Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis

Ronald Tse <> Tue, 31 October 2017 08:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 85C4B13F69A for <>; Tue, 31 Oct 2017 01:10:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id na6nxiSpW278 for <>; Tue, 31 Oct 2017 01:10:31 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B252313F6A1 for <>; Tue, 31 Oct 2017 01:10:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-ribose-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=m1t5c7NKXwyGxWgu7PBEyaPGUMdWexHnfZowzrDS/nA=; b=G824izyl2We02Qs76+Ukgb7XK4mjV7Fu8a5WqOJMFnFOnH33CbPPpED89Rx825zWSSZbmRLaT39QEBvUKplUQrzRgRrYJcVl1HOZa8/kz3aAmT9tMwW13iczx/BHZB7g/ragGNFypMdnMzTeB7cVC7zMiO89RgJRfPIglieF4I8=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id; Tue, 31 Oct 2017 08:10:26 +0000
Received: from ([fe80::38f5:8fb:9da0:a038]) by ([fe80::38f5:8fb:9da0:a038%14]) with mapi id 15.20.0178.012; Tue, 31 Oct 2017 08:10:25 +0000
From: Ronald Tse <>
To: "" <>
Thread-Topic: [openpgp] Proposal to include AEAD OCB mode to 4880bis
Date: Tue, 31 Oct 2017 08:10:25 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; PS1PR01MB1050; 6:NqJ8zM0kQtU+yGv257yE5CIF6PtPM5XRu4IrB+iTsruEcc/xwIrykoCzRdrqPK1y3cKwXlbNQTk/l/5c7RjR/GyWFI5I+Y3tvGV2n0EADuw8WpjL5LY/o7LVveHJexHl0O6CDaAsKIyMW5OGQFwdzOoHxVuMvf8pUfyihxqiCKElKdh2DY6AEDyqi7PBh4nTGboqn8QElZLQ51ft2flOKkxlvxPuc+eufM9hTa6iJ/pS2YGrgAt+ZV5LUqck6xLdiA/XFR0vfaEvGRp6KUhcE3m8MS7WBsHb/Ph2rRpnT3BwojSwiZmWhWPmZt5MhJ2tX2VnHWzPpZexZXizqzq3fS0adznB1JvkF/A851kop+c=; 5:6nIJJUdMqyfjdrDOYHZuat6oaK89xqyhFQ6GYh8dyVaNWvcRerDxD2v7gzVcL4gUMYt1tseY0KtWp8apzxqnhgOa2zNXomywIO0flJEhk5YwL86v8gsZuTHV7mDFOqLhW6OsdMuiCS4J+Lvqe/Yugi0F4COqIdN+f0fZSlYAXuU=; 24:qo0t3C0cGiMUfN9ABVmDUFi4foDnU5dVWZjtH9VTZxpObYHV5Utv57WuH/oiiCMsziFL6ANMsgzsaRvgCDym3JykiCzOjwsA1ldMEOCzu8M=; 7:DxzTlQOeZdwqPi7jzDTTkpzkPSxKND7XYvm0/PjJUpShB9zvwPEBU3XdbHLf69D0BA01fgnDSi/OVM7H/lrWvs77yPBtbeN4GMqTq0umfCGrSBfmX88dthoHtLTNPO370lDsq4VQyRPgX0wlVHSK8B5JDbtjctQHeWHEbfd6ASdkOaui950w5FNL6dY6EEpSDvgI4F/V5SMIKVsYqie7PRvt94vIQN0y5LizVsBO9h4ZAW7e7B1CQwUAlIrZjb3a
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: e295edec-c7f0-4cce-bcef-08d52036d792
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4603075)(2017052603199); SRVR:PS1PR01MB1050;
x-ms-traffictypediagnostic: PS1PR01MB1050:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(3231020)(100000703101)(100105400095)(10201501046)(6041248)(20161123560025)(2016111802025)(20161123562025)(20161123555025)(20161123558100)(201703131423075)(201703061421075)(20161123564025)(6072148)(6043046)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:PS1PR01MB1050; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:PS1PR01MB1050;
x-forefront-prvs: 04772EA191
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(199003)(24454002)(189002)(2950100002)(93886005)(6436002)(101416001)(25786009)(68736007)(2906002)(66066001)(33656002)(99286003)(53936002)(189998001)(5660300001)(6506006)(6246003)(236005)(6512007)(50986999)(53546010)(3660700001)(229853002)(2900100001)(81156014)(54356999)(54896002)(6486002)(5640700003)(81166006)(8676002)(3846002)(6116002)(106356001)(14454004)(7736002)(76176999)(36756003)(2501003)(2351001)(102836003)(5250100002)(1730700003)(105586002)(86362001)(82746002)(508600001)(6916009)(97736004)(3280700002)(8936002)(83716003)(2004002)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:PS1PR01MB1050;; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_0A4C446DAACC4B4E928A88C653260A3Cribosecom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e295edec-c7f0-4cce-bcef-08d52036d792
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2017 08:10:25.6240 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d98a04ff-ef98-489b-b33c-13c23a2e091a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS1PR01MB1050
Archived-At: <>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 31 Oct 2017 08:10:33 -0000

I’m sure Rich could shine more light on this, but OpenSSL has already received a specific OCB license from Prof. Rogaway that allows users of OpenSSL to use OCB freely, including when linked against proprietary code (It’s on the OpenSSL website). Note that the OpenSSL license is more broad than License 1 and 2 on the OCB FAQ page.

As mentioned, Prof. Rogaway is willing to file an IPR statement allowing the use of OCB for all OpenPGP implementations, so I think the patent issue can probably be put to rest here.



Ronald Tse
Ribose Inc.

On Oct 31, 2017, at 3:03 PM, Paul Wouters <<>> wrote:

On Tue, 31 Oct 2017, Gregory Maxwell wrote:

As the signaling of support for algorithms is better then I realised,
I'll let myself be convinced that adding a new algorithm isn't too
bad. While I still think there is an increased risk of non-interoperability
or non-adoption, I guess it is not a deal breaker for new algorithms.

The lesson here is, don't put arbitrary restrictions on your algorithm if
you want to see widespread adoption.

This seems rather moralistic rather than a practical consideration.

IETF protocols routinely register encodings and codepoints for highly
restricted techniques:  OCB in OpenPGP would only get used when there
is mutual support on both ends.

I don't think the laudable effort of avoiding restricted techniques as
mandatory in standardized protocols is aided by a total war on them
that covers optional use of less restrictively licensed things.

The standards process question should primarily be will it get use if
it exists? If not, don't bother. The licensing of OCB appears to be
very permissive for more than a few very broad classes (including Free
Software implementations).  Input from implementers on if they'd
implement it if specified should be the primary metric.

This is still a potential issue. As long as the algorithm has restrictions
on it that are discriminatory, their inclusion in a free software library
poses a risk for those companies shipping the software that have money
in the bank to attract lawsuits.

I'm worried about OCB support in openssl and/or other libraries as
part of the OS, because when a vendor's customers will use it for some
"unauthorised use", the vendor might get involved in a lawsuit.

I'm also confused about these restrictions. If opensource is allowed to
use it, anyone could use openssl under the newly minted (still minting?)
license to link against properietary code, meaning that there are in
practise, no restrictions left. So why doesn't Rogaway just release an
IPR statement to the IETF allowing its free and unrestrictive use?

Rich, do you know anything about the OCB code in openssl and how the
relicensing of openssl would mean the OCB code can remain or has to go?