Re: Break backwards compatibility already: it’s time. Ignore the haters. I trust you.

Mirimir mirimir at riseup.net
Tue May 22 03:41:14 CEST 2018 

On 05/21/2018 02:06 AM, Ed Kellett wrote:
> On 2018-05-21 09:56, Andrew Skretvedt wrote:
>> It seems to me that if the pearl-clutchers who would howl too loudly
>> about breaking backwards compatibility were as concerned as they claim,
>> they would realize that software evolves. But this evolution doesn't
>> eradicate its past. GnuPG is open software. It's ganoo-pee-gee!
>>
>> If you're a pearl-clutcher with a legacy use-case, perhaps it's time to
>> really analyze that case. Do you have a darn good reason to want to
>> expose yourself to creeping insecurity? Because its history won't be
>> eradicated, if you /do/ have good reasons, you can maintain for yourself
>> a legacy fork. To do that you may need to have certain skills or be
>> willing to hire-out for them.
> 
> Maybe they just want to be able to read emails that they received a long
> time ago?
> 
> I don't. I didn't start using OpenPGP long enough ago. But I think it's
> a bit unfair to call this "exposing yourself to creeping insecurity". It
> shouldn't ever be dangerous to *read an email* with an up-to-date email
> client, no matter what, because emails shouldn't be able to phone home.
> And the emails we're sending and receiving now aren't going to become
> more dangerous as time passes (though they could become less so, if a
> current vulnerability is mitigated by future client software).

The problem is that many users of up-to-date email clients seem to want
HTML with remote content. That allows Efail, but only if OpenPGP does
not hard fail for unauthenticated cyphertext. And that typically breaks
decryption of cyphertext created by old software, which didn't require
authentication by default.

> I guess what I'm trying to say here is that it's not decrypting old
> crypto that's wrong. It's accepting new emails with old crypto that is
> wrong.

Yes, "accepting new emails with old crypto" is the problem. But Efail
relies on cyphertext embedded in URLs, which won't unauthenticate.

Anyway, the solution is arguably making decryption of iffy cyphertext an
option that must be explicitly selected. Not the default.

More information about the Gnupg-users mailing list