IETF Logo Mail Archive

Re: [openpgp] OpenPGP encryption block modes (Was: The Argon2 proposal seems incomplete (Draft 6))

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 08 August 2022 17:01 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 487E0C15C535 for <openpgp@ietfa.amsl.com>; Mon, 8 Aug 2022 10:01:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.409
X-Spam-Level:
X-Spam-Status: No, score=-1.409 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qlDtqaxoxj5c for <openpgp@ietfa.amsl.com>; Mon, 8 Aug 2022 10:01:36 -0700 (PDT)
Received: from mail-oa1-f47.google.com (mail-oa1-f47.google.com [209.85.160.47]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8992BC14CF02 for <openpgp@ietf.org>; Mon, 8 Aug 2022 10:01:36 -0700 (PDT)
Received: by mail-oa1-f47.google.com with SMTP id 586e51a60fabf-10ea30a098bso11198254fac.8 for <openpgp@ietf.org>; Mon, 08 Aug 2022 10:01:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/h0BfuBKTZ9NK6PHAPuHwmD5u4HC6m/DdPxEruuKNEw=; b=CnzXPr+pqtDAgkOW4iQdt9uHnmYZvVNLPReoHJJeydo2A9PXVcdoKjpkHF/UCsAACB wmV2JgON3JKVEGsCinNF87drZOn+g4Bn/VDvIeIdjEQ5rmrOdVfbFIZxW66D8LZxj1n3 jC/Tp2I0KMutQzk8Gk/4vP4+Ndeh5OWFOGSF/wJbX/eCeY+UoJidEANg+wB3B/bWt1ho ssydoRQHzlzdac8lIxptpRQvnSx1KoLMU67G5/7uhKuos6UCW/+0GMPUuAz/GGJPAJDq wOpyrpc7UUMvP08hXd+sWsyKU2W0R3rRorImq+9o7AUgHKFxAIUvCcVMJaYg8YEv4SQw T9xg==
X-Gm-Message-State: ACgBeo2XLlCYvIA5h+rGrQOihKrKVTXuFMwwUjwns8mNyFfhDlAVQnzm MjoVUYKpB/xBFnppExiELOlF3HaSUOSL+m0TsXfXxADKjYY=
X-Google-Smtp-Source: AA6agR7vnToTEIhzz3DNeu21irQjUEiKbKWHqCzb1XUYotDsbp5VxYoz/nGOvMHEIW4g33JrqWxapgkmeE3IugVZjFM=
X-Received: by 2002:a05:6870:1601:b0:101:5e61:d8ee with SMTP id b1-20020a056870160100b001015e61d8eemr8483509oae.244.1659978095534; Mon, 08 Aug 2022 10:01:35 -0700 (PDT)
MIME-Version: 1.0
References: <YuAErZRsF/KbOw1s@watt.59.ca> <87edy7keb6.fsf@thinkbox> <YuFc+w02FiRQmHcg@watt.59.ca> <87bktajjvq.fsf@thinkbox> <YuKpxp0/Dy1DfC19@watt.59.ca> <875yjhjg2c.fsf@thinkbox> <87r124m64c.fsf@wheatstone.g10code.de> <YulX9jI1+wOCwLJq@ohm.59.ca> <SY4PR01MB6251E8D4ED18EF9EB1497DB7EE9C9@SY4PR01MB6251.ausprd01.prod.outlook.com> <b23496c9-97e4-1fe7-f01e-545b592dfc21@cs.tcd.ie>
In-Reply-To: <b23496c9-97e4-1fe7-f01e-545b592dfc21@cs.tcd.ie>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 08 Aug 2022 13:01:24 -0400
Message-ID: <CAMm+Lwid_8hYzoPMcS5OsuN3M0u9JDoSvfLsX_pc7WWPxu+zLQ@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Bruce Walzer <bwalzer@59.ca>, Werner Koch <wk@gnupg.org>, Justus Winter <justus@sequoia-pgp.org>, "openpgp@ietf.org" <openpgp@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b8251f05e5bdc4a3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/fEGHjSjWDprat3191FH36t69BAI>
Subject: Re: [openpgp] OpenPGP encryption block modes (Was: The Argon2 proposal seems incomplete (Draft 6))
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2022 17:01:37 -0000

+1

If it wasn't for the patents issue, GCM would never have been invented. The
problem was patents, plural, not just the ones held by the OCB inventor.

GCM was created for TLS which is a Data in Motion control and has always
accepted the speed/security tradeoff of using a stream cipher. AES-GCM is a
stream cipher even though it uses a block encryption primitive.

OpenPGP is a Data at Rest control and so we have to consider the security
of the data over decades rather than days. Unless you are someone of great
importance, your TLS traffic is not going to be among the encrypted data
considered interesting enough to save. Your OpenPGP data on the other hand
is going to sit on mail servers for centuries.

So OCB as a MUST and GCM as a MAY make sense. I think it is appropriate to
push back on proposals to support GCM but in this case, there seems to be a
decent enough argument for it.



On Wed, Aug 3, 2022 at 8:33 AM Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> Hiya,
>
> On 03/08/2022 06:54, Peter Gutmann wrote:
> > there's no reason to prefer the
> > incredibly brittle and significantly less efficient GCM (or CCM) over OCB
>
> For clarity. The current draft prefers OCB by making
> it a MUST implement, over GCM which is a MAY implement.
>
> S.
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
>

v2.23.0 | Report a Bug | By Email