Re: AW: Break backwards compatibility already: it’s time. Ignore the haters. I trust you.

Andrew Gallagher andrewg at andrewg.com
Tue May 22 11:55:36 CEST 2018


On 22/05/18 10:44, Fiedler Roman wrote:
> Such a tool might then e.g. be used on a MitM message reencryption
> gateway: the old machines still send messages with old
> (deprecated/legacy options), they are transformed by "gpg-archive":
> The full data (old message, old decrypt report, reencrypted
> plaintext) go to the auditing storages, the reencrypted plaintext to
> the standard (before MitM) receiver (who does not need to support
> legacy/deprecated from now on anymore).

I don't think we should be encouraging the automated or transparent use
of legacy crypto upgrades, particularly in an online setting such as a
mail gateway. All this does is launder the obviously-dangerous bad
ciphertext into an apparently-safe new ciphertext.

-- 
Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180522/cc9d869b/attachment.sig>


More information about the Gnupg-users mailing list