Re: [Cfrg] ISE seeks help with some crypto drafts

Aaron Zauner <> Sat, 09 March 2019 11:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 64674126D00 for <>; Sat, 9 Mar 2019 03:36:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id samAqorZTFvM for <>; Sat, 9 Mar 2019 03:36:07 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BA299124C04 for <>; Sat, 9 Mar 2019 03:36:06 -0800 (PST)
Received: by with SMTP id g12so125441wrm.5 for <>; Sat, 09 Mar 2019 03:36:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gmail; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SRYHJN3eBoTs51yhunPGCL100kSu/55MsyUMJim7n2E=; b=Weji2LG5oUPcV7h4L/VFIDq73NSCKZSC5ZexWQJRCX682OaLMxeVJdLYx29fyLErfH HFMpBetpokUfiR9Pf+y+9aGmQl4Q/GrLzvYDCrsivcZOqpEyGsYnFI7w5eu7ud5/xp/W arpKhbIL+TpMjP4PdR8KL6Ih+Mr+mqKzdliBM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SRYHJN3eBoTs51yhunPGCL100kSu/55MsyUMJim7n2E=; b=rFBNSoh7BzkXEjpjqEEOPNwWm35Nba7l/eSYnKdav4oO7NGGUi5FF6KWU+3bMwuFWt dUmm8fuHvdSuSJUYbRZkpI36NIiXd4dEdBAmW916y58uEfImxR6R7Hr8m3TzOMizdByy b6Coh2CgWMZwRjMi5MlztzdUsQlfXNK6SBMg0MOw4etP6lBLOfTAeLLrGB/hyTUDZklr Bctcs4h/jZ2Miit5QCiDNgir8uL+dSBE1r7DD1OmqwcVC2PJL4uXchWLHMahS9V0O98f MBMjVOqnwoEPPKORrHnZrtHsKgEhjcq0Spm10afICo1gITfr2GXicFBhwfyNiVzrS3YM CmNQ==
X-Gm-Message-State: APjAAAWVhzfJ6fdaKVLpgTP1U5pBXZ5iC4ezhU/qnu/TixS8bHZcMs6x +i1pf4cBsQPapgQnZsppwFtpvw==
X-Google-Smtp-Source: APXvYqwBdffRG/efpjn28ifjGC7SCl/j3zMV6V268eAVL1NU0yj5cPTVVXVW66s3j8PEIh/uSTcAiA==
X-Received: by 2002:adf:f410:: with SMTP id g16mr14867297wro.246.1552131365093; Sat, 09 Mar 2019 03:36:05 -0800 (PST)
Received: from aarons-macbook.lan ([]) by with ESMTPSA id d21sm1558752wrc.44.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 09 Mar 2019 03:36:03 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Aaron Zauner <>
In-Reply-To: <>
Date: Sat, 9 Mar 2019 12:36:01 +0100
Cc: John Mattsson <>, "" <>, "" <>, "" <>, "" <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <>
To: Tony Arcieri <>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <>
Subject: Re: [Cfrg] ISE seeks help with some crypto drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 09 Mar 2019 11:36:09 -0000


I see some really misinformed comments in this thread.

There’s a general IPR exemption for OCB(3) for IETF by Rogaway and the IBM Corporation (Jutla), which is everything that’s necessary to go ahead and stanardize and use that mode. I’ve previously spent quite some time cultivating a AES-OCB ciphersuite draft* for TLS 1.2 (not necessary for 1.3 IMO) as an alternative to GCM. Unfortunately back very few people really seemed to understand why I’m working on this and only a handful were really interested with the whole standardidzation of TLS 1.3 going on and lots of custom $vendor extensions being discussed. I was thinking to pick this up again as it’d make sense  for TLS 1.2 still and as OCB3 is a CEASAR finalist there’s something new to add to the paper (and the security section w.r.t. OCB2 attacks - where I agree with Tony - have nothing to do with OCB3 from what I could tell reading them), anyway. The IPR exemptions are over here:

It took IBM lawyers quite a while working this out but after I contacted Rogaway he was very forthcoming and came up with that exemption within a few weeks of initially talking to him about the topic in general, as was Jutla once contacted by Rogaway (working at IBM, he had to contact legal and go through all kinds of bureaucracy from what I understood).

Hope that helps to clear things up a bit.