Mailing List Archive

On Tue, 30 Jun 2020 00:55, Johan Wevers said:

>> Do not use 1.4 unless you have to decrypt old non-MDC protected data or
>> data encrypted to a legacy v3 key.
>
> Do not break backwards compatibility if you want all people to upgrade.

Do not update so that the bad guys can exploit your legacy software ;-)

There are well documented reasons what we don't support MDC and PGP3
keys anymore - it was complex to support and virtually impossible to
make sure that the message has not been tampered with. See the
discussion around EFFail of MUAs using gpg in a brittle and insecure
way.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

* Fourhundred Thecat:

> I am basing my judgment on universal principles, that apply not only
> to gpg or other software, but design of any systems in general.

Universal principles, oh my. In other words, you don't know nearly
enough about the finer points of GnuPG design goals, don't know much
about the challenges of evolutionary software design, and thus don't
know too well what you are talking about, universally speaking.

Show us a body of your work which proves you have the necessary skills
to critique the GnuPG authors' work. Until you do, your "judgment" is
moot.

> Take a car, as an analogy: [...]

Unrelated nonsense. Was that really the best you could come up with?

-Ralph

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> On 2020-06-30 12:26, Ralph Seichter via Gnupg-users wrote:
> * Fourhundred Thecat:
>
>> I am basing my judgment on universal principles, that apply not only
>> to gpg or other software, but design of any systems in general.
>
> Universal principles, oh my. In other words, you don't know nearly
> enough about the finer points of GnuPG design goals, don't know much
> about the challenges of evolutionary software design, and thus don't
> know too well what you are talking about, universally speaking.
>
> Show us a body of your work which proves you have the necessary skills
> to critique the GnuPG authors' work. Until you do, your "judgment" is
> moot.

An idea should be considered on its own merit. You should counter my
criticism with facts, instead of attacking me personally.

I stand behind my statement, that it is a sign of bad design, when gpg
does not work on a read-only filesystem.

You can either reply with counterargument, or ignore my messages in this
thread.

Cheers,


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

* Fourhundred Thecat:

>> Show us a body of your work which proves you have the necessary
>> skills to critique the GnuPG authors' work. Until you do, your
>> "judgment" is moot.
>
> An idea should be considered on its own merit.

What "idea" would that be, exactly?

> You should counter my criticism with facts, instead of attacking me
> personally.

I am not attacking you. Read what I wrote in this thread. I just doubt
that you have enough knowledge about the motivation behind and the inner
workings of GnuPG to offer your "critique" (which I consider personal
dislike for certain behaviour) until you convince me otherwise.

Based on what you wrote so far, you are just some random person behind a
pseudonym. What are your credentials in this field? What qualification
do you have that would enable you to call the work of other people "bad
design" with actual justification? Have you designed and maintained
software on the scale of GnuPG, for decades, with a worldwide user base,
dealing with security, usability and compatibility issues, having to
find some compromise between the various aspects?

> You can either reply with counterargument, or ignore my messages in
> this thread.

You can either tell people why your opinion should matter, or live with
being called out for not doing so.

-Ralph

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 30-06-2020 12:10, Werner Koch via Gnupg-users wrote:

>> Do not break backwards compatibility if you want all people to upgrade.
>
> Do not update so that the bad guys can exploit your legacy software ;-)
>
> There are well documented reasons what we don't support MDC and PGP3
> keys anymore - it was complex to support and virtually impossible to
> make sure that the message has not been tampered with.

Not supporting encryption anymore I can understand, but by removing
decryption ability which makes old mail archives unusable you can't
realistically expect people to abandon 1.4 completely.

Complex, nah, you can always put the v3 key code in a separate set of
functions that are called when a v3 header is detected. Maybe not the
cleanest design but for code that is probably not going to see any
changes it would work.

--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

Fourhundred Thecat <400thecat@gmx.ch> wrote:
> In case of gpg, there is one mode where you generate your key pair, change configuration files, or any other read-write operation.
>
> But for general usage, there is no reason for the key pair to need to be writable.

Sure. So there is none:

$ chmod a-w $GNUPGHOME/pubring.kbx $GNUPGHOME/private-keys-v1.d/*
$ echo foo | gpg -qe --default-recipient-self | gpg -qd
foo

Fourhundred Thecat <400thecat@gmx.ch> wrote:
> In fact, gpg epitomizes a perfect anti-UNIX design. (See Eric S. Raymond for details, what UNIX philosophy means)

> I believe this project is going in the wrong direction, and bad design decisions are being made.

Was not it you who have just complained about introduction of gpg-agent, that is about switching from a solid rock tool to a set of independent programs that are communicating via textual streams — in other words, about GPGv2 be much more UNIX-wayish that GPGv1?

> There are more examples of bad design.

> For instance, even for basic operations (encrypt, decrypt) ‹…› gpg still requires my ~/.gnupg/ to be writable (cannot me on read-only filesystem)

Heh. Use of files as a temporal storage medium or just unique entities for anything from sockets to boolean flags, and therefore a need for writable FS to store them, is a hallmark of UNIX-way design.

You might believe that UNIX-way design is a bad design, of course, and that GPG should have joined the trend of moving _away_ from it before it had became a mainstream (cf. systemd, Wayland, etc); but saying ‘UNIX’ to mean ‘cool’ looks funny as hell.

> I am basing my judgment on universal principles, that apply not only to
> gpg or other software, but design of any systems in general.

There is no such universal playbook. It simply does not exist.

In his book _Lila_ the philosopher Robert M. Pirsig wrote that morality
is not a set of universal principles, so much as it is what emerges from
the interplay of conflicting principles that are at odds with each other.

You can say the same about software engineering. There are no universal
principles, only rules of thumb that are often at odds with each other.

Learn about GnuPG's design and why it is the way it is, _then_ judge it.
To loftily decree there exist universal principles and thus you don't
need to learn the specifics before judging is little different from the
judge who decrees that murder is illegal and so doesn't need to learn
whether the accused was acting in self-defense.

> Imagine what a mess it would be, if you tried to design a car where the
> engine can be replaced while you are driving. I have no experience
> designing cars, but that does not prevent me from seeing this would be
> bad design specification.

I'm an amateur auto racer, and this sounds like an *awesome* idea. In
virtually all races pit crews are required to not touch the car until
it's stopped moving, entirely for safety reasons: when there's a
thousand-kilo piece of metal in motion, it's wise to require people to
stay clear of it. If you could figure out a way to make it safe to make
changes to a car in motion, you'd have every NASCAR and SCCA team
beating a path to your door.

Your "universal principles", well -- aren't.

> On 2020-06-30 13:27, Ralph Seichter via Gnupg-users wrote:
> * Fourhundred Thecat:
>
>>> Show us a body of your work which proves you have the necessary
>>> skills to critique the GnuPG authors' work. Until you do, your
>>> "judgment" is moot.
>>
>> An idea should be considered on its own merit.
>
> What "idea" would that be, exactly?
>
>> You should counter my criticism with facts, instead of attacking me
>> personally.
>
> I am not attacking you. Read what I wrote in this thread. I just doubt
> that you have enough knowledge about the motivation behind and the inner
> workings of GnuPG to offer your "critique" (which I consider personal
> dislike for certain behaviour) until you convince me otherwise.
>
> Based on what you wrote so far, you are just some random person behind a
> pseudonym. What are your credentials in this field? What qualification
> do you have that would enable you to call the work of other people "bad
> design" with actual justification? Have you designed and maintained
> software on the scale of GnuPG, for decades, with a worldwide user base,
> dealing with security, usability and compatibility issues, having to
> find some compromise between the various aspects?
>
>> You can either reply with counterargument, or ignore my messages in
>> this thread.
>
> You can either tell people why your opinion should matter, or live with
> being called out for not doing so.

We are moving in circles. Looks like you have no real arguments, and
keep repeating same stuff all over again.

I see no benefit for anybody in continuing this discussion.

But thanks to everybody who participated. It helped me to get an idea
about this community.

Cheers,

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

* Fourhundred Thecat:

> Looks like you have no real arguments, and keep repeating same stuff
> all over again.

*You* accusing *me* of not having real arguments is just precious. :-)

> I see no benefit for anybody in continuing this discussion.

At last, we can agree on something.

-Ralph

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users