mailing list

Re: A postmortem on Efail

On 05/19/2018 08:28 PM, Robert J. Hansen wrote: >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > > :) :) :) :) :) I'm OK with that :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: A postmortem on Efail

> Break backwards compatibility already: it’s time. Ignore the haters. I > trust you. :) :) :) :) :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

A postmortem on Efail

Writing just for myself -- not for GnuPG and not for Enigmail and definitely not for my employer -- I put together a postmortem on Efail. You may find it worth reading. You may also not. Your mileage will probably vary. :) https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08