IETF Logo Mail Archive

Re: [openpgp] OpenPGP encryption block modes

Werner Koch <wk@gnupg.org> Wed, 17 August 2022 08:52 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 059DCC14CF17 for <openpgp@ietfa.amsl.com>; Wed, 17 Aug 2022 01:52:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z9gwXX1816gU for <openpgp@ietfa.amsl.com>; Wed, 17 Aug 2022 01:52:09 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B7EFC14F746 for <openpgp@ietf.org>; Wed, 17 Aug 2022 01:52:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=698rB4Zhx+KkY7fgsLgEIwNorSCWITUVdeH/oswDuzQ=; b=SLzIeXxIoUrkhbLouj7GHv9pVc uFLFN4jvjVsHR2ZsgJviFGnSfptP2QPVN98GDqtFSSUIG3/F0lPpYHYdlwK2f6t2DGSvsDQzoz53g qeGLoscmoKfBFtRJzy0PTpS+eaUZGd4mTLN1s24i+x880tfFwAgGoTL4WAsQR4aNyIS4=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1oOEmV-00079x-ES for <openpgp@ietf.org>; Wed, 17 Aug 2022 10:52:07 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1oOEkt-0006CI-I0; Wed, 17 Aug 2022 10:50:27 +0200
From: Werner Koch <wk@gnupg.org>
To: Bruce Walzer <bwalzer@59.ca>
Cc: "brian m. carlson" <sandals@crustytoothpaste.net>, openpgp@ietf.org
References: <87bktajjvq.fsf@thinkbox> <YuKpxp0/Dy1DfC19@watt.59.ca> <875yjhjg2c.fsf@thinkbox> <87r124m64c.fsf@wheatstone.g10code.de> <YulX9jI1+wOCwLJq@ohm.59.ca> <Q6EUpbQm0e5f1OiU-77Old9p9FXyLCaFZ8pMm7PTt8VTLQJaXRQzWIDSwc3db6yI-56imyOaTNdt9TC8Zrm1jN_kPKxFYH4OqEu6o-Wfquo=@protonmail.com> <YuvlHdLz0Sfle7Ot@ohm.59.ca> <87a68ji1bv.fsf@wheatstone.g10code.de> <YvPGY8ArcKD7Hr1p@watt.59.ca> <YvQoC1g5rzKCfCVp@tapette.crustytoothpaste.net> <YvpZlQzW1yEOrqzq@ohm.59.ca>
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: Bruce Walzer <bwalzer@59.ca>, "brian m. carlson" <sandals@crustytoothpaste.net>, openpgp@ietf.org
Date: Wed, 17 Aug 2022 10:50:20 +0200
In-Reply-To: <YvpZlQzW1yEOrqzq@ohm.59.ca> (Bruce Walzer's message of "Mon, 15 Aug 2022 09:35:01 -0500")
Message-ID: <874jybmeyb.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Trump_ASPIC_replay_Hazardous_material_incident_Semtex_SUSLO_NWO=Sina"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/_qvSlqB1DJeDELd6NPR2wU2Sv9E>
Subject: Re: [openpgp] OpenPGP encryption block modes
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2022 08:52:14 -0000

On Mon, 15 Aug 2022 09:35, Bruce Walzer said:

> * Up to 3 more block cipher modes for a total of 5.

No.  There shall only be two:

 - CFB+MDC. Which has been deployed since summer 2000 (actually 7 years
   before it has been formally specified in 4880)

 - OCB.  Widely available and interop tested since January 2018.

EAX can be dropped because we don't have any patent problems anymore.

CFB-without-MDC may be implemented to allow decryption of old data (gpg
hides this behind the option --ignore-mdc-error)

> * A chunking system that goes on top of cipher blocking and the packet
>   extension blocking to bring the blocking to 3 deep.

This is part of our the original OCB specification in
draft-ietf-openpgp-rfc4880bis-03 (December 2017)

> * A whole new preference system for block cipher modes that goes on
>   top of the existing preference for the block encryption mode.

Also part of the above specification.  It is actually pretty simple to
add this, given that we already have preferences for compression,
cipher, and hash algorithms.  It could be simplified now that EAX is not
anymore needed. But the existing preference system has been proved to
work very well for introducing new algorithms.

> BTW, why was increased performance for the block cipher mode included

Performance was not a primary goal or at least the original 4880bis
charter - just to have a modern well analyzed AEAD algorithm.  And not
all the second system effect stuff the DT recently introduced.


Salam-Shalom,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein

v2.23.0 | Report a Bug | By Email