Here's my own set of suggestions for breaking changes to GnuPG:
1. End-of-life 1.4 already.
Yes, it's the only option for PGP 2.6. Yes, it's the only option for
old and out-of-date stuff. Yes, there will be people who need to
decrypt this stuff. All of that is true, but *we* don't need to be
And that is my opinion, too.
Some people have the necessity to decrypt old data, so there should be a
separate tool for them to do exactly that. It's the only way to start
off fresh.
But I believe many people shouting out against the developers really
have no such reason. They are described very
On 05/20/2018 08:51 PM, Jeremy Davis wrote:
> I just read the awesome article "Efail: A Postmortem" by Robert Hansen.
>
> Thanks for this Robert. Great work!
>
> As suggested by Robert, I've signed up to say:
>
> Break backwards compatibility already: it’s time. Ignore the haters. I
> trust you!
On 21/05/2018 02:12, Jochen Schüttler wrote:
> I'm all for breaking backwards compatibility.
>
> What's the worst the haters can do? Turn their back on GnuPG? Shout out
> really loud once more? I think they should get a life!
I rather suspect they do have a life supporting scenarios that they
cann
On 20/05/2018 21:32, Damien Goutte-Gattat via Gnupg-users wrote:
> On 05/20/2018 08:45 PM, Mark Rousell wrote:
>> I think it is important that they can still do this with a maintained
>> (2.x.y) code base.
>
> Support for PGP 2 has already been dropped from the current stable
> branch, I don't thin
I'm all for breaking backwards compatibility.
What's the worst the haters can do? Turn their back on GnuPG? Shout out
really loud once more? I think they should get a life!
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailm
I just read the awesome article "Efail: A Postmortem" by Robert Hansen.
Thanks for this Robert. Great work!
As suggested by Robert, I've signed up to say:
Break backwards compatibility already: it’s time. Ignore the haters. I
trust you! :)
Cheers,
Jeremy
On 05/19/2018 11:44 PM, Aleksandar Lazic wrote:
> Hi Robert.
>
> On 20/05/2018 02:26, Robert J. Hansen wrote:
>> Writing just for myself -- not for GnuPG and not for Enigmail and
>> definitely not for my employer -- I put together a postmortem on Efail.
>> You may find it worth reading. You may a
On 2018-05-20 07:26, Robert J. Hansen wrote:
Writing just for myself -- not for GnuPG and not for Enigmail and
definitely not for my employer -- I put together a postmortem on Efail.
You may find it worth reading. You may also not. Your mileage will
probably vary. :)
https://medium.com/@ciphe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Sunday 20 May 2018 at 2:51:40 PM, in
,
Dirk Gottschalk via Gnupg-users wrote:-
> I think the backwards compatiblity should be broken
> to improve things.
Backwards compatibility was already broken when support for old-style
keys was droppe
On 2018-05-20 at 02:26 -0400, Rob J Hansen wrote:
> https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08
Excellent post. I favor breaking backwards compatibility and including
in the shipped README a description of "The conditions under which we
anticipate future backwards compatibility
Am 20.05.2018 um 09:28 schrieb Robert J. Hansen :
>> Break backwards compatibility already: it’s time. Ignore the haters. I
>> trust you.
>
> :) :) :) :) :)
Yes, please! I DO trust you!
Juergen Polster
___
Gnupg-users mailing list
Gnupg-users@gnupg.o
On 05/20/2018 08:45 PM, Mark Rousell wrote:
I presume that one day the 1.x.y code will reach end of life.
There's no plan to terminate the 1.x branch. It will not gain any new
features, but as stated by Werner Koch a few months ago, it "will be
kept alive for use with PGP 2 encrypted and sign
On 20/05/2018 20:16, Damien Goutte-Gattat via Gnupg-users wrote:
> On 05/20/2018 02:51 PM, Dirk Gottschalk via Gnupg-users wrote:
>> It would be possible to implement something like --legacy to
>> re-enable the old functionality.
>
> For information, for the problem at hand, two things have been do
On 05/20/2018 02:51 PM, Dirk Gottschalk via Gnupg-users wrote:
It would be possible to implement something like --legacy to
re-enable the old functionality.
For information, for the problem at hand, two things have been done in
that direction:
In GnuPG itself: GnuPG will now error out when a
On 20/05/2018 11:44, Aleksandar Lazic wrote:
> I do not want to create a conspiracy theory but it's wiggy that
> EFF favors *NO* security ,pgp or s/mime, instead to fix the current
> possibilities and promote signal.
>
> As serveral people mentioned in the different Internet medias is signal
> not
On 20/05/2018 14:51, Dirk Gottschalk via Gnupg-users wrote:
> I think the backwards compatiblity should be broken to improve things.
> It would be possible to implement something like --legacy to re-enable
> the old functionality.
Agreed.
> This could also be implemented in email clients
> and pl
On 20/05/2018 12:11, Philipp Klaus Krause wrote:
> I don't think breaking backwards-compability is an all-or-nothing question.
>
> IMO, it is important to still be able to decrypt old data. On the other
> hand one wants sane, secure use with current data.
> The functionality needed to decrpyt old f
Hi.
Am Sonntag, den 20.05.2018, 02:26 -0400 schrieb Robert J. Hansen:
> Writing just for myself -- not for GnuPG and not for Enigmail and
> definitely not for my employer -- I put together a postmortem on
> Efail.
> You may find it worth reading. You may also not. Your mileage will
> probably va
Am 20.05.2018 um 08:26 schrieb Robert J. Hansen:
> Writing just for myself -- not for GnuPG and not for Enigmail and
> definitely not for my employer -- I put together a postmortem on Efail.
> You may find it worth reading. You may also not. Your mileage will
> probably vary. :)
>
> https://med
On 19/05/2018 14:15, Werner Koch wrote:
> On Fri, 18 May 2018 12:18, patr...@enigmail.net said:
>
> > How far back will that solution work? I.e. is this supported by all
> > 2.0.x and 2.2.x versions of gpg?
>
> 2.0.19 (2012) was the first to introduce DECRYPTION_INFO In any case
> 2.0 is end-of-
Hi Robert.
On 20/05/2018 02:26, Robert J. Hansen wrote:
> Writing just for myself -- not for GnuPG and not for Enigmail and
> definitely not for my employer -- I put together a postmortem on Efail.
> You may find it worth reading. You may also not. Your mileage will
> probably vary. :)
>
> htt
I've used PGP ever since I discovered it when I ran a BBS back in the
late 80's early 90's. I rarely post but always listening. Definitely
time to break backward compatibility if it will help move it forward!
Go for it!
On 5/20/2018 3:28 AM, Robert J. Hansen wrote:
>> Break backwards compatibilit
> On 20 May 2018, at 07:26, Robert J. Hansen wrote:
>
> Writing just for myself -- not for GnuPG and not for Enigmail and
> definitely not for my employer -- I put together a postmortem on Efail.
> You may find it worth reading. You may also not. Your mileage will
> probably vary. :)
I would
On Sun, 20 May 2018 02:26:47 -0400
"Robert J. Hansen" wrote:
> Writing just for myself -- not for GnuPG and not for Enigmail and
> definitely not for my employer -- I put together a postmortem on
> Efail. You may find it worth reading. You may also not. Your
> mileage will probably vary. :)
>
I want to get involved and give a damn!
Break backwards compatibility already: it’s time. Ignore the haters. I
trust you.
On 20/05/2018 09:26, Robert J. Hansen wrote:
> Writing just for myself -- not for GnuPG and not for Enigmail and
> definitely not for my employer -- I put together a postmorte
I can't see anyway that S/MIME gets resolved with anything other than
heuristics that look for the footprints of the CBC malleability in efail
(random blocks and/or 8bit content) etc.
There are two other alternatives, only one is plausible, IMO
1) Only allow emails where the signature verifies. I
“We be of one blood, ye and I”
― Rudyard Kipling, The Jungle Books
On 20/05/2018 10:28, Robert J. Hansen wrote:
>> Break backwards compatibility already: it’s time. Ignore the haters. I
>> trust you.
>
> :) :) :) :) :)
>
___
Gnupg-users mailing list
On 05/19/2018 08:28 PM, Robert J. Hansen wrote:
>> Break backwards compatibility already: it’s time. Ignore the haters. I
>> trust you.
>
> :) :) :) :) :)
I'm OK with that :)
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mai
> Break backwards compatibility already: it’s time. Ignore the haters. I
> trust you.
:) :) :) :) :)
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
30 matches
Mail list logo
