> -----Ursprüngliche Nachricht----- > Von: Gnupg-users [mailto:[email protected]] Im Auftrag von Ralph > Seichter > Gesendet: Dienstag, 22. Mai 2018 12:59 > > On 22.05.18 03:42, Mark Rousell wrote: > > > Preventing users from encrypting new data using legacy encryption does > > NOT need to mean that other users have to be prevented from (quite > > legitimately) accessing archived data using legacy encryption with > > maintained software. > > Who said "have to be prevented"? Please keep in mind that GPG is > maintained on a voluntary basis. If the people who do the actual work > decide to not maintain outdated software anymore, so they can focus > their limited resources on current releases, they are completely free > to do so and don't deserve to be chastised for the decision.
I'd favour a pragmatic approach, drawing the line depending on the state of technology: we all know that encryption does not provide absolute security; it provides relative security for a limited time. Relative because it depends on the means the adversary has, and limited time because of technological progress. Old files encrypted with a method that is trivially crackable today are actually not encrypted, they're just encoded in a fancy way. Users with such files should reevaluate their encryption strategy, and not depend on gnupg to be a permanent decoding tool. But on the other hand, email encryption can never clean up as radically as TLS1.3, because it has to provide protection for data-at-rest, too, which TLS doesn't have to address. So unless an algorithm is completely broken, it should stay supported, at least for decryption. -- Ernst-Udo Wallenborn Pgp 22FB 1CB2 82D8 A903 A289 053B 4015 1361 6040 82F7 _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
