AW: AW: Break backwards compatibility already: it’s time. Ignore the haters. I trust you.

Tue May 22 12:34:29 CEST 2018

> Von: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] Im Auftrag von
> 
> On 22/05/18 10:44, Fiedler Roman wrote:
> > Such a tool might then e.g. be used on a MitM message reencryption
> > gateway: the old machines still send messages with old
> > (deprecated/legacy options), they are transformed by "gpg-archive":
> > The full data (old message, old decrypt report, reencrypted
> > plaintext) go to the auditing storages, the reencrypted plaintext to
> > the standard (before MitM) receiver (who does not need to support
> > legacy/deprecated from now on anymore).
> 
> I don't think we should be encouraging the automated or transparent use
> of legacy crypto upgrades, particularly in an online setting such as a
> mail gateway. All this does is launder the obviously-dangerous bad
> ciphertext into an apparently-safe new ciphertext.

Agreed, but I did not mean "e-mail" when writing "message". "Message" would more some encoded data block from a remote device, that has to be pushed to a central system from time to time, e.g. for auditing. Thus the gateway exactly knows the sender's key (usually it is only one for all systems with the same security level/in the same security zone) and re-encrypts it with a single key also known to the recipient. Usually the recipient has all the trusted keys hardcoded.

For "e-mail" type messages, as you noted, a transparent re-encryption would be more risk than benefit in many cases. Still, it might be useful for semi-automated migration scenarios, e.g.

* User clicks on a very old e-mail message

* Gnupg fails decrypting it, referring to the migration tool and asking for confirmation

* The migration tool migrates/replaces that single message if the user wants that. For e-mail, creating a mime-tree might come in handy, e.g.

- plaintext message (reencrypted)

- decryption/migration protocol (encrypted)

- old message (full old mime structure, also encrypted but without decrypting it first - thus providing data at rest protection while still preserving all the old structures for traceability)