IETF Logo Mail Archive

Re: [openpgp] First remarks on the last I-D (Was: I-D Action: draft-ietf-openpgp-crypto-refresh-06.txt)

"brian m. carlson" <sandals@crustytoothpaste.net> Wed, 08 June 2022 00:32 UTC

Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 933ADC14F74B for <openpgp@ietfa.amsl.com>; Tue, 7 Jun 2022 17:32:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PXMg8Sf1kxNo for <openpgp@ietfa.amsl.com>; Tue, 7 Jun 2022 17:31:59 -0700 (PDT)
Received: from ring.crustytoothpaste.net (ring.crustytoothpaste.net [172.105.110.227]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A07EDC14F744 for <openpgp@ietf.org>; Tue, 7 Jun 2022 17:31:59 -0700 (PDT)
Received: from camp.crustytoothpaste.net (unknown [IPv6:2001:470:b056:101:a6ae:7d13:8741:9028]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ring.crustytoothpaste.net (Postfix) with ESMTPSA id 709315A26C for <openpgp@ietf.org>; Wed, 8 Jun 2022 00:31:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crustytoothpaste.net; s=default; t=1654648318; bh=HFfTnKc8z8ispsXBXedJKpyiwSKlJRHU0UnW9A8igiY=; h=Date:From:To:Subject:References:Content-Type:Content-Disposition: In-Reply-To:From:Reply-To:Subject:Date:To:CC:Resent-Date: Resent-From:Resent-To:Resent-Cc:In-Reply-To:References: Content-Type:Content-Disposition; b=OoErQ8dq82sxyFlRHy9T17yYLO3x6MPGqTMWO7M2dG7qFQYNUxlb+TyDpxPyFi+k7 iIQQTHlcffc8BxDt7CX9lppMnLZkc9jJBWtt9tn1OgHqwEXVjv4t/GLaT/3knm3lr+ LDnSj7BiRn+FB9AR4fseAVJWm6PuUmTl9tdEGIk6y2lONM00MKgynNPuPaEpW9c2Zs jDbh8qW+ChcdotIPnLfPNClpcpstmkWUD8cI0yUdRGk6pXWHQG92vNOaZhDqNfqiX8 0vZ405wgtx+nbTDgILcIIma3PHDe2JdHmP3I00VJvZVkVvIKhGR/q2PnbKaPrfyuaY UUTIMdiaK2t92XdkeBZQXCzCLqgxFUsyzbbULKNEjaplXe19wMbcJXTrDO4rhf3CHR kjhqUlKbvIq/d5MObaTvOL/ttO4b7b74pqL7w5PSVmM513Apbu3L8rCAxcDqp0RL+P WgVSh4hDLmfN7cpEm09gOjeZUyL4li58QgcZrKnqwXHPPUYyhMZ
Date: Wed, 08 Jun 2022 00:31:56 +0000
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: openpgp@ietf.org
Message-ID: <Yp/t/PlF55TUnpQN@camp.crustytoothpaste.net>
References: <165453577116.17285.7902041139949315015@ietfa.amsl.com> <87tu8xkjx4.fsf@wheatstone.g10code.de> <1378eec-4255-930-736-ffd27f292d48@nohats.ca> <87fskgy5c0.fsf@europ.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="X1aZWXmeLJLNyG29"
Content-Disposition: inline
In-Reply-To: <87fskgy5c0.fsf@europ.lan>
User-Agent: Mutt/2.2.4 (2022-04-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/lrEfGX08hIW8U4ZaLt6U8nEdipU>
Subject: Re: [openpgp] First remarks on the last I-D (Was: I-D Action: draft-ietf-openpgp-crypto-refresh-06.txt)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2022 00:32:03 -0000

On 2022-06-07 at 13:24:15, Justus Winter wrote:
> Paul Wouters <paul@nohats.ca> writes:
> 
> > On Tue, 7 Jun 2022, Werner Koch wrote:
> >
> >>   The WG once decided to go with EAX and OCB.  EAX was only added to
> >>   avoid possible patent problems.  However, in the 4.5 years since the
> >>   introduction of EAX the patent things has expired was invalidated and
> >>   before the new mode will will be a MUST algorithm in a future OpenPGP
> >>   RFC (not in 4880bis), there will definitely be no more problem at all
> >>   with OCB.  I bet that by then an updated FIPS-140 will even allow
> >>   OCB.
> >
> > If we have more indication than only your bet, that might be a persuavive
> > argument. But right now, GCM is the only FIPS compatible method. So I
> > think removing that would be problematic.
> 
> We have customers that care about FIPS, and we need a FIPS-compatible
> subset of OpenPGP now, rather than wait and hope that some existing
> algorithm like OCB will become FIPS-compliant in the future.

I agree that OCB is the most desirable option now that the patent has
expired but that we should have FIPS-compatible options as well.  My
position is that FIPS-compatible crypto is usually a mistake, since it
prevents using fast, secure cryptography, but I also know that if we
don't have something FIPS compatible, then we'll end up with government
agencies and contractors using the older non-AEAD schemes, which is
substantially worse from a security perspective.  GCM can be optional
and nobody has to implement it.

I also think binding to the scheme is good and we should keep that.
-- 
brian m. carlson (he/him or they/them)
Toronto, Ontario, CA

v2.23.0 | Report a Bug | By Email