Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis

Paul Wouters <paul@nohats.ca> Mon, 30 October 2017 19:23 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CDE013F7B1 for <openpgp@ietfa.amsl.com>; Mon, 30 Oct 2017 12:23:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KgfJPiH6kvM4 for <openpgp@ietfa.amsl.com>; Mon, 30 Oct 2017 12:23:03 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70C29138D8F for <openpgp@ietf.org>; Mon, 30 Oct 2017 12:23:03 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3yQksF65V6zF7B; Mon, 30 Oct 2017 20:22:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1509391377; bh=/djk3mGz3OayVcixXWrkBMm8dLfld1jZRtXCVYPav7s=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=CRvwXqOnUMiJt+SL8odJ33pC0oCjIeUJ8k7p8RjGiAF8hq1LdWkRlTTyhPGdBSiZY h9OgxW6glxFkKC19xAtRzzS0M0DMxzFHKr/1j2iuPrlArYnkkfv3J1YUoV/g1+3Rl1 9FAPExQjP7TbJ0E64/0j8woA6NjaWdRioLQHs8WE=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id iEGECBkpfCIv; Mon, 30 Oct 2017 20:22:57 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 30 Oct 2017 20:22:56 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id A921762D29; Mon, 30 Oct 2017 15:22:55 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca A921762D29
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 995AF40D35AF; Mon, 30 Oct 2017 15:22:55 -0400 (EDT)
Date: Mon, 30 Oct 2017 15:22:55 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Derek Atkins <derek@ihtfp.com>
cc: Rick van Rein <rick@openfortress.nl>, "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <c67d205fcc8d65c48dd7f3af01e03684.squirrel@mail2.ihtfp.org>
Message-ID: <alpine.LRH.2.21.1710301516360.31082@bofh.nohats.ca>
References: <D0505748-E376-4CF9-8906-9AD77838FB23@ribose.com> <alpine.LRH.2.21.1710251219190.18006@bofh.nohats.ca> <59F0C015.2050303@openfortress.nl> <sjmbmko1x4i.fsf@securerf.ihtfp.org> <59F74542.5080409@openfortress.nl> <37D92E03-5071-42AC-B057-AA3C18B0762A@nohats.ca> <c67d205fcc8d65c48dd7f3af01e03684.squirrel@mail2.ihtfp.org>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8BIT
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/7QJB2SJOLatJ9clLl4exkCI49_M>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2017 19:23:05 -0000

On Mon, 30 Oct 2017, Derek Atkins wrote:

>> As for we have been doing this for  20 years argument, I am still carrying
>> idea.c and still have to manually compile it every time gpg upgrades. So
>> the “current” scheme has proven to not work well at all for me.
>
> Honestly, AFAIK there has never been a security issue with IDEA; just
> patent/licensing.  At this point I think all those issues are gone, too,
> so honestly there's little reason not to include it natively.

It was an example of how some people having IDEA and other not having it
causes interop issues to the point that I need to manually hack my
implementation to talk to those people. That's something you want to
avoid more then giving people a list of 6 sexy algorithms to choose
from.

> But the real point is that there are so few methods that people want to
> support *IN THE PROTOCOL* that there is little reason, IMNSHO, to prevent
> them from doing so in a standard way.

I don't understand that sentence.

> Remember, just because the protocol supports a method does not mean
> implementations will.

If you add things to the protocol that the vast majority will not
implement, you have lost already and that added thing becomes useless.

> But if the protocol does NOT support some methods
> it might prevent some users from using the protocol.

Which is a good thing? Do you think most users can make a meaningful
decision about which algorithms to trust or not and for how long?

The reason for a lot variance with TLS or IKE/IPsec with protocols is
that performance does matter. For openpgp, performance hardly matters.
You're not doing 1Gbps or running on an IoT device with 32kb RAM or
require less then 25ms latency.

Paul