Re: SERPENT in OpenPGP?

Christoph Anton Mitterer <calestyo@scientia.net> Thu, 26 August 2010 22:41 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o7QMfjFN056350 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 Aug 2010 15:41:45 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id o7QMfjXk056349; Thu, 26 Aug 2010 15:41:45 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mailgw02.dd24.net (mailgw02.dd24.net [193.46.215.43]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o7QMfhKr056343 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Thu, 26 Aug 2010 15:41:44 -0700 (MST) (envelope-from calestyo@scientia.net)
Received: from localhost (amavis02.dd24.net [192.168.1.113]) by mailgw02.dd24.net (Postfix) with ESMTP id 54A353544E4 for <ietf-openpgp@imc.org>; Thu, 26 Aug 2010 22:41:43 +0000 (GMT)
X-Virus-Scanned: domaindiscount24.com mail filter gateway
Received: from mailgw02.dd24.net ([192.168.1.197]) by localhost (amavis02.dd24.net [192.168.1.106]) (amavisd-new, port 10197) with ESMTP id VL4+hGowhSSJ for <ietf-openpgp@imc.org>; Thu, 26 Aug 2010 22:41:38 +0000 (GMT)
Received: from [192.168.0.100] (ppp-93-104-127-141.dynamic.mnet-online.de [93.104.127.141]) by mailgw02.dd24.net (Postfix) with ESMTPA id C47593540AB for <ietf-openpgp@imc.org>; Thu, 26 Aug 2010 22:41:38 +0000 (GMT)
Subject: Re: SERPENT in OpenPGP?
From: Christoph Anton Mitterer <calestyo@scientia.net>
To: OpenPGP Working Group <ietf-openpgp@imc.org>
In-Reply-To: <3C0E8216-05E0-4E92-BC30-9B63CAEADF59@callas.org>
References: <1282856536.11340.29.camel@fermat.scientia.net> <3C0E8216-05E0-4E92-BC30-9B63CAEADF59@callas.org>
Content-Type: text/plain; charset="UTF-8"
Date: Fri, 27 Aug 2010 00:41:38 +0200
Message-ID: <1282862498.18783.20.camel@fermat.scientia.net>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Thu, 2010-08-26 at 15:00 -0700, Jon Callas wrote:
> OpenPGP has Twofish, for which pretty much all the same things can be
> said. If you don't like AES, you should likely be using Twofish or
> Serpent. OpenPGP happens to have Twofish in it.
Yes I know...
Just don't see the reason why OpenPGP is rather conservative with it's
implemented algorithms.
Not only for ciphers, but also e.g. compression algorithms (supporting
XZ would IMHO make sense).

> 
> If you wanted to write an RFC for Serpent, go for it. Look at the one
> for Camillia as a guide and plagiarize all that you need.
Well a) I'm not sure whether David would be very happy if I plagiarize
his work ;) b) I don't consider myself to be enough of a crypto-guru
and/or expert in the RFC/ID writing mechanisms to do that c) without
support form the community/WG,... this has rather limited changes (IMO).



> > Another issue, which comes just in my mind.... would it make sense
> to
> > add support for stacked encryption?
> > I mean, having a literal packet encrypted with a symmetrically
> encrypted
> > data packet say with cipher A, which in turn is encrypted with
> another
> > symmetrically encrypted data packet say with cipher B.
> > Of course the session key packet would have to be large enough to
> > provide key material for both.
> 
> What problem are you trying to solve? People have done that before.
> You could build this up in an only slightly klugy manner with existing
> OpenPGP components. 
No specific, problem,... I'd just like to see that OpenPGP allows for
even more higher-grade security. I mean really for a very long time
scale.
In in case one cipher is broken (ok I know that this is rather unlikely)
the other ciphers might be still safe (when multiple are used).

Unfortunately, OpenPGP development seems to be quite slowed down to me.
Of course this has advantages but on the other hand I'd like to see many
things that were previously discussed here, e.g.
- PBKDF2
- phasing out SHA1
- ECC (ok this is on its way :) )
- some of the ideas presented in the threads "Series of minor questions
about OpenPG" here, especially:
  - making the standard more strict in several aspects and work against
possible ambiguities. 
  - much more use of the user attribute packet (which IMO should replace
the User ID packet on a long term scale), adding _many_ possible values
that can be signed,... e.g. things like brithday (time), birthplace,
color of eyes ;) ... much more types of names (a common name which would
be about what we have right now in the user ID, family name and given
name (for western contries), other types for different cultures) ... I
could even think of stuff like address and so on.


Cheers,
Chris.