Re: [openpgp] Pull request for AEAD encrypted data packet with GCM

Werner Koch <> Tue, 14 February 2017 08:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B3E25129A0D for <>; Tue, 14 Feb 2017 00:52:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zy09dSvbDtIV for <>; Tue, 14 Feb 2017 00:52:29 -0800 (PST)
Received: from ( [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 881731299D3 for <>; Tue, 14 Feb 2017 00:52:29 -0800 (PST)
Received: from uucp by with local-rmail (Exim 4.84_2 #1 (Debian)) id 1cdYqa-00030e-2Y for <>; Tue, 14 Feb 2017 09:52:28 +0100
Received: from wk by with local (Exim 4.84 #3 (Debian)) id 1cdYnm-00005K-Ud; Tue, 14 Feb 2017 09:49:34 +0100
From: Werner Koch <>
To: Jon Callas <>
References: <> <> <> <>
Organisation: The GnuPG Project
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=
Mail-Followup-To: Jon Callas <>, Stephen Farrell <>,, "brian m. carlson" <>
Date: Tue, 14 Feb 2017 09:49:34 +0100
In-Reply-To: <> (Jon Callas's message of "Mon, 13 Feb 2017 17:32:45 -0800")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=pre-emptive_Fortezza_LLNL_MP5K-SD_diwn_cracking_Blowpipe_Syria=Ft._B"; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <>
Cc:, "brian m. carlson" <>, Stephen Farrell <>
Subject: Re: [openpgp] Pull request for AEAD encrypted data packet with GCM
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Feb 2017 08:52:31 -0000

On Tue, 14 Feb 2017 02:32, said:

> I have no disagreement with this. I am constantly pained that this is a mess, because OCB *is* what we all really want to use.

From our experience with adding the MDC feature to OpenPGP we known that
it will take several years until the majority of code has been upgraded
to make use of a new feature.  The mentioned non-Rogaway patents were
filed around 2001 and thus will expire 4 to 7 years.  Which would match
the time I expect to get OCB mode actually deployed (or any other new

Sure there are also follow up patents but given that they are owned by
IBM they may even be an advantage against patent trolls.  But this has
likely already been discussed in the context of TLS.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.