IETF Logo Mail Archive

Re: [openpgp] First remarks on the last I-D

Paul Wouters <paul@nohats.ca> Fri, 10 June 2022 13:54 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4056AC15B249 for <openpgp@ietfa.amsl.com>; Fri, 10 Jun 2022 06:54:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odXm41x2iQAV for <openpgp@ietfa.amsl.com>; Fri, 10 Jun 2022 06:54:36 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 198E0C159497 for <openpgp@ietf.org>; Fri, 10 Jun 2022 06:54:35 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4LKMs61lLWzDZR; Fri, 10 Jun 2022 15:54:34 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1654869274; bh=ebgMtEQyPAFgZqmV6GF92tG/1vLuOVkXGutVyFAIU8k=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=UWxJzbweTbFq4ddHrrMJ18qgr4jM0+xYHe8tlJ16ghmJzVNMoB0ySZz4+ESgQkgtC nXK0wqZfbaiWdV5Zv5H2xLabDo19fzDvWtqQ42k4QhUE3E4MCPckTXc8heHntLR1m8 iO+bsAgkhLV/pJ658Jw1QdopmVoR8kKfRrnrdUvM=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id e0X6nLpoHrTI; Fri, 10 Jun 2022 15:54:33 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 10 Jun 2022 15:54:33 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 6ED3738B13B; Fri, 10 Jun 2022 09:54:32 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 697EB38B13A; Fri, 10 Jun 2022 09:54:32 -0400 (EDT)
Date: Fri, 10 Jun 2022 09:54:32 -0400
From: Paul Wouters <paul@nohats.ca>
To: Jon Callas <joncallas@icloud.com>
cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Ronald Tse <tse=40ribose.com@dmarc.ietf.org>, openpgp@ietf.org
In-Reply-To: <5100C338-C6DC-4BB1-86A4-DAC353AA82CC@icloud.com>
Message-ID: <7547a547-bb71-2bdd-f85e-91d46476bc6@nohats.ca>
References: <BB9D0AB9-CC8C-420E-8082-E9F64B09BF46@ribose.com> <790E2D75-3B92-4322-A72A-DC8ABED899BF@nohats.ca> <87czfji7w1.fsf@wheatstone.g10code.de> <18396bf2-5319-87c3-095e-f804632618f2@cs.tcd.ie> <5100C338-C6DC-4BB1-86A4-DAC353AA82CC@icloud.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/3qa8yEfgAkTRPTyp-yj47pgzQeI>
Subject: Re: [openpgp] First remarks on the last I-D
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2022 13:54:40 -0000

On Wed, 8 Jun 2022, Jon Callas wrote:

> However, GCM mode is not required for FIPS. It is neither necessary nor sufficient. PGP was the very first software-only FIPS 140 module, over twenty years ago. If someone is claiming that they need GCM mode for FIPS, they're mistaken.

Well, if that FIPS compliance was achieved with 3DES, at this point that would be
a problem as 3DES has been sunset. What non-GCM encryption algorithm is
FIPS approved and supported by OpenPGP ?

> And for what it's worth, I'm also against using GCM mode for storage encryption in particular, and thus in OpenPGP.

Noted. This is good to know.

Paul

v2.23.0 | Report a Bug | By Email