Re: [openpgp] The Argon2 proposal seems incomplete (Draft 6)

[Bruce Walzer <bwalzer@59.ca>]

On Thu, Jul 28, 2022 at 07:35:39PM +0200, Justus Winter wrote:
> Bruce Walzer <bwalzer@59.ca> writes:
>
> > On Thu, Jul 28, 2022 at 12:00:57AM +0200, Justus Winter wrote:
> >> Bruce Walzer <bwalzer@59.ca> writes:
> >>
> >> > On Tue, Jul 26, 2022 at 06:51:25PM +0200, Justus Winter wrote:
> >> >
> >> >> > OpenPGP is a messaging standard and has to be such that
> >> >> > interoperability is possible between different systems. That is at
> >> >> > odds with normal Argon2 usage.
> >> >>

> And at the same time do not propose an alternative, I think you are
> arguing that the current system is sufficient.

We need to deal with the existing proposal first. Sorry if I am not
being clear here. The most I have done is to argue that the fact that
the current thing has run out of count bits is not an immediate
crisis. There could be another crisis for all I know.

Perhaps I need to be more direct...

The issue I am most concerned about is that it appears that the Argon2
proposal was dropped into the draft without any definite rationale. I
think that things like benefits, costs, and in this case, usability
should be pinned down before discussion and potential inclusion in a
draft. You can't really come to terms with something if no one can be
sure exactly what it is. The fact that we are currently discussing
mere practicality supports my concern. This sort of thing can bring
the entire process into disrepute.

> The current SEIPv1+MDC is impossible to implement securely.  Efail, one
> of the best attacks on OpenPGP ever, is a direct consequence of that.

If we are going to debate the idea that EFAIL supports the replacement
of SEIPv1+MDC then this should definitely be moved to a new thread. It
would be a distraction otherwise.

Bruce