Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis

Peter Gutmann <> Thu, 26 October 2017 01:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0D89313A5AF for <>; Wed, 25 Oct 2017 18:34:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SaIZPc-gcUIZ for <>; Wed, 25 Oct 2017 18:34:30 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A1CAE139689 for <>; Wed, 25 Oct 2017 18:34:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1508981669; x=1540517669; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=bqJt3WD9M/ZhzlZUAIk63dLJJG3+yHh4Vslzn3R+zFM=; b=V0a1p2IDbSjM6H14s9HMfxZQXonVZV+wfQW1Lm0ifVPJUVBrBeFydmgR r+ihmKV39RJGhgADpuSfTCe36cJceL/8GfuHjZ/Bmu3+Zsh9F0sw39UaL GKNxwB0PpzP33wEB+NFXQ5SDzNXuL3vNYOGz/4tUZUb19ahPp206JNTSz WDMx9rcJZlQBtmhvIRpRvIIERFLJgQ2nthhAMQTIsUeQvLQ53llLUaS8X VJhpDMCR8HZfN7lt/9/TkMxAj13B0lK1VMRMIBslBY1i8/MctbunLfKQX uDUZCdis/4DRfbqQREgAk0NOygfJzrr5MWKn9mqvws69Ofac7q1fQZw44 w==;
X-IronPort-AV: E=Sophos;i="5.43,433,1503316800"; d="scan'208";a="191924488"
X-Ironport-Source: - Outgoing - Outgoing
Received: from ([]) by with ESMTP/TLS/AES256-SHA; 26 Oct 2017 14:34:26 +1300
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 26 Oct 2017 14:34:26 +1300
Received: from ([]) by ([]) with mapi id 15.00.1263.000; Thu, 26 Oct 2017 14:34:26 +1300
From: Peter Gutmann <>
To: Ronald Tse <>, "" <>
Thread-Topic: Proposal to include AEAD OCB mode to 4880bis
Thread-Index: AQHTTXH5w45VH0tw2ky7nHf16p0Us6L1We9k
Date: Thu, 26 Oct 2017 01:34:26 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 26 Oct 2017 01:34:32 -0000

Ronald Tse <> writes:

>There have been previous mentions of patent concerns, but OCB is freely
>licensed for open source tools and has been included in libraries like
>OpenSSL and Botan.

It's a lot more problematic than that.  While I support the OCB patent
holder's stand on a moral basis, the licensing unfortunately makes it
impossible to use for general software, which is a real shame because it's a
very nice crypto mechanism.  Examples of some general-purpose uses of crypto
and how the license affects them:

Banking: No, because members of the military might be customers.

Email: No, because it might go to/come from a .mil address.

Ordering a pizza online: No, because it might be sent to a military base.

(Some of these are from actual legal analyses of the implications of using it,
not just me coming up with corner cases).

IDEA had the same problem, it was more or less OK to use in open-source type
software, but was still sufficiently problematic that it was removed from
OpenPGP.  It's the same with OCB, the license terms require that you track
every single use and user of the software in order to verify that the use is
non-infringing.  That makes it unusable for real-world purposes, i.e. where
commercial entities are involved.