Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis

"Derek Atkins" <> Mon, 30 October 2017 18:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8A753A04D for <>; Mon, 30 Oct 2017 11:19:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NOOVR3qAbhZP for <>; Mon, 30 Oct 2017 11:19:25 -0700 (PDT)
Received: from (MAIL2.IHTFP.ORG []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3E26113FA13 for <>; Mon, 30 Oct 2017 11:19:25 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 23D82E205D; Mon, 30 Oct 2017 14:18:54 -0400 (EDT)
Received: from ([]) by localhost ( []) (amavisd-maia, port 10024) with ESMTP id 03280-01; Mon, 30 Oct 2017 14:18:51 -0400 (EDT)
Received: by (Postfix, from userid 48) id C24BBE2050; Mon, 30 Oct 2017 14:18:51 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1509387531; bh=b9mrnTTd8QCCpCaTsElLoVCUwfcL3xEh2n7imr1qTyg=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=Gh26SCaT8u8YwZ9BfMkBEmXZJ1sGYOaYRlo+iboOED34dDw3Q93Qd9Yd/2+ajO6Wj ivHEyIlfv2rNfC2+A+b/vrnXF3X6k/z68+ioP19Zl6TL8DRsH+PLVa+ntAYsv7Jy3m npMppYQBosvqPRGdYpF2DVcS5fgCYF2DKhGlTVxg=
Received: from (SquirrelMail authenticated user warlord) by with HTTP; Mon, 30 Oct 2017 14:18:51 -0400
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <> <>
Date: Mon, 30 Oct 2017 14:18:51 -0400
From: "Derek Atkins" <>
To: "Paul Wouters" <>
Cc: "Rick van Rein" <>, "" <>, "Derek Atkins" <>
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Oct 2017 18:19:27 -0000

On Mon, October 30, 2017 2:00 pm, Paul Wouters wrote:
> On Oct 30, 2017, at 19:29, Rick van Rein <> wrote:
>> Hi Derek,
>>> I have files encrypted 20+ years ago (to a 20+ year old key) sitting
>>> around in storage.  Are you saying that those encrypted files should
>>> not
>>> be readable anymore?
> So when do we stop supporting an algorithm? When it can be brute forces in
> a month? A year ? A day?

That's a good question, but considering none of it applies to pretty much
any method we've supported (except, perhaps, MD5) it's a bit moot.

>> One might question if current-day crypto software should continue to
>> support old encrypted files though, or that a fork would be wiser.
> Like pgp 2.6 and pgp 5. Yes.
> A way to also stimulate upgrading could be to demote algorithms to
> decrypt/verify only and not allow them for creating new encrypted/signed
> material.

We've already done that.  It "works" (to some degree) to get people to

> As for we have been doing this for  20 years argument, I am still carrying
> idea.c and still have to manually compile it every time gpg upgrades. So
> the “current” scheme has proven to not work well at all for me.

Honestly, AFAIK there has never been a security issue with IDEA; just
patent/licensing.  At this point I think all those issues are gone, too,
so honestly there's little reason not to include it natively.

But the real point is that there are so few methods that people want to
support *IN THE PROTOCOL* that there is little reason, IMNSHO, to prevent
them from doing so in a standard way.

Remember, just because the protocol supports a method does not mean
implementations will.  But if the protocol does NOT support some methods
it might prevent some users from using the protocol.  Hence, if we want to
encourage adoption (even if it's in a closed environment) we should
encourage method adoption.  Again, it's not that expensive to do so on our

> Paul


       Derek Atkins                 617-623-3745   
       Computer and Internet Security Consultant