coruus
commented
9 years ago If you would like to comment, please file a new issue. This issue is intended to track progress on the deprecation plan.
Open coruus opened 9 years ago
coruus
commented
9 years ago If you would like to comment, please file a new issue. This issue is intended to track progress on the deprecation plan.
The items to be deprecated have been reviewed and approved by our "consulting cryptographers," Payman Mohassel and Juan Garay of Yahoo Labs.
Support removed
Tag 9 packets. Yahoo and Google have both already deprecated and removed support for Tag 9 (symmetrically encrypted) packets.
These packets provide unauthenticated encryption and, if supported, can be used in a downgrade attack for senders who only use SEIPD packets. See [encrux][encrux] for details.
ASAP
V3 public keys. Yahoo and GnuPG (as of version 2.1) have both already deprecated V3 public keys for any use. We recommend that other implementations do the same.
By May 1, 2015
Yahoo has deprecated, and intends to disable support for all uses, of the following algorithms specified for use with OpenPGP v4:
We do not, at present, support any of the CAMELLIA algorithms or Bzip2. It is unlikely that we will do so in future.
By September 1, 2015
Inconsistent combinations of primitives. In particular, it is likely that we will not support RFC 6637 keys or packets unless they conform to the 128-bit or 192-bit subprofiles specified in that document. (End-to-End does not at present support P-521, but if we add support for curves over that field, we would support an analogous "256-bit" subprofile.)
AES-128. The efficiency of multi-target attacks leaves no safety margin for cryptanalysis. The performance difference between AES-128 and AES-256 on typical messages is negligible.
Eventually
Finally, other things that may eventually result in messages or keys being treated as invalid: