Re: [openpgp] OpenPGP encryption block modes
Werner Koch <wk@gnupg.org> Wed, 17 August 2022 08:52 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 059DCC14CF17 for <openpgp@ietfa.amsl.com>; Wed, 17 Aug 2022 01:52:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z9gwXX1816gU for <openpgp@ietfa.amsl.com>; Wed, 17 Aug 2022 01:52:09 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B7EFC14F746 for <openpgp@ietf.org>; Wed, 17 Aug 2022 01:52:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=698rB4Zhx+KkY7fgsLgEIwNorSCWITUVdeH/oswDuzQ=; b=SLzIeXxIoUrkhbLouj7GHv9pVc uFLFN4jvjVsHR2ZsgJviFGnSfptP2QPVN98GDqtFSSUIG3/F0lPpYHYdlwK2f6t2DGSvsDQzoz53g qeGLoscmoKfBFtRJzy0PTpS+eaUZGd4mTLN1s24i+x880tfFwAgGoTL4WAsQR4aNyIS4=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1oOEmV-00079x-ES for <openpgp@ietf.org>; Wed, 17 Aug 2022 10:52:07 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1oOEkt-0006CI-I0; Wed, 17 Aug 2022 10:50:27 +0200
From: Werner Koch <wk@gnupg.org>
To: Bruce Walzer <bwalzer@59.ca>
Cc: "brian m. carlson" <sandals@crustytoothpaste.net>, openpgp@ietf.org
References: <87bktajjvq.fsf@thinkbox> <YuKpxp0/Dy1DfC19@watt.59.ca> <875yjhjg2c.fsf@thinkbox> <87r124m64c.fsf@wheatstone.g10code.de> <YulX9jI1+wOCwLJq@ohm.59.ca> <Q6EUpbQm0e5f1OiU-77Old9p9FXyLCaFZ8pMm7PTt8VTLQJaXRQzWIDSwc3db6yI-56imyOaTNdt9TC8Zrm1jN_kPKxFYH4OqEu6o-Wfquo=@protonmail.com> <YuvlHdLz0Sfle7Ot@ohm.59.ca> <87a68ji1bv.fsf@wheatstone.g10code.de> <YvPGY8ArcKD7Hr1p@watt.59.ca> <YvQoC1g5rzKCfCVp@tapette.crustytoothpaste.net> <YvpZlQzW1yEOrqzq@ohm.59.ca>
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: Bruce Walzer <bwalzer@59.ca>, "brian m. carlson" <sandals@crustytoothpaste.net>, openpgp@ietf.org
Date: Wed, 17 Aug 2022 10:50:20 +0200
In-Reply-To: <YvpZlQzW1yEOrqzq@ohm.59.ca> (Bruce Walzer's message of "Mon, 15 Aug 2022 09:35:01 -0500")
Message-ID: <874jybmeyb.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Trump_ASPIC_replay_Hazardous_material_incident_Semtex_SUSLO_NWO=Sina"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/_qvSlqB1DJeDELd6NPR2wU2Sv9E>
Subject: Re: [openpgp] OpenPGP encryption block modes
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2022 08:52:14 -0000
On Mon, 15 Aug 2022 09:35, Bruce Walzer said: > * Up to 3 more block cipher modes for a total of 5. No. There shall only be two: - CFB+MDC. Which has been deployed since summer 2000 (actually 7 years before it has been formally specified in 4880) - OCB. Widely available and interop tested since January 2018. EAX can be dropped because we don't have any patent problems anymore. CFB-without-MDC may be implemented to allow decryption of old data (gpg hides this behind the option --ignore-mdc-error) > * A chunking system that goes on top of cipher blocking and the packet > extension blocking to bring the blocking to 3 deep. This is part of our the original OCB specification in draft-ietf-openpgp-rfc4880bis-03 (December 2017) > * A whole new preference system for block cipher modes that goes on > top of the existing preference for the block encryption mode. Also part of the above specification. It is actually pretty simple to add this, given that we already have preferences for compression, cipher, and hash algorithms. It could be simplified now that EAX is not anymore needed. But the existing preference system has been proved to work very well for introducing new algorithms. > BTW, why was increased performance for the block cipher mode included Performance was not a primary goal or at least the original 4880bis charter - just to have a modern well analyzed AEAD algorithm. And not all the second system effect stuff the DT recently introduced. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
- [openpgp] The Argon2 proposal seems incomplete (D… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Justus Winter
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- Re: [openpgp] The Argon2 proposal seems incomplet… Justus Winter
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Justus Winter
- Re: [openpgp] The Argon2 proposal seems incomplet… Werner Koch
- Re: [openpgp] The Argon2 proposal seems incomplet… Paul Wouters
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… brian m. carlson
- Re: [openpgp] The Argon2 proposal seems incomplet… Stephen Farrell
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- [openpgp] OpenPGP encryption block modes (Was: Th… Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes (Was… Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes (Was… Peter Gutmann
- Re: [openpgp] OpenPGP encryption block modes (Was… Stephen Farrell
- Re: [openpgp] OpenPGP encryption block modes (Was… Benjamin Kaduk
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes (Was… Daniel Huigens
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes Werner Koch
- Re: [openpgp] OpenPGP encryption block modes Aron Wussler
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes Aron Wussler
- Re: [openpgp] OpenPGP encryption block modes (Was… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP encryption block modes (Was… Marcus Brinkmann
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes brian m. carlson
- Re: [openpgp] OpenPGP encryption block modes Werner Koch
- Re: [openpgp] OpenPGP encryption block modes Peter Gutmann
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes brian m. carlson
- Re: [openpgp] OpenPGP encryption block modes Stephen Farrell
- Re: [openpgp] OpenPGP encryption block modes Peter Gutmann
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes Werner Koch
- Re: [openpgp] OpenPGP encryption block modes (Was… Stephen Farrell
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes (Was… Marcus Brinkmann
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Ángel
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Kahn Gillmor