Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
Paul Wouters <paul@nohats.ca> Sat, 28 October 2017 08:24 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B579C139976 for <openpgp@ietfa.amsl.com>; Sat, 28 Oct 2017 01:24:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bSyrFRPelc5p for <openpgp@ietfa.amsl.com>; Sat, 28 Oct 2017 01:23:58 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB0FB139982 for <openpgp@ietf.org>; Sat, 28 Oct 2017 01:23:57 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3yPDKk4sFWz1L5; Sat, 28 Oct 2017 10:23:54 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1509179034; bh=+vvV4z8FchW2Hz3QKucVDRwgJLo7hGHKlKm2xSJaFbI=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=uxTCG8TShcmC84rRzFApaoBT46LLU3e3jgyqyfYoajFpKTj+AkhU5WRhavc2VP6hb Fn9iw68YbtooA2kthuuj4mN9ugHRc+C5HdB2LEbKFcmLQ56IKNC+Htfv9TxJ4Aj2j5 1x077ZtgJq1VjdtlNOFae+s4UiTWeoHR1GmD2ad0=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id yzsWGN3fnw9e; Sat, 28 Oct 2017 10:23:53 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sat, 28 Oct 2017 10:23:53 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 2950462D29; Sat, 28 Oct 2017 04:23:52 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 2950462D29
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 251BB40D35AF; Sat, 28 Oct 2017 04:23:52 -0400 (EDT)
Date: Sat, 28 Oct 2017 04:23:51 -0400
From: Paul Wouters <paul@nohats.ca>
To: Ronald Tse <tse@ribose.com>
cc: "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <06D50F48-26BD-4729-8071-576DA8E226AA@ribose.com>
Message-ID: <alpine.LRH.2.21.1710280403490.7356@bofh.nohats.ca>
References: <D0505748-E376-4CF9-8906-9AD77838FB23@ribose.com> <1508981649515.71466@cs.auckland.ac.nz> <07C9EFDF-C8C2-4433-A9F9-DC3D7AFD5499@ribose.com> <6AC83857-62D9-45DF-9DAE-928CF0E45A96@nohats.ca> <87she556tv.fsf@wheatstone.g10code.de> <1509093954061.51049@cs.auckland.ac.nz> <36023233-856C-4A6D-BAF9-28037B4DA0F7@ribose.com> <20171028003345.6y5igwx5cuxfxlkm@genre.crustytoothpaste.net> <06D50F48-26BD-4729-8071-576DA8E226AA@ribose.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/6DUXmzQ4jkue9JrZkmCqNDVnfWA>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Oct 2017 08:24:01 -0000
On Sat, 28 Oct 2017, Ronald Tse wrote: > We all appreciate the work put into adding the AEAD packet specifications and making a real registry of it. It > should be a good thing that someone proposes to actually use the AEAD registry. There’s really no reason blocking > others from doing what they want. > > Again, no one is taking anything away from the spec with a “MAY” phrase. For protocols like IKE/IPsec or TLS, where you negotiate a cipher suite, MAY algorithms are fine. For a protocol where both parties are not online at the same time, and where one party might not know the other party's capabilities at all, a MAY algorithm can lead to non-interoperability (with human latency involved) Do OpenPGP public keys list all the encryption algorithms and signature algorithms supported by that user? If not, then there should really only be MUST algorithms (current crypto) and SHOULD algorithms (for things being sunset). If OpenPGP public keys do list these, do we have any information how current these are for most published public keys? It would have been nice to have had OCB support when it was invented. By now, the gains are pretty minimal. While there is an argument for having a "stand by" or "backup" algorithm that is universially supported, I would say chacha20/poly would be the better AEAD candidate. And I don't agree with your handwaiving about the various different licenses and use cases. The fact that there is a discussion and unclarity about this at all shows that there is an issue here. It's not that I dislike OCB. I looked at OCB a few years ago when TLS got special permission to use it, to see about defining it for IKE/IPsec as well, but the TLS draft authors made it clear they took years getting all the permissions and licensing in place, and it listed "TLS" specifically at places, so I could not re-use their work at the time for IKE/IPsec. So I decided not to pursue it for IKE/IPsec. The lesson here is, don't put arbitrary restrictions on your algorithm if you want to see widespread adoption. Paul
- [openpgp] Proposal to include AEAD OCB mode to 48… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Rick van Rein
- Re: [openpgp] Proposal to include AEAD OCB mode t… Peter Gutmann
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Peter Gutmann
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Hanno Böck
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Rick van Rein
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Gregory Maxwell
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Salz, Rich
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson