On Tue 2016-01-19 15:48:29 -0500, Ludwig Hügelschäfer wrote:
> Advance in cryptography standards, e.g. new keylengths, better
> algorithms: Nobody would regard a 20 year old 512-bit RSA key from old
> PGP2.x times as adequate today. Also, a 5-7 years old 1024-bit
> DSA/El-Gamal should not be life-extended but replaced instead.
>
> Advance in cryptanalysis, e.g. broken algorithms. This is - up to now -
> theoretical, but nobody can know for the future.
Arguably, the recommendations should depend on the current state of
cryptanalysis, and enigmail could update those recommendations with new
versions of the release. For example, a 2-year-old 4096-bit RSA key is
unlikely to need to be replaced today -- extending its expiration would
be a sensible approach.
However, thinking through the logic of what should happen here, and
making it easy for users is a larger task. Patrick has done the simpler
task to provide one check for now. If folks want to brainstorm about
what the logic should actually be for future versions (Patrick's made it
clear that he wants to get 1.9 released without these changes) should
send them here to the list so we can figure out what they should do.
One thing to consider is the "hokey lint" command from hopenpgp-tools,
which indicates potential problems with an OpenPGP certificate.
Writing a version of that kind of thing to plug into enigmail, along
with an automated way of addressing the discovered problems, would be a
great contribution.
--dkg
_______________________________________________
enigmail-users mailing list
[email protected]
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
