Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis

Ronald Tse <> Thu, 26 October 2017 02:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5231213ADD2 for <>; Wed, 25 Oct 2017 19:03:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 45yI4ZyW_Why for <>; Wed, 25 Oct 2017 19:03:06 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4710F13ACE5 for <>; Wed, 25 Oct 2017 19:03:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-ribose-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=d98OKToQCEBV+zbogl9jMh2sUa9DgqSkuD27dVKblvI=; b=AS1GGEtO6fn33CsjyFmIsLKIZXNCiZPrKQkG0NXtKQbRFMoQ4MDzrsl1AWoZNcBxkLV5kVMLnvlA5IirhUVS/EXmLJJrqzvjMMXG3OfS20LIXE2HiCELSYzOEHsgMFBrCmNuEcVEYnxSk03/mRzJmI4F4nbVQgNFApu6nFnvWs0=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id; Thu, 26 Oct 2017 02:03:02 +0000
Received: from ([fe80::f0e3:51e5:3abd:6c17]) by ([fe80::f0e3:51e5:3abd:6c17%14]) with mapi id 15.20.0156.007; Thu, 26 Oct 2017 02:03:02 +0000
From: Ronald Tse <>
To: "" <>
Thread-Topic: [openpgp] Proposal to include AEAD OCB mode to 4880bis
Thread-Index: AQHTTXH5xYQNIsRUz0C1s+LLoU2hJaL1WjoAgAAH/IA=
Date: Thu, 26 Oct 2017 02:03:02 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; PS1PR01MB1050; 6:gwiJn3kcbzSypA8QgTAVOPL0G/r0Z2DUa8WaDrEDuX7QB0NZZ0YLqRqZdtZgVcRBCJyNQB8scF+nSKzlhmDEd/+tg8tsqWks9z8RdA+8bCP10alcGq2w8hvfJpZ0w+xeDZ5nIRQbD063W9qQoNZWP0oip/ILv+t4xZUlUZOjy30CsvqfBUITv8d5xI+/0YG+0VJDQYyK028g7xfUZzxFoUTpxY7b9l4QE24yN6iAvB/F0TohvCACRqISMYI/ggpPCCe03umgkAGsP02bZ2ndyvUqzxCrdn5vHCZ0dcGBhNVu3VIAdAKQnsWwQW1chUhVVIFipDL7YANy4ygvHkgK9g==; 5:BCuc7wF/H8rKd8igHy43FEeX8oHq9P5ehPoTlKa9U7wt7ELEsP6e+CiiHKgb/8lATPS3zeL0uxA4lbg74ZsT52KhdCm8D3/kW6Bt3uNwxR65FKjT05EXDyIXuYh2JzqG0vVlQ8QwH8MrVm7X3NrWaQ==; 24:urSm0O6ZVlf9ApxuRon6CMx3nmzvndKpyAOpWDm1T5/hpMVoL3W0Ly9BsfOiDq0OAeQUsSeVAqEMdw4DmAkVexEBkD1ET31maKOBd+GY43o=; 7:zBnqot/5jmfhDZerCNEG6uiiVia9o8pHjcj5jwXAaS/As0OPZzfCoQPEMHxGvWiCbz5i0F1gH2L5MH37YV8VXks6i+TXjRSFIY4sbWgu55xrzSL6/njZm7QPIi7VbZFpxSalSYEbtBRl7PgX332/6/6yZp44tq3UyiidgYj49sH9CbqmrrwnzZY9xNSwlbrbM0eLt+TrXwIGlDJsxjdWdKg0VeJ2eGmqsbM+qGzq4wU=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 66f87539-0643-48ca-b0e2-08d51c15b078
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4603075)(4627075)(201702281549075)(2017052603199); SRVR:PS1PR01MB1050;
x-ms-traffictypediagnostic: PS1PR01MB1050:
x-exchange-antispam-report-test: UriScan:(209352067349851);
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231020)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6041248)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(20161123560025)(2016111802025)(20161123562025)(6043046)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:PS1PR01MB1050; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:PS1PR01MB1050;
x-forefront-prvs: 04724A515E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39830400002)(346002)(376002)(24454002)(189002)(199003)(229853002)(2900100001)(478600001)(97736004)(6506006)(3846002)(6116002)(102836003)(2501003)(5250100002)(83716003)(86362001)(53936002)(54896002)(345774005)(6512007)(236005)(99286003)(6436002)(6306002)(2351001)(316002)(966005)(2906002)(50986999)(54356999)(1730700003)(81166006)(2950100002)(6916009)(33656002)(5660300001)(81156014)(8676002)(106356001)(6486002)(6246003)(76176999)(8936002)(3280700002)(14454004)(3660700001)(68736007)(7736002)(101416001)(5640700003)(82746002)(66066001)(53546010)(105586002)(25786009)(189998001)(36756003)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:PS1PR01MB1050;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_07C9EFDFC8C24433A9F9DC3D7AFD5499ribosecom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 66f87539-0643-48ca-b0e2-08d51c15b078
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2017 02:03:02.1821 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d98a04ff-ef98-489b-b33c-13c23a2e091a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS1PR01MB1050
Archived-At: <>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 26 Oct 2017 02:03:09 -0000

Hi Peter,

Perhaps I could clarify that the OCB patent is limited in regional scope and does not apply outside of the US. For example, the NZ military could order a pizza using OCB.

The OCB licenses provided on Rogaway’s page is very clear that open source usage, such as in OpenSSL and any products based on OpenSSL, is strictly allowed — which means that military and hardware usage of OCB through OpenSSL is already allowed.

I think we are slightly confusing an optional algorithm, which OCB is proposed to be, with a mandatory one. A user should be able to specify in their preferences that they don’t accept OCB. A .mil email address will probably specify they do not want OCB in this case.

Given OpenPGP is supposed to be “open”, people should be able to state their preferences as well as do what they want with it.

For example, Chinese cryptography law strictly forbids AES usage in hardware. Does that mean Intel needs to drop AES-NI for chips sold in China? The answer is no. People simply don’t use it because of these regulations.

This is the same with OCB — if you don’t like it, don’t want it, just don't use it. It only enables people who want it to use it.



Ronald Tse
Ribose Inc.

This message may contain confidential and/or privileged
information.  If you are not the addressee or authorized to
receive this for the addressee, you must not use, copy,
disclose or take any action based on this message or any
information herein.  If you have received this message in
error, please advise the sender immediately by reply e-mail
and delete this message.  Thank you for your cooperation.

On Oct 26, 2017, at 9:34 AM, Peter Gutmann <<>> wrote:

Ronald Tse <<>> writes:

There have been previous mentions of patent concerns, but OCB is freely
licensed for open source tools and has been included in libraries like
OpenSSL and Botan.

It's a lot more problematic than that.  While I support the OCB patent
holder's stand on a moral basis, the licensing unfortunately makes it
impossible to use for general software, which is a real shame because it's a
very nice crypto mechanism.  Examples of some general-purpose uses of crypto
and how the license affects them:

Banking: No, because members of the military might be customers.

Email: No, because it might go to/come from a .mil address.

Ordering a pizza online: No, because it might be sent to a military base.

(Some of these are from actual legal analyses of the implications of using it,
not just me coming up with corner cases).

IDEA had the same problem, it was more or less OK to use in open-source type
software, but was still sufficiently problematic that it was removed from
OpenPGP.  It's the same with OCB, the license terms require that you track
every single use and user of the software in order to verify that the use is
non-infringing.  That makes it unusable for real-world purposes, i.e. where
commercial entities are involved.


openpgp mailing list<>