Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis

Paul Wouters <paul@nohats.ca> Wed, 25 October 2017 16:27 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0AAB138AED for <openpgp@ietfa.amsl.com>; Wed, 25 Oct 2017 09:27:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vB9324rsLNEn for <openpgp@ietfa.amsl.com>; Wed, 25 Oct 2017 09:27:38 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21F3F13F41F for <openpgp@ietf.org>; Wed, 25 Oct 2017 09:27:38 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3yMbCB43yTz3JW; Wed, 25 Oct 2017 18:27:34 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1508948854; bh=Y3yuhedaWbL7EFtzID8ac6Q/nae41LfxLRnCIXq91FM=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=jxeEQRkBZKEpwQTe6W045A/t1tnXvzNMNOUKQiJlIYn+Vdt6NbuM+haqJNienqq9P gA0mpYlMP4ebBgGbBqC5l7NXdgmjXm5e1y674QtxobOysgTXQmU5EJf2d9d6AKx+jw HvGVVq7lK59fjM0QARstWwTyZsGoOwkH3RJ1xPx0=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 9YVgowsZmAkp; Wed, 25 Oct 2017 18:27:32 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 25 Oct 2017 18:27:31 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id B987E62D29; Wed, 25 Oct 2017 12:27:30 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca B987E62D29
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id A3F5240D35AF; Wed, 25 Oct 2017 12:27:30 -0400 (EDT)
Date: Wed, 25 Oct 2017 12:27:30 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Ronald Tse <tse@ribose.com>
cc: "openpgp@ietf.org" <openpgp@ietf.org>
In-Reply-To: <D0505748-E376-4CF9-8906-9AD77838FB23@ribose.com>
Message-ID: <alpine.LRH.2.21.1710251219190.18006@bofh.nohats.ca>
References: <D0505748-E376-4CF9-8906-9AD77838FB23@ribose.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8BIT
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/bBL38EN7t3nZ0QjmtAiJxBdKSmA>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 16:27:41 -0000

On Wed, 25 Oct 2017, Ronald Tse wrote:

> Since bis-02 now formally defines the AEAD packet and an AEAD algorithm registry, I’d like to bring up the topic again of
> adding OCB to the draft given its clear benefits. There have been previous mentions of patent concerns, but OCB is freely
> licensed for open source tools and has been included in libraries like OpenSSL and Botan.

What is the advantage of adding more and more algorithms and variants?

If OCB is clearly a winner over another algorithm candidate to be added,
is the inferior other candidate removed?

Adding algorithms is easy. Removing them is hard. That should raise the
bar for adding new ones.

Paul