Re: [openpgp] First 4880bis drafts

Aaron Zauner <azet@azet.org> Wed, 04 November 2015 17:34 UTC

Return-Path: <azet@azet.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91F431A036F for <openpgp@ietfa.amsl.com>; Wed, 4 Nov 2015 09:34:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MbZz16Blh8wU for <openpgp@ietfa.amsl.com>; Wed, 4 Nov 2015 09:34:40 -0800 (PST)
Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1A031A0371 for <openpgp@ietf.org>; Wed, 4 Nov 2015 09:34:39 -0800 (PST)
Received: by widen16 with SMTP id en16so604517wid.1 for <openpgp@ietf.org>; Wed, 04 Nov 2015 09:34:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=aZ5SHCoaw3WZqyrzy4K1oa4CsrmEUMJHM3ZxOT1TXmo=; b=CO7JpJbuI6PSDeX91+gCq3qhtkF2G0rkX/MPEScwnUgyTJUgggSSHpjQYUKzd47DJu w7s70pduLSct4ZY94LdODEJmSPznaklXLiMHRsdKdPdMrtw5UTit4mNaBv9zQFOzPvyU 9W2f6xHgbFp6ABNA45VJifF/ncT+zz8PuCqE0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=aZ5SHCoaw3WZqyrzy4K1oa4CsrmEUMJHM3ZxOT1TXmo=; b=M0zoIYDW8a4OyJlXW40zPpc5RpzF4CdV/b8weAr6q7cVE6+OrktCQluX5dI19PMTj6 xofx+kEVZUw1eNYQb4QzKQxMIBibESdkguuIzYxCxFdpWLjA10tLPxUDulCeF2KAgp8y sgkn2U/SCjxCdGV0CNr3EdoJcx212gwfpLfWDe0av+04Ie1fN6dEArfZC9rmNNTRVw7c EcIP+8dVgpdCLbimKLeWepPnbvf/ClyRF91rp6ZLJXmUuEq5gXDLz9Y0dSsmf8jC6V5d 7Fn8Ops1AgJ/yGbLcxhToXEdE9fUc8spG6ws1bgbt9BlLV1ZBjeC/eB3VwSCzaNFDclf kmZw==
X-Gm-Message-State: ALoCoQkczX15+JZT2tu3PowQ0mqI4hUKZzFGHrNZoVuK2RZ6Ek+FzrSjxlE+o30fc1OqzAT3+JwX
X-Received: by 10.194.92.138 with SMTP id cm10mr3410501wjb.6.1446658478244; Wed, 04 Nov 2015 09:34:38 -0800 (PST)
Received: from typhoon.azet.org (chello080108049181.14.11.vie.surfer.at. [80.108.49.181]) by smtp.gmail.com with ESMTPSA id z4sm2635395wjz.29.2015.11.04.09.34.37 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Nov 2015 09:34:37 -0800 (PST)
Date: Wed, 4 Nov 2015 18:34:33 +0100
From: Aaron Zauner <azet@azet.org>
To: Werner Koch <wk@gnupg.org>
Message-ID: <20151104182705.86af2e43c8@baae13974eb4556>
References: <87lhaet2cq.fsf@vigenere.g10code.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2oS5YaxWCcQjTEyO"
Content-Disposition: inline
In-Reply-To: <87lhaet2cq.fsf@vigenere.g10code.de>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/XSvUMvAW628bwTRIctLjUcscYk0>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] First 4880bis drafts
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2015 17:34:41 -0000

* Werner Koch <wk@gnupg.org> [04/11/2015 12:51:25] wrote:
> 
>    o  Added Camellia cipher from RFC 5581.

Hrm. I'm against this. CAMELLIA is going to be deprecated in e.g.
TLS because barely anyone uses it. I'm explicitly excluding anything
other than AES128 or 256 from my GnuPG config currently, I haven't
noticed any breakage in almost a year:
https://github.com/azet/dotfiles/blob/master/.gnupg/gpg.conf

If we're all going to choose our favorite cipher, without real
arguments as to new security features or performance, we're going to
end up like this:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

The ECC addition makes sense, but I'd also limit the number of
possible curves to a few vetted ones instead of verbatim including
all those NIST curves. For example: do we want to keep P256? Or are
we going with a higher 'security level' alltogether? I consider this
cruft that should be removed. Why not just use Curve25519 and
Goldilocks?

(Again; sorry if that has already been discussed, I've been very
busy the last couple of months and didn't follow every e-mail
thread, though I tired to look these topics up by searching them)


Aaron