Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis

Derek Atkins <derek@ihtfp.com> Mon, 30 October 2017 15:21 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59E8513FAD1 for <openpgp@ietfa.amsl.com>; Mon, 30 Oct 2017 08:21:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CeDqXnw1cbD8 for <openpgp@ietfa.amsl.com>; Mon, 30 Oct 2017 08:21:24 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94FCC13FA9B for <openpgp@ietf.org>; Mon, 30 Oct 2017 08:19:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 6FA7FE2082; Mon, 30 Oct 2017 11:19:51 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 01532-05; Mon, 30 Oct 2017 11:19:48 -0400 (EDT)
Received: from securerf.ihtfp.org (unknown [IPv6:fe80::530:248d:f760:bb62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id A42B8E2081; Mon, 30 Oct 2017 11:19:48 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1509376788; bh=at0HFO3vebCw9NPcOP/sXx+3iUOhZDdywaWRRXHDY5M=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=qCSBU8wNsGXukiOMVGYrhuEiBPP1Cf5ntKx1bVxC61vV9/EcJ4NVvM0LX2MG/M7JV A99L59ojfTlq3bUc0ia2vf72sjQpEQJxmf75Um0tK+UgMegfAalJVjKJ2S9/v42jsA GI7uUqwv3b/6mK8AD8Lnn7jImDqFlDg3g6Td7Tlk=
Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.15.2/Submit) id v9UFJf1J003393; Mon, 30 Oct 2017 11:19:41 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Rick van Rein <rick@openfortress.nl>
Cc: "openpgp\@ietf.org" <openpgp@ietf.org>
References: <D0505748-E376-4CF9-8906-9AD77838FB23@ribose.com> <alpine.LRH.2.21.1710251219190.18006@bofh.nohats.ca> <59F0C015.2050303@openfortress.nl>
Date: Mon, 30 Oct 2017 11:19:41 -0400
In-Reply-To: <59F0C015.2050303@openfortress.nl> (Rick van Rein's message of "Wed, 25 Oct 2017 18:47:17 +0200")
Message-ID: <sjmbmko1x4i.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/UzG1OlEnU5BscSIR7X8R5B9h4Hk>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2017 15:21:27 -0000

Rick van Rein <rick@openfortress.nl> writes:

> Along the same lines I'm also surprised that no effort has been made to
> deprecate 2.x PGP packet formats and public key formats, for instance.
> We all know that such old keys don't have a reason to exist anymore,
> but we're all still coding the old and new in order to be compliant to
> the standards.  Such a waste of time...

I have files encrypted 20+ years ago (to a 20+ year old key) sitting
around in storage.  Are you saying that those encrypted files should not
be readable anymore?

And note that if your response is "but just re-encrypt them", I'll add
that then I lose a lot of the original data, like original signing date
etc.  Moreover, AFAIK there is no tool that I can use to re-encrypt a
message while keeping signature data intact.  (Please correct me if I'm
missing something, but even gpg does not seem to have a "re-encrypt"
option).

> -Rick

-derek
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant