Re: [openpgp] First remarks on the last I-D (Was: I-D Action: draft-ietf-openpgp-crypto-refresh-06.txt)
Justus Winter <justus@sequoia-pgp.org> Tue, 07 June 2022 13:24 UTC
Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEF74C13C2CE for <openpgp@ietfa.amsl.com>; Tue, 7 Jun 2022 06:24:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MSGID_FROM_MTA_HEADER=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kDZQ8uqNKse8 for <openpgp@ietfa.amsl.com>; Tue, 7 Jun 2022 06:24:29 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C40C7C13C2DE for <openpgp@ietf.org>; Tue, 7 Jun 2022 06:24:27 -0700 (PDT)
Received: (qmail 11582 invoked by uid 500); 7 Jun 2022 13:24:24 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
From: Justus Winter <justus@sequoia-pgp.org>
To: Paul Wouters <paul@nohats.ca>, Werner Koch <wk@gnupg.org>
Cc: openpgp@ietf.org
In-Reply-To: <1378eec-4255-930-736-ffd27f292d48@nohats.ca>
References: <165453577116.17285.7902041139949315015@ietfa.amsl.com> <87tu8xkjx4.fsf@wheatstone.g10code.de> <1378eec-4255-930-736-ffd27f292d48@nohats.ca>
Date: Tue, 07 Jun 2022 15:24:15 +0200
Message-ID: <87fskgy5c0.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Rspamd-Bar: --
X-Rspamd-Report: MIME_GOOD(-0.2) SIGNED_PGP(-2) BAYES_HAM(-0.003684)
X-Rspamd-Score: -2.203684
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/2.8.28) with ESMTPSA; Tue, 07 Jun 2022 15:24:24 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/OkjMvJKjh0X6C8py2NOj69ZIFjg>
Subject: Re: [openpgp] First remarks on the last I-D (Was: I-D Action: draft-ietf-openpgp-crypto-refresh-06.txt)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2022 13:24:33 -0000
Paul Wouters <paul@nohats.ca> writes: > On Tue, 7 Jun 2022, Werner Koch wrote: > >> The WG once decided to go with EAX and OCB. EAX was only added to >> avoid possible patent problems. However, in the 4.5 years since the >> introduction of EAX the patent things has expired was invalidated and >> before the new mode will will be a MUST algorithm in a future OpenPGP >> RFC (not in 4880bis), there will definitely be no more problem at all >> with OCB. I bet that by then an updated FIPS-140 will even allow >> OCB. > > If we have more indication than only your bet, that might be a persuavive > argument. But right now, GCM is the only FIPS compatible method. So I > think removing that would be problematic. We have customers that care about FIPS, and we need a FIPS-compatible subset of OpenPGP now, rather than wait and hope that some existing algorithm like OCB will become FIPS-compliant in the future. >> 2. The removal of the Brainpool curved, as already explicitly listed in >> early RFC-4880bis drafts, is not acceptable. It may even raise >> suspicions that a TLA was somehow involved to keep NIST curves but >> not Brainpool. Note I won't share such an opinion, but with crypto >> algos we also need to look at such political things. There are open questions around Brainpool that needs answering. For example, why isn't brainpoolP384r1 included? How do we encode points and scalars? Not cherry-picking the commit that partially added Brainpool support to the bis is the design-team's way of looking for someone to answer these questions in a constructive fashion. Justus
- [openpgp] I-D Action: draft-ietf-openpgp-crypto-r… internet-drafts
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Paul Wouters
- [openpgp] First remarks on the last I-D (Was: I-D… Werner Koch
- Re: [openpgp] First remarks on the last I-D (Was:… Paul Wouters
- Re: [openpgp] First remarks on the last I-D (Was:… Justus Winter
- Re: [openpgp] First remarks on the last I-D (Was:… Stephen Farrell
- Re: [openpgp] First remarks on the last I-D (Was:… Daniel Huigens
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Robert J. Hansen
- Re: [openpgp] First remarks on the last I-D Peter Gutmann
- Re: [openpgp] First remarks on the last I-D Ronald Tse
- Re: [openpgp] First remarks on the last I-D Paul Wouters
- Re: [openpgp] First remarks on the last I-D (Was:… brian m. carlson
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D Paul Wouters
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D brian m. carlson
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Peter Gutmann
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Paul Schaub
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D Robert J. Hansen
- Re: [openpgp] First remarks on the last I-D Daniel Huigens
- [openpgp] AEAD and Rome (was: First remarks on th… Werner Koch
- Re: [openpgp] AEAD and Rome (was: First remarks o… Daniel Huigens
- [openpgp] Choices for AEAD modes [was: AEAD and R… Daniel Kahn Gillmor
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Justus Winter
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Paul Wouters
- Re: [openpgp] Choices for AEAD modes Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… brian m. carlson
- Re: [openpgp] Choices for AEAD modes Ronald Tse
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Stephen Farrell
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Stephen Farrell
- Re: [openpgp] Choices for AEAD modes Werner Koch
- Re: [openpgp] Choices for AEAD modes Stephen Farrell