Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
Ronald Tse <tse@ribose.com> Tue, 31 October 2017 08:10 UTC
Return-Path: <tse@ribose.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85C4B13F69A for <openpgp@ietfa.amsl.com>; Tue, 31 Oct 2017 01:10:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ribose.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id na6nxiSpW278 for <openpgp@ietfa.amsl.com>; Tue, 31 Oct 2017 01:10:31 -0700 (PDT)
Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sg2apc01on0068.outbound.protection.outlook.com [104.47.125.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B252313F6A1 for <openpgp@ietf.org>; Tue, 31 Oct 2017 01:10:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ribose.onmicrosoft.com; s=selector1-ribose-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=m1t5c7NKXwyGxWgu7PBEyaPGUMdWexHnfZowzrDS/nA=; b=G824izyl2We02Qs76+Ukgb7XK4mjV7Fu8a5WqOJMFnFOnH33CbPPpED89Rx825zWSSZbmRLaT39QEBvUKplUQrzRgRrYJcVl1HOZa8/kz3aAmT9tMwW13iczx/BHZB7g/ragGNFypMdnMzTeB7cVC7zMiO89RgJRfPIglieF4I8=
Received: from PS1PR01MB1050.apcprd01.prod.exchangelabs.com (10.165.210.30) by PS1PR01MB1050.apcprd01.prod.exchangelabs.com (10.165.210.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Tue, 31 Oct 2017 08:10:26 +0000
Received: from PS1PR01MB1050.apcprd01.prod.exchangelabs.com ([fe80::38f5:8fb:9da0:a038]) by PS1PR01MB1050.apcprd01.prod.exchangelabs.com ([fe80::38f5:8fb:9da0:a038%14]) with mapi id 15.20.0178.012; Tue, 31 Oct 2017 08:10:25 +0000
From: Ronald Tse <tse@ribose.com>
To: "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] Proposal to include AEAD OCB mode to 4880bis
Thread-Index: AQHTTXH5xYQNIsRUz0C1s+LLoU2hJaL1WjoAgAAH/ICAAXdQgIAAibPGgAAB+YCAABgzAIAA8IsAgAB9O4CAAAYcgIAEVBgAgABMg4CAABKhAA==
Date: Tue, 31 Oct 2017 08:10:25 +0000
Message-ID: <0A4C446D-AACC-4B4E-928A-88C653260A3C@ribose.com>
References: <D0505748-E376-4CF9-8906-9AD77838FB23@ribose.com> <1508981649515.71466@cs.auckland.ac.nz> <07C9EFDF-C8C2-4433-A9F9-DC3D7AFD5499@ribose.com> <6AC83857-62D9-45DF-9DAE-928CF0E45A96@nohats.ca> <87she556tv.fsf@wheatstone.g10code.de> <1509093954061.51049@cs.auckland.ac.nz> <36023233-856C-4A6D-BAF9-28037B4DA0F7@ribose.com> <20171028003345.6y5igwx5cuxfxlkm@genre.crustytoothpaste.net> <06D50F48-26BD-4729-8071-576DA8E226AA@ribose.com> <alpine.LRH.2.21.1710280403490.7356@bofh.nohats.ca> <CAAS2fgSfY5YqT2ExhtY6MrEJxNWMN77rJTtsO1r6aixOAJexFw@mail.gmail.com> <alpine.LRH.2.21.1710310254050.8644@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1710310254050.8644@bofh.nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tse@ribose.com;
x-originating-ip: [118.140.121.70]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; PS1PR01MB1050; 6:NqJ8zM0kQtU+yGv257yE5CIF6PtPM5XRu4IrB+iTsruEcc/xwIrykoCzRdrqPK1y3cKwXlbNQTk/l/5c7RjR/GyWFI5I+Y3tvGV2n0EADuw8WpjL5LY/o7LVveHJexHl0O6CDaAsKIyMW5OGQFwdzOoHxVuMvf8pUfyihxqiCKElKdh2DY6AEDyqi7PBh4nTGboqn8QElZLQ51ft2flOKkxlvxPuc+eufM9hTa6iJ/pS2YGrgAt+ZV5LUqck6xLdiA/XFR0vfaEvGRp6KUhcE3m8MS7WBsHb/Ph2rRpnT3BwojSwiZmWhWPmZt5MhJ2tX2VnHWzPpZexZXizqzq3fS0adznB1JvkF/A851kop+c=; 5:6nIJJUdMqyfjdrDOYHZuat6oaK89xqyhFQ6GYh8dyVaNWvcRerDxD2v7gzVcL4gUMYt1tseY0KtWp8apzxqnhgOa2zNXomywIO0flJEhk5YwL86v8gsZuTHV7mDFOqLhW6OsdMuiCS4J+Lvqe/Yugi0F4COqIdN+f0fZSlYAXuU=; 24:qo0t3C0cGiMUfN9ABVmDUFi4foDnU5dVWZjtH9VTZxpObYHV5Utv57WuH/oiiCMsziFL6ANMsgzsaRvgCDym3JykiCzOjwsA1ldMEOCzu8M=; 7:DxzTlQOeZdwqPi7jzDTTkpzkPSxKND7XYvm0/PjJUpShB9zvwPEBU3XdbHLf69D0BA01fgnDSi/OVM7H/lrWvs77yPBtbeN4GMqTq0umfCGrSBfmX88dthoHtLTNPO370lDsq4VQyRPgX0wlVHSK8B5JDbtjctQHeWHEbfd6ASdkOaui950w5FNL6dY6EEpSDvgI4F/V5SMIKVsYqie7PRvt94vIQN0y5LizVsBO9h4ZAW7e7B1CQwUAlIrZjb3a
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: e295edec-c7f0-4cce-bcef-08d52036d792
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4603075)(2017052603199); SRVR:PS1PR01MB1050;
x-ms-traffictypediagnostic: PS1PR01MB1050:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <PS1PR01MB1050ADD799FC3C235BB4D015D75E0@PS1PR01MB1050.apcprd01.prod.exchangelabs.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(3231020)(100000703101)(100105400095)(10201501046)(6041248)(20161123560025)(2016111802025)(20161123562025)(20161123555025)(20161123558100)(201703131423075)(201703061421075)(20161123564025)(6072148)(6043046)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:PS1PR01MB1050; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:PS1PR01MB1050;
x-forefront-prvs: 04772EA191
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(199003)(24454002)(189002)(2950100002)(93886005)(6436002)(101416001)(25786009)(68736007)(2906002)(66066001)(33656002)(99286003)(53936002)(189998001)(5660300001)(6506006)(6246003)(236005)(6512007)(50986999)(53546010)(3660700001)(229853002)(2900100001)(81156014)(54356999)(54896002)(6486002)(5640700003)(81166006)(8676002)(3846002)(6116002)(106356001)(14454004)(7736002)(76176999)(36756003)(2501003)(2351001)(102836003)(5250100002)(1730700003)(105586002)(86362001)(82746002)(508600001)(6916009)(97736004)(3280700002)(8936002)(83716003)(2004002)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:PS1PR01MB1050; H:PS1PR01MB1050.apcprd01.prod.exchangelabs.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: ribose.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_0A4C446DAACC4B4E928A88C653260A3Cribosecom_"
MIME-Version: 1.0
X-OriginatorOrg: ribose.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e295edec-c7f0-4cce-bcef-08d52036d792
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2017 08:10:25.6240 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d98a04ff-ef98-489b-b33c-13c23a2e091a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS1PR01MB1050
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/NBtHR5nl8d_qIy895rXP2PGmRPk>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 08:10:33 -0000
I’m sure Rich could shine more light on this, but OpenSSL has already received a specific OCB license from Prof. Rogaway that allows users of OpenSSL to use OCB freely, including when linked against proprietary code (It’s on the OpenSSL website). Note that the OpenSSL license is more broad than License 1 and 2 on the OCB FAQ page. As mentioned, Prof. Rogaway is willing to file an IPR statement allowing the use of OCB for all OpenPGP implementations, so I think the patent issue can probably be put to rest here. Ron _____________________________________ Ronald Tse Ribose Inc. On Oct 31, 2017, at 3:03 PM, Paul Wouters <paul@nohats.ca<mailto:paul@nohats.ca>> wrote: On Tue, 31 Oct 2017, Gregory Maxwell wrote: As the signaling of support for algorithms is better then I realised, I'll let myself be convinced that adding a new algorithm isn't too bad. While I still think there is an increased risk of non-interoperability or non-adoption, I guess it is not a deal breaker for new algorithms. The lesson here is, don't put arbitrary restrictions on your algorithm if you want to see widespread adoption. This seems rather moralistic rather than a practical consideration. IETF protocols routinely register encodings and codepoints for highly restricted techniques: OCB in OpenPGP would only get used when there is mutual support on both ends. I don't think the laudable effort of avoiding restricted techniques as mandatory in standardized protocols is aided by a total war on them that covers optional use of less restrictively licensed things. The standards process question should primarily be will it get use if it exists? If not, don't bother. The licensing of OCB appears to be very permissive for more than a few very broad classes (including Free Software implementations). Input from implementers on if they'd implement it if specified should be the primary metric. This is still a potential issue. As long as the algorithm has restrictions on it that are discriminatory, their inclusion in a free software library poses a risk for those companies shipping the software that have money in the bank to attract lawsuits. I'm worried about OCB support in openssl and/or other libraries as part of the OS, because when a vendor's customers will use it for some "unauthorised use", the vendor might get involved in a lawsuit. I'm also confused about these restrictions. If opensource is allowed to use it, anyone could use openssl under the newly minted (still minting?) license to link against properietary code, meaning that there are in practise, no restrictions left. So why doesn't Rogaway just release an IPR statement to the IETF allowing its free and unrestrictive use? Rich, do you know anything about the OCB code in openssl and how the relicensing of openssl would mean the OCB code can remain or has to go? Paul
- [openpgp] Proposal to include AEAD OCB mode to 48… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Rick van Rein
- Re: [openpgp] Proposal to include AEAD OCB mode t… Peter Gutmann
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Peter Gutmann
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Hanno Böck
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Rick van Rein
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Gregory Maxwell
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Salz, Rich
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson