Re: Break backwards compatibility already: it’s time. Ignore the haters. I trust you.
Mark Rousell
markr at signal100.com
Tue May 22 02:50:49 CEST 2018
On 21/05/2018 14:06, Ed Kellett wrote:
> I think it's
> a bit unfair to call this "exposing yourself to creeping insecurity". It
> shouldn't ever be dangerous to *read an email* with an up-to-date email
> client, no matter what, because emails shouldn't be able to phone home.
> And the emails we're sending and receiving now aren't going to become
> more dangerous as time passes (though they could become less so, if a
> current vulnerability is mitigated by future client software).
>
> I guess what I'm trying to say here is that it's not decrypting old
> crypto that's wrong. It's accepting new emails with old crypto that is
> wrong.
>
Well said (both paragraphs).
What Andrew Skretvedt suggested is a clear example of what I earlier
described[1] as "throw your long-time users or their data under the
bus". It's not a reasonable option.
[1] https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060512.html
--
Mark Rousell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180522/15d7e68c/attachment.html>
More information about the Gnupg-users
mailing list