Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
Ronald Tse <tse@ribose.com> Thu, 26 October 2017 02:03 UTC
Return-Path: <tse@ribose.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5231213ADD2 for <openpgp@ietfa.amsl.com>; Wed, 25 Oct 2017 19:03:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ribose.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 45yI4ZyW_Why for <openpgp@ietfa.amsl.com>; Wed, 25 Oct 2017 19:03:06 -0700 (PDT)
Received: from APC01-PU1-obe.outbound.protection.outlook.com (mail-pu1apc01on0072.outbound.protection.outlook.com [104.47.126.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4710F13ACE5 for <openpgp@ietf.org>; Wed, 25 Oct 2017 19:03:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ribose.onmicrosoft.com; s=selector1-ribose-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=d98OKToQCEBV+zbogl9jMh2sUa9DgqSkuD27dVKblvI=; b=AS1GGEtO6fn33CsjyFmIsLKIZXNCiZPrKQkG0NXtKQbRFMoQ4MDzrsl1AWoZNcBxkLV5kVMLnvlA5IirhUVS/EXmLJJrqzvjMMXG3OfS20LIXE2HiCELSYzOEHsgMFBrCmNuEcVEYnxSk03/mRzJmI4F4nbVQgNFApu6nFnvWs0=
Received: from PS1PR01MB1050.apcprd01.prod.exchangelabs.com (10.165.210.30) by PS1PR01MB1050.apcprd01.prod.exchangelabs.com (10.165.210.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.4; Thu, 26 Oct 2017 02:03:02 +0000
Received: from PS1PR01MB1050.apcprd01.prod.exchangelabs.com ([fe80::f0e3:51e5:3abd:6c17]) by PS1PR01MB1050.apcprd01.prod.exchangelabs.com ([fe80::f0e3:51e5:3abd:6c17%14]) with mapi id 15.20.0156.007; Thu, 26 Oct 2017 02:03:02 +0000
From: Ronald Tse <tse@ribose.com>
To: "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] Proposal to include AEAD OCB mode to 4880bis
Thread-Index: AQHTTXH5xYQNIsRUz0C1s+LLoU2hJaL1WjoAgAAH/IA=
Date: Thu, 26 Oct 2017 02:03:02 +0000
Message-ID: <07C9EFDF-C8C2-4433-A9F9-DC3D7AFD5499@ribose.com>
References: <D0505748-E376-4CF9-8906-9AD77838FB23@ribose.com> <1508981649515.71466@cs.auckland.ac.nz>
In-Reply-To: <1508981649515.71466@cs.auckland.ac.nz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tse@ribose.com;
x-originating-ip: [118.140.121.70]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; PS1PR01MB1050; 6:gwiJn3kcbzSypA8QgTAVOPL0G/r0Z2DUa8WaDrEDuX7QB0NZZ0YLqRqZdtZgVcRBCJyNQB8scF+nSKzlhmDEd/+tg8tsqWks9z8RdA+8bCP10alcGq2w8hvfJpZ0w+xeDZ5nIRQbD063W9qQoNZWP0oip/ILv+t4xZUlUZOjy30CsvqfBUITv8d5xI+/0YG+0VJDQYyK028g7xfUZzxFoUTpxY7b9l4QE24yN6iAvB/F0TohvCACRqISMYI/ggpPCCe03umgkAGsP02bZ2ndyvUqzxCrdn5vHCZ0dcGBhNVu3VIAdAKQnsWwQW1chUhVVIFipDL7YANy4ygvHkgK9g==; 5:BCuc7wF/H8rKd8igHy43FEeX8oHq9P5ehPoTlKa9U7wt7ELEsP6e+CiiHKgb/8lATPS3zeL0uxA4lbg74ZsT52KhdCm8D3/kW6Bt3uNwxR65FKjT05EXDyIXuYh2JzqG0vVlQ8QwH8MrVm7X3NrWaQ==; 24:urSm0O6ZVlf9ApxuRon6CMx3nmzvndKpyAOpWDm1T5/hpMVoL3W0Ly9BsfOiDq0OAeQUsSeVAqEMdw4DmAkVexEBkD1ET31maKOBd+GY43o=; 7:zBnqot/5jmfhDZerCNEG6uiiVia9o8pHjcj5jwXAaS/As0OPZzfCoQPEMHxGvWiCbz5i0F1gH2L5MH37YV8VXks6i+TXjRSFIY4sbWgu55xrzSL6/njZm7QPIi7VbZFpxSalSYEbtBRl7PgX332/6/6yZp44tq3UyiidgYj49sH9CbqmrrwnzZY9xNSwlbrbM0eLt+TrXwIGlDJsxjdWdKg0VeJ2eGmqsbM+qGzq4wU=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 66f87539-0643-48ca-b0e2-08d51c15b078
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4603075)(4627075)(201702281549075)(2017052603199); SRVR:PS1PR01MB1050;
x-ms-traffictypediagnostic: PS1PR01MB1050:
x-exchange-antispam-report-test: UriScan:(209352067349851);
x-microsoft-antispam-prvs: <PS1PR01MB105072898CEC3B67509C6EBED7450@PS1PR01MB1050.apcprd01.prod.exchangelabs.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231020)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6041248)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(20161123560025)(2016111802025)(20161123562025)(6043046)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:PS1PR01MB1050; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:PS1PR01MB1050;
x-forefront-prvs: 04724A515E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39830400002)(346002)(376002)(24454002)(189002)(199003)(229853002)(2900100001)(478600001)(97736004)(6506006)(3846002)(6116002)(102836003)(2501003)(5250100002)(83716003)(86362001)(53936002)(54896002)(345774005)(6512007)(236005)(99286003)(6436002)(6306002)(2351001)(316002)(966005)(2906002)(50986999)(54356999)(1730700003)(81166006)(2950100002)(6916009)(33656002)(5660300001)(81156014)(8676002)(106356001)(6486002)(6246003)(76176999)(8936002)(3280700002)(14454004)(3660700001)(68736007)(7736002)(101416001)(5640700003)(82746002)(66066001)(53546010)(105586002)(25786009)(189998001)(36756003)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:PS1PR01MB1050; H:PS1PR01MB1050.apcprd01.prod.exchangelabs.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: ribose.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_07C9EFDFC8C24433A9F9DC3D7AFD5499ribosecom_"
MIME-Version: 1.0
X-OriginatorOrg: ribose.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 66f87539-0643-48ca-b0e2-08d51c15b078
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2017 02:03:02.1821 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d98a04ff-ef98-489b-b33c-13c23a2e091a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS1PR01MB1050
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/l6I6d6UJX4gIIQtoSILuvTavQBQ>
Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Oct 2017 02:03:09 -0000
Hi Peter, Perhaps I could clarify that the OCB patent is limited in regional scope and does not apply outside of the US. For example, the NZ military could order a pizza using OCB. The OCB licenses provided on Rogaway’s page is very clear that open source usage, such as in OpenSSL and any products based on OpenSSL, is strictly allowed — which means that military and hardware usage of OCB through OpenSSL is already allowed. I think we are slightly confusing an optional algorithm, which OCB is proposed to be, with a mandatory one. A user should be able to specify in their preferences that they don’t accept OCB. A .mil email address will probably specify they do not want OCB in this case. Given OpenPGP is supposed to be “open”, people should be able to state their preferences as well as do what they want with it. For example, Chinese cryptography law strictly forbids AES usage in hardware. Does that mean Intel needs to drop AES-NI for chips sold in China? The answer is no. People simply don’t use it because of these regulations. This is the same with OCB — if you don’t like it, don’t want it, just don't use it. It only enables people who want it to use it. Ron _____________________________________ Ronald Tse Ribose Inc. +=========================================================+ This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. +=========================================================+ On Oct 26, 2017, at 9:34 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz<mailto:pgut001@cs.auckland.ac.nz>> wrote: Ronald Tse <tse@ribose.com<mailto:tse@ribose.com>> writes: There have been previous mentions of patent concerns, but OCB is freely licensed for open source tools and has been included in libraries like OpenSSL and Botan. It's a lot more problematic than that. While I support the OCB patent holder's stand on a moral basis, the licensing unfortunately makes it impossible to use for general software, which is a real shame because it's a very nice crypto mechanism. Examples of some general-purpose uses of crypto and how the license affects them: Banking: No, because members of the military might be customers. Email: No, because it might go to/come from a .mil address. Ordering a pizza online: No, because it might be sent to a military base. (Some of these are from actual legal analyses of the implications of using it, not just me coming up with corner cases). IDEA had the same problem, it was more or less OK to use in open-source type software, but was still sufficiently problematic that it was removed from OpenPGP. It's the same with OCB, the license terms require that you track every single use and user of the software in order to verify that the use is non-infringing. That makes it unusable for real-world purposes, i.e. where commercial entities are involved. Peter. _______________________________________________ openpgp mailing list openpgp@ietf.org<mailto:openpgp@ietf.org> https://www.ietf.org/mailman/listinfo/openpgp
- [openpgp] Proposal to include AEAD OCB mode to 48… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Rick van Rein
- Re: [openpgp] Proposal to include AEAD OCB mode t… Peter Gutmann
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Peter Gutmann
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Hanno Böck
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Rick van Rein
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Gregory Maxwell
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Ronald Tse
- Re: [openpgp] Proposal to include AEAD OCB mode t… Paul Wouters
- Re: [openpgp] Proposal to include AEAD OCB mode t… Salz, Rich
- Re: [openpgp] Proposal to include AEAD OCB mode t… Werner Koch
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson
- Re: [openpgp] Proposal to include AEAD OCB mode t… Derek Atkins
- Re: [openpgp] Proposal to include AEAD OCB mode t… brian m. carlson