Side-channel attacks

[Robert J. Hansen]

> Migrate? That data is in my mail archive. While it would be possible for
> me to write a program to scan the mail file for pgp blockes, check which
> pgp version is used, decrypt the data, re-encrypt it with a modern gpg
> version and replace that textblock, it would still lose information
> about dates and signatures.

No, and that entire line of argument is disingenuous.

You use PGP 2.6 to decrypt/verify each message.  You verify the 
signature to whatever degree you feel is necessary, and write an 
attestation: "On January 21 at 12:56am I successfully decrypted this 
message with hash value X and verified the PGP 2.6 signature as 
belonging to Y.  I then re-encrypted it to myself, and that ciphertext 
has hash value Z."  Sign the attestation.  You re-encrypt the plaintext 
to your current OpenPGP certificate.  You attach (via PGP/MIME) the PGP 
2.6 ciphertext and your attestation.

Presto.  You now have encrypted text you can use with GnuPG 2.3.  If you 
need to verify the document you can verify the signature on the 
attestation.  If the signature is good, clearly no one has tampered with 
your declaration.  To do a more rigorous verification you can check the 
hash values of the ciphertexts.  To do a most-rigorous verification you 
can run PGP 2.6.3 on the original attachment.

We've known how to do this for at least a quarter-century, Johan.

25 years.

Twenty.  Five.  *Years*.

Now, it's true that hardly anyone does this, and there's not exactly 
much demand for tools that do this.  That is, I'm convinced, because in 
the real world, there's nobody who needs to do this.

I repeat: if you really needed this functionality, you've had a 
quarter-century to do something about it, a quarter-century where we've 
known what to do about it.  If you're not migrating, that's on you.