Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
"Derek Atkins" <derek@ihtfp.com> Mon, 30 October 2017 18:19 UTC
Return-Path: <derek@ihtfp.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A753A04D for <openpgp@ietfa.amsl.com>; Mon, 30 Oct 2017 11:19:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NOOVR3qAbhZP for <openpgp@ietfa.amsl.com>; Mon, 30 Oct 2017 11:19:25 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E26113FA13 for <openpgp@ietf.org>; Mon, 30 Oct 2017 11:19:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 23D82E205D; Mon, 30 Oct 2017 14:18:54 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 03280-01; Mon, 30 Oct 2017 14:18:51 -0400 (EDT)
Received: by mail2.ihtfp.org (Postfix, from userid 48) id C24BBE2050; Mon, 30 Oct 2017 14:18:51 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1509387531; bh=b9mrnTTd8QCCpCaTsElLoVCUwfcL3xEh2n7imr1qTyg=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=Gh26SCaT8u8YwZ9BfMkBEmXZJ1sGYOaYRlo+iboOED34dDw3Q93Qd9Yd/2+ajO6Wj ivHEyIlfv2rNfC2+A+b/vrnXF3X6k/z68+ioP19Zl6TL8DRsH+PLVa+ntAYsv7Jy3m npMppYQBosvqPRGdYpF2DVcS5fgCYF2DKhGlTVxg=
Received: from 192.168.248.250 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Mon, 30 Oct 2017 14:18:51 -0400
Message-ID: <c67d205fcc8d65c48dd7f3af01e03684.squirrel@mail2.ihtfp.org>
In-Reply-To: <37D92E03-5071-42AC-B057-AA3C18B0762A@nohats.ca>
References: <D0505748-E376-4CF9-8906-9AD77838FB23@ribose.com> <alpine.LRH.2.21.1710251219190.18006@bofh.nohats.ca> <59F0C015.2050303@openfortress.nl> <sjmbmko1x4i.fsf@securerf.ihtfp.org> <59F74542.5080409@openfortress.nl> <37D92E03-5071-42AC-B057-AA3C18B0762A@nohats.ca>
Date: Mon, 30 Oct 2017 14:18:51 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Rick van Rein <rick@openfortress.nl>, "openpgp@ietf.org" <openpgp@ietf.org>, Derek Atkins <derek@ihtfp.com>
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Jsty6ugPp8d2e6f9fU1axq_n0Ck>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2017 18:19:27 -0000
On Mon, October 30, 2017 2:00 pm, Paul Wouters wrote: > On Oct 30, 2017, at 19:29, Rick van Rein <rick@openfortress.nl> wrote: >> >> Hi Derek, >> >>> >>> I have files encrypted 20+ years ago (to a 20+ year old key) sitting >>> around in storage. Are you saying that those encrypted files should >>> not >>> be readable anymore? > > So when do we stop supporting an algorithm? When it can be brute forces in > a month? A year ? A day? That's a good question, but considering none of it applies to pretty much any method we've supported (except, perhaps, MD5) it's a bit moot. >> One might question if current-day crypto software should continue to >> support old encrypted files though, or that a fork would be wiser. > > Like pgp 2.6 and pgp 5. Yes. > > A way to also stimulate upgrading could be to demote algorithms to > decrypt/verify only and not allow them for creating new encrypted/signed > material. We've already done that. It "works" (to some degree) to get people to upgrade. > As for we have been doing this for 20 years argument, I am still carrying > idea.c and still have to manually compile it every time gpg upgrades. So > the “current” scheme has proven to not work well at all for me. Honestly, AFAIK there has never been a security issue with IDEA; just patent/licensing. At this point I think all those issues are gone, too, so honestly there's little reason not to include it natively. But the real point is that there are so few methods that people want to support *IN THE PROTOCOL* that there is little reason, IMNSHO, to prevent them from doing so in a standard way. Remember, just because the protocol supports a method does not mean implementations will. But if the protocol does NOT support some methods it might prevent some users from using the protocol. Hence, if we want to encourage adoption (even if it's in a closed environment) we should encourage method adoption. Again, it's not that expensive to do so on our part. > Paul -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
- [openpgp] Proposal to include AEAD OCB mode to 48… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Rick van Rein
- Re: [openpgp] Proposal to include AEAD OCB mode t… Peter Gutmann
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Peter Gutmann
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Hanno Böck
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Rick van Rein
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Gregory Maxwell
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Salz, Rich
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson