Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis

Ronald Tse <> Sat, 28 October 2017 08:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8F79013FAC1 for <>; Sat, 28 Oct 2017 01:02:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YHkpudC4yRFZ for <>; Sat, 28 Oct 2017 01:02:08 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DE5FE13FABF for <>; Sat, 28 Oct 2017 01:02:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-ribose-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Lhq4lO1hW9Xc64VBpGqA5SXVs+XhzX4SawVavHAmKUs=; b=w7FlVPgigJCZG/+cM/CpKo1yr9AmltWsDDpSQnim5Q32zWoNapNNLAZIDYPI4Ugf0sd9VX+NJVhPgTdwFZh6fLN73QPhpQe3UUf5RtYDZBW/YbCwAzR+krffoUQ4r8K3qC/Q/XqRVC4rIHE2FkOlPCJ4LofqzAFV0IvvGbCgEqI=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id; Sat, 28 Oct 2017 08:02:01 +0000
Received: from ([fe80::38f5:8fb:9da0:a038]) by ([fe80::38f5:8fb:9da0:a038%14]) with mapi id 15.20.0178.010; Sat, 28 Oct 2017 08:02:00 +0000
From: Ronald Tse <>
To: "" <>
Thread-Topic: [openpgp] Proposal to include AEAD OCB mode to 4880bis
Date: Sat, 28 Oct 2017 08:02:00 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; PS1PR01MB1050; 6:qgFsqAcPdZoOcUucQLDN+Rs46ECu+l/MKRzVRXBk4h2wkMUIhT3APYJNELlYyh1S2KC1p3yJ+WhGD4a3RDUcv+3M2rdG2Oq9iVzPkOPrUJPbP+S+TectA64InbfkPQETUyDRTsCcGISbXWzi7EiyKO3D/w/FBqBq9qiNe3non4VDInYkQ0vXacL13djFL+rE35DtP/cvovMccPWYzKRYDO3qZ/a949LVfOKRVaqsTsgs1OX6urKbEbowGBew2GwEOu2Qyhext1ruEjC40aECrwmobuQhin5fcqZ+4J+3s0mtmILMxt2WBhEiRLlX/Es4Blpnaz6rb33hGOW4CkLoEMe9hFZRca2n2DxCC9IEtPA=; 5:kNdSS+cU/Equ6ApyQAPobloHMyi7Uswg5KcjVRgx8N+kE7FB0iOzT+0e1qHjPHPxdKH9wt7PauO0zez0ZYUSABlYVcKKsPLJWMMwsfZ3xhYL9Nr3f4aoxc7g7YATDvyou2T2zYgfoEExWoCEN94Rgizs3Cm/cjFMfWQI8M938Qg=; 24:OJnhEenLlFNwlbRSiGGItJVVdvOw2VZYeTLAfN5S2djmdZi1N/2ywrn5QJwzVR8jbf8LcRsfO+gMDw1QvJalgJhhhOvCT5tksZcWM4D9TWM=; 7:Ep2SSqX7ICndpmmep+5EILoHbhA7iFZNwZvBrfLkPXZh0fg8wQ4kX/d6vw17aqPDZKLQwZ95bsi4RZoIIVc0066lRsYs7aZaYJHbo6YUuuvEGUqiOlgD2hc3OMmoHxhC1cMU41pzo42roxj/LfEIWHeCHogQq7lVJLgbETvO2oEaBeVcE9QxSB4gVAkeq3V63EgrhJoAGPFAe6Jdwt59jYqi3t9eTTyeW3PM9T9x1r0Vj7qhwci9hfzSDq64c4KY
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: a02e6aa0-2099-48b0-b3ac-08d51dda2b4c
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4603075)(2017052603199); SRVR:PS1PR01MB1050;
x-ms-traffictypediagnostic: PS1PR01MB1050:
x-exchange-antispam-report-test: UriScan:(100405760836317);
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231020)(10201501046)(3002001)(93006095)(93001095)(100000703101)(100105400095)(6041248)(2016111802025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123558100)(20161123564025)(6043046)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:PS1PR01MB1050; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:PS1PR01MB1050;
x-forefront-prvs: 04740D25F1
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(39830400002)(24454002)(199003)(189002)(966005)(93886005)(81156014)(2950100002)(189998001)(5640700003)(6116002)(102836003)(606006)(101416001)(3846002)(5250100002)(2501003)(25786009)(53546010)(2900100001)(82746002)(5660300001)(54896002)(6306002)(53936002)(99286003)(6246003)(6436002)(83716003)(2351001)(105586002)(6512007)(478600001)(236005)(68736007)(3280700002)(7736002)(86362001)(3660700001)(14454004)(229853002)(36756003)(66066001)(6486002)(33656002)(2906002)(106356001)(6506006)(97736004)(81166006)(8676002)(8936002)(1730700003)(76176999)(50986999)(54356999)(316002)(6916009)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:PS1PR01MB1050;; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_06D50F4826BD47298071576DA8E226AAribosecom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: a02e6aa0-2099-48b0-b3ac-08d51dda2b4c
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2017 08:02:00.6503 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d98a04ff-ef98-489b-b33c-13c23a2e091a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS1PR01MB1050
Archived-At: <>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 28 Oct 2017 08:02:12 -0000

It is of course an issue for implementer adoption as well as user adoption. If no one implements it, no user can use it, no matter how much they want it. And since there are people who want to implement this, I don’t think the intention of the spec is to stop implementers from doing so.

The stated concern is only about whether Debian will carry any cryptographic library that implements OCB. OpenSSL and Botan are both Debian packages that already contain OCB today, and it should not be different with libgcrypt. At least it seems that the other issues are addressed.

Everyone has different expectations of what the spec should be, or what IETF RFCs should be or should stand for. In this case, I do not believe the IETF publication process has anything to do with the objection of OCB. Especially in this case, the patent owner has already demonstrated strong history of allowing open source usage.

We all appreciate the work put into adding the AEAD packet specifications and making a real registry of it. It should be a good thing that someone proposes to actually use the AEAD registry. There’s really no reason blocking others from doing what they want.

Again, no one is taking anything away from the spec with a “MAY” phrase.


Ronald Tse
Ribose Inc.

On Oct 28, 2017, at 8:33 AM, brian m. carlson <<>> wrote:

On Fri, Oct 27, 2017 at 10:12:51AM +0000, Ronald Tse wrote:
3. The misunderstanding that OpenPGP implementers will not implement OCB due to IPR disclosures.

This has nothing to do with whether implementers will implement it.
This has to do with whether users will be willing to use a spec or
implementation that has patent concerns associated with it.

Werner of GnuPG, has already indicated support to OCB on multiple
occasions. Our own open-source OpenPGP implementation, RNP, will
implement OCB. Anyone that uses popular cryptographic libraries like
OpenSSL and Botan can already implement this and is covered by the

GnuPG relies on libgcrypt for cryptographic functionality.  On Debian,
libgcrypt is linked into Xorg, which is often linked to proprietary
software such as graphics drivers.  Since Debian cannot avail itself of
license 2 (because restrictions on military use are unacceptable) and
license 1 prohibits uses with proprietary software, Debian's GnuPG is
unlikely to have support for OCB unless Debian ships two separate copies
of libgcrypt.  For the same reason, Ubuntu is also likely to have the
same policy.

I've filed a bug with Debian to bring this to their attention.

These are the kind of practical reasons that patented software is
problematic and should not be a part of any specifications.  I don't
believe there's a consensus on adding this, since the groups seem at
best evenly split.  Previous opinions in the working group were mostly

I remain wholly opposed to including OCB in the OpenPGP specification,
and if this specification should make it to last call with OCB included,
I will oppose it on those grounds.
brian m. carlson / brian with sandals: Houston, Texas, US | My opinion only