[openpgp] Pull request for AEAD encrypted data packet with GCM
"brian m. carlson" <sandals@crustytoothpaste.net> Mon, 13 February 2017 01:07 UTC
Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BC8A128824 for <openpgp@ietfa.amsl.com>; Sun, 12 Feb 2017 17:07:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCUxNjfvjUrA for <openpgp@ietfa.amsl.com>; Sun, 12 Feb 2017 17:07:04 -0800 (PST)
Received: from castro.crustytoothpaste.net (castro.crustytoothpaste.net [75.10.60.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 182151294F0 for <openpgp@ietf.org>; Sun, 12 Feb 2017 17:07:04 -0800 (PST)
Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 6A483280AD for <openpgp@ietf.org>; Mon, 13 Feb 2017 01:07:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1486948022; bh=DMD7CZpB5P3aQ7UW6Q1F9YXKUhtpbG0kxg1Db8JKlT4=; h=Date:From:To:Subject:From; b=e0QxOb2Efs9olv5XjxxbNjwdGIKYlvFBh1gpPccna8X7TWOqo03+MY+MuFqyuEG5B oVKIdTJZptpj8PclQ6FVAaUpefzXaeziZsvwsKz4mWZ5GnFqEpoKwqae7XakNgyX1n gVpHaGbfxP3O+9pX81NqkJZK6aBvqsa6DRineIJTboyHorPmm9s4YXrviYSvLpGf5C OIi+8WRHEdo9QVWUSzjZP27WIkhVvT+z8mdd/b9crV87k2n9nMifl6XpS698wcQ5VV HdBM0igrXzUwT0cdOgnvoRYgmsf6udWmwin4ohUdyN5kWPAz0ZTm45NC0Q4fnVHPrt ANnlNAbhfVIfhcoUabH36SwV/EMMxcgWUPEts35XxY/LtsLD2/wxCyehUa0Xgt+ZC+ CJqo+JXEpznwNqz97vHXsKm9qLh719NxNWV3pnZMHGphbn6RMW2fQ8x3yqMlaMCF9Q TeuZqty52D+/xVuI0MC24unPjmsilOCswgYZEkaiZ1DfXyMtYlT
Date: Mon, 13 Feb 2017 01:06:58 +0000
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: openpgp@ietf.org
Message-ID: <20170213010658.xmzo7yfgki2hqw42@genre.crustytoothpaste.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="mk4uo3b4hwzjsqck"
Content-Disposition: inline
X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.9.0-1-amd64)
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/VMU9DimE10coNaAxnqs101VT5eA>
Subject: [openpgp] Pull request for AEAD encrypted data packet with GCM
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2017 01:07:05 -0000
I've opened a pull request that defines an AEAD encrypted data packet using GCM. This work is necessarily incomplete, because it doesn't define a new version of the symmetrically-encrypted data packet, which we'd want, and it doesn't define a new encoding for the secret key packet. GCM seems to be the uncontroversial choice here. It's used in TLS and other protocols, and it provides adequate security. It isn't encumbered by patents. It performs reasonably well. Other alternatives include OCB and CTR with HMAC. I personally object to OCB because it's patented, and while I like CTR with HMAC, it was my impression that the rest of the working group would not share my opinion. While I understand that we are not interested in adding general extensibility to the protocol, I opted to include an octet for the AEAD algorithm in case someone wants to define OCB or something like ChaCha20-Poly1305. ChaCha20 cannot use GCM, but it is a popular algorithm that performs well on many architectures and is well-suited to embedded systems. I've proposed this as a starting point and welcome further comments. [0] https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/2 -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204
- [openpgp] Pull request for AEAD encrypted data pa… brian m. carlson
- Re: [openpgp] Pull request for AEAD encrypted dat… Jon Callas
- Re: [openpgp] Pull request for AEAD encrypted dat… Stephen Farrell
- Re: [openpgp] Pull request for AEAD encrypted dat… brian m. carlson
- [openpgp] [PATCH] Add AEAD Encrypted Data Packet … brian m. carlson
- Re: [openpgp] Pull request for AEAD encrypted dat… Jon Callas
- Re: [openpgp] Pull request for AEAD encrypted dat… Jon Callas
- Re: [openpgp] Pull request for AEAD encrypted dat… brian m. carlson
- Re: [openpgp] Pull request for AEAD encrypted dat… Werner Koch
- [openpgp] Questions around AEAD packets Werner Koch
- Re: [openpgp] Questions around AEAD packets Tom Ritter
- Re: [openpgp] Questions around AEAD packets Werner Koch
- Re: [openpgp] Pull request for AEAD encrypted dat… Peter Gutmann
- Re: [openpgp] Questions around AEAD packets Derek Atkins