Re: [openpgp] OpenPGP encryption block modes

Daniel Huigens <d.huigens@protonmail.com> Mon, 08 August 2022 16:02 UTC

Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E5F4C159498 for <openpgp@ietfa.amsl.com>; Mon, 8 Aug 2022 09:02:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FAgO5Br_eCEl for <openpgp@ietfa.amsl.com>; Mon, 8 Aug 2022 09:02:19 -0700 (PDT)
Received: from mail-40134.protonmail.ch (mail-40134.protonmail.ch [185.70.40.134]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22D46C157B52 for <openpgp@ietf.org>; Mon, 8 Aug 2022 09:02:18 -0700 (PDT)
Date: Mon, 08 Aug 2022 16:02:12 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1659974536; x=1660233736; bh=/9eLW5w8R19B83ZLYtNoATpsFLZDm7Rq94NgAfVxPHQ=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=zIHBDJ14shlaVk9RqzfJjtBGOY3AAb87XB/LcaL8eOaofl60Yeys5MbG7deyqxGZw q6Wh3cNU9GxfL8OiHKUF2noW8Lj219pM1xPaQlE93mmR+azQlb0zmp5ay0L6KZ3ZBo y9y8KvTcLPZUh0a/9Wij22SqSUAPWG9u1xFjS4HJufwEcpOSkam3S10EhgHXnJWxvM SEIh0oJxBwjbXsAKYKzIMdnRVLzEBNVQTutFNWC/0NUbDt3lLmbqyLYETwUzAANOTv GhEmhpwTPizx+LlkzHvlgRh+s+cIHyKDxVrgMDMj2A3ZwgbVLjPh69GdgWT8GcMHAQ hYxefktf8p5DQ==
To: Bruce Walzer <bwalzer@59.ca>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: Aron Wussler <aron@wussler.it>, justus@sequoia-pgp.org, openpgp@ietf.org
Reply-To: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <EIluIehL1028hAglLLbG1mbdMGRxOLqTzTgvXAgQWkdZ42Fm4Pe1xYNyChD1eWWwHmDF-cJx7nqHDa_fO8Ms0DYsQE0FV6_2KSQOjNBOKjw=@protonmail.com>
In-Reply-To: <YvExM2+s+cdHJgGI@watt.59.ca>
References: <YuAErZRsF/KbOw1s@watt.59.ca> <875yjhjg2c.fsf@thinkbox> <87r124m64c.fsf@wheatstone.g10code.de> <YulX9jI1+wOCwLJq@ohm.59.ca> <Q6EUpbQm0e5f1OiU-77Old9p9FXyLCaFZ8pMm7PTt8VTLQJaXRQzWIDSwc3db6yI-56imyOaTNdt9TC8Zrm1jN_kPKxFYH4OqEu6o-Wfquo=@protonmail.com> <YuvlHdLz0Sfle7Ot@ohm.59.ca> <87a68ji1bv.fsf@wheatstone.g10code.de> <kV1o2wor4b750-i-DJcjlGhlrx5-NAgguHX6etvEE2GZCIifuBMhKCK8qknPWBEWvDSy0OntIlPCZOA4YLEQwa1vKyyZoBYshLtVv1qJ0Vs=@wussler.it> <YvExM2+s+cdHJgGI@watt.59.ca>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/0PEsbJP3-60RaRCjUzKS35ZKC_Y>
Subject: Re: [openpgp] OpenPGP encryption block modes
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2022 16:02:23 -0000

On Monday, August 8th, 2022 at 17:52, Bruce Walzer <bwalzer@59.ca> wrote:

> Is having a mode that is optional but resides in the preferences
> something that has ever been seen in normal OpenPGP usage?

For modes there wasn't, because the CFB mode was hardcoded in OpenPGP,
but for cipher suites, this already exists, so there is precedent there.

So all the following arguments already apply; if an implementation
chooses to signal support for Camellia, for example, then messages
encrypted using that cipher can forever only be decrypted using an
implementation that supports it. The same is true if the implementation
generates a key using a non-mandatory public key algorithm or curve.
That seems like a reasonable trade-off to me if the non-mandatory
algorithm offers something specific in return (e.g. improved security
or better performance for specific implementations or hardware, etc).

Best,
Daniel