Re: [openpgp] First 4880bis drafts
Ian G <iang@iang.org> Thu, 05 November 2015 19:30 UTC
Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF1141B2C04 for <openpgp@ietfa.amsl.com>; Thu, 5 Nov 2015 11:30:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xGhnjVmbx8ZL for <openpgp@ietfa.amsl.com>; Thu, 5 Nov 2015 11:30:54 -0800 (PST)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 491FC1A87BC for <openpgp@ietf.org>; Thu, 5 Nov 2015 11:30:54 -0800 (PST)
Received: from Agent86.local (iang.org [209.197.106.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by virulha.pair.com (Postfix) with ESMTPSA id 842F56D748; Thu, 5 Nov 2015 14:30:53 -0500 (EST)
To: openpgp@ietf.org
References: <87lhaet2cq.fsf@vigenere.g10code.de> <20151104182705.86af2e43c8@baae13974eb4556> <20151105013051.GD3896@vauxhall.crustytoothpaste.net>
From: Ian G <iang@iang.org>
Message-ID: <563BAE6C.6070100@iang.org>
Date: Thu, 05 Nov 2015 19:30:52 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <20151105013051.GD3896@vauxhall.crustytoothpaste.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/53kRjypu6HbL5INA-C8R_vNIg04>
Subject: Re: [openpgp] First 4880bis drafts
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2015 19:30:55 -0000
On 05/11/2015 01:30, brian m. carlson wrote: > On Wed, Nov 04, 2015 at 06:34:33PM +0100, Aaron Zauner wrote: >> * Werner Koch <wk@gnupg.org> [04/11/2015 12:51:25] wrote: >>> o Added Camellia cipher from RFC 5581. >> Hrm. I'm against this. ++1++ >> CAMELLIA is going to be deprecated in e.g. >> TLS because barely anyone uses it. I'm explicitly excluding anything >> other than AES128 or 256 from my GnuPG config currently, I haven't >> noticed any breakage in almost a year: >> https://github.com/azet/dotfiles/blob/master/.gnupg/gpg.conf > As Werner pointed out, Camellia has been around for some time. Whatever - let implementations provide Camellia if they want to; they will to handle archives and so forth. The *standard* should do better, work for the benefit of all. The standard should have an aggressive role in deprecation. > It's > also good to have enough diversity that if someone comes out with a > major attack against AES, we're not totally sunk. This is hypothetical. It's never happened in our time. Our cryptographers are better than that, let's rely on them. > Camellia is a Feistel > cipher, while AES is a substitution-permutation network, which means > that attacks are unlikely to work against both. Sorry - can we worry about realistic user problems not hypothetical academic issues? > Currently, if AES were to be broken, TLS implementations would not > interoperate at a 128-bit or higher security level. OpenPGP would > continue to function without much thought, which is a major asset. ? AES isn't going to be broken. Software is going to be buggy - let's reduce complexity. Protocols might be flawed, let's make it simpler. But AES broken? No. Get realistic. > I'm for deprecating algorithms which provide less than a 128-bit > security level, such as SHA-1 and 3DES. It is the case that we face a threat around the 80 bit mark. Sure. So, I'd suspect we're going to set a mark for future OpenPGP at the 256 bit level. This would have been a no-brainer until recent NSA Suite B news. Does anyone have a feeling for where we'd like to draw the line now? iang
- [openpgp] First 4880bis drafts Werner Koch
- Re: [openpgp] First 4880bis drafts Aaron Zauner
- Re: [openpgp] First 4880bis drafts Werner Koch
- Re: [openpgp] First 4880bis drafts Daniel Kahn Gillmor
- Re: [openpgp] First 4880bis drafts brian m. carlson
- Re: [openpgp] First 4880bis drafts Aaron Zauner
- Re: [openpgp] First 4880bis drafts Aaron Zauner
- Re: [openpgp] First 4880bis drafts Robert J. Hansen
- Re: [openpgp] First 4880bis drafts Ian G
- Re: [openpgp] First 4880bis drafts Aaron Zauner
- Re: [openpgp] First 4880bis drafts Aaron Zauner