Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis

"brian m. carlson" <> Sat, 28 October 2017 00:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6A66A13954B for <>; Fri, 27 Oct 2017 17:33:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (3072-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id w8JdDbbKWfMv for <>; Fri, 27 Oct 2017 17:33:52 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B83C91389E6 for <>; Fri, 27 Oct 2017 17:33:52 -0700 (PDT)
Received: from (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id BBC1F6044A; Sat, 28 Oct 2017 00:33:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=default; t=1509150831; bh=XWy0EDu+qaqPkzCL2QQ0444BpaqO5mYq8XvvxbGbjDQ=; h=Date:From:To:Cc:Subject:References:Content-Type: Content-Disposition:In-Reply-To:From:Reply-To:Subject:Date:To:CC: Resent-Date:Resent-From:Resent-To:Resent-Cc:In-Reply-To:References: Content-Type:Content-Disposition; b=WcQw//vyE15V/C3g9/pGQMdPmVV4hCO8vXsAmrrtJ6gxc7h9VOJoc7gqes8vwDmHp Qgs965LpRgX5gbTHjeGRaXU5U348LOVgzVti4NEWj+wWOPsdvGXCinGJ+482NzDcEk tdDfy98NLIM5TknvvG0HBNXK3A4v9oN6/F/m0IYYuSl5jYUx8DLnF+s8jedwNQpBAX 8B02NNdoIm2WilxNUKrthk1lVnRrmzo9s01+GF/Fi9q+gYR6MjQmmP5pacnNkP40XZ q2sMV9bgjdvHtGvwU3iKMNfYXXpIVrWsMBMKr6y2B56GMSE+S/kpeqiFA0xpwiWnPV G0EVXarfKyXbS6M1nwIMAPZvFDD4mZHn8bKxHYdxTBERcZb3/ZXgUN4hJUZnUaiEJ6 4gw3BIsCOsW+ShoO6Pnrv3lyDOnCIF1tf6stBWw22mKWQGiGeDxnipAAr6QZhx7Y8V /rnz81oAFpe1+NSXSShwPk5WlXyDNoeRVrIcRGQ0+zWHVFwRDwf
Date: Sat, 28 Oct 2017 00:33:46 +0000
From: "brian m. carlson" <>
To: Ronald Tse <>
Cc: "" <>
Message-ID: <>
References: <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jgskmus6tj5kniir"
Content-Disposition: inline
In-Reply-To: <>
X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.13.0-1-amd64)
User-Agent: NeoMutt/20170609 (1.8.3)
X-Scanned-By: MIMEDefang 2.79 on
Archived-At: <>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 28 Oct 2017 00:33:54 -0000

On Fri, Oct 27, 2017 at 10:12:51AM +0000, Ronald Tse wrote:
> 3. The misunderstanding that OpenPGP implementers will not implement OCB due to IPR disclosures.

This has nothing to do with whether implementers will implement it.
This has to do with whether users will be willing to use a spec or
implementation that has patent concerns associated with it.

> Werner of GnuPG, has already indicated support to OCB on multiple
> occasions. Our own open-source OpenPGP implementation, RNP, will
> implement OCB. Anyone that uses popular cryptographic libraries like
> OpenSSL and Botan can already implement this and is covered by the
> licenses.

GnuPG relies on libgcrypt for cryptographic functionality.  On Debian,
libgcrypt is linked into Xorg, which is often linked to proprietary
software such as graphics drivers.  Since Debian cannot avail itself of
license 2 (because restrictions on military use are unacceptable) and
license 1 prohibits uses with proprietary software, Debian's GnuPG is
unlikely to have support for OCB unless Debian ships two separate copies
of libgcrypt.  For the same reason, Ubuntu is also likely to have the
same policy.

I've filed a bug with Debian to bring this to their attention.

These are the kind of practical reasons that patented software is
problematic and should not be a part of any specifications.  I don't
believe there's a consensus on adding this, since the groups seem at
best evenly split.  Previous opinions in the working group were mostly

I remain wholly opposed to including OCB in the OpenPGP specification,
and if this specification should make it to last call with OCB included,
I will oppose it on those grounds.
brian m. carlson / brian with sandals: Houston, Texas, US | My opinion only