[openpgp] AEAD and Rome (was: First remarks on the last I-D)
Werner Koch <wk@gnupg.org> Mon, 13 June 2022 16:50 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47CDEC14F740 for <openpgp@ietfa.amsl.com>; Mon, 13 Jun 2022 09:50:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.11
X-Spam-Level:
X-Spam-Status: No, score=-7.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TjoSwF5cAghb for <openpgp@ietfa.amsl.com>; Mon, 13 Jun 2022 09:50:20 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45AEAC157B55 for <openpgp@ietf.org>; Mon, 13 Jun 2022 09:50:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=5uOl8odQ/ZUIgMKv15TYr1hg6V3708LUvE6XWpO1jfo=; b=SVc/d+cN+WJSc890XxWiwGGXLR y8KoWMRlbiBecocynj49BRnGUpuqCgIfmbqgkd04a37iTD/KI3kiYILj9Q/PKIdGfC95S9SQiiYlV 1Eq6AnjGtweeU1+TObBKhS5wIJ5NyYrlbgjZg0q6aFLrZrFD5oW/G6fh60qV1XLNvm1Q=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1o0nGR-00059v-C0 for <openpgp@ietf.org>; Mon, 13 Jun 2022 18:50:07 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1o0nGC-0006Gq-Lv; Mon, 13 Jun 2022 18:49:52 +0200
From: Werner Koch <wk@gnupg.org>
To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>
Cc: "Robert J. Hansen" <rjh@sixdemonbag.org>, Daniel Huigens <d.huigens@protonmail.com>, openpgp@ietf.org, Jon Callas <joncallas=40icloud.com@dmarc.ietf.org>
References: <BB9D0AB9-CC8C-420E-8082-E9F64B09BF46@ribose.com> <18396bf2-5319-87c3-095e-f804632618f2@cs.tcd.ie> <5100C338-C6DC-4BB1-86A4-DAC353AA82CC@icloud.com> <7547a547-bb71-2bdd-f85e-91d46476bc6@nohats.ca> <54B2F360-C996-4A5D-BE3D-6EA405406C68@icloud.com> <YqPEw8OIlf0PG40T@camp.crustytoothpaste.net> <25c3a7b5-07ef-1521-1a14-43ef0c7b4043@cs.tcd.ie> <SY4PR01MB6251D365368552630ECCD720EEA99@SY4PR01MB6251.ausprd01.prod.outlook.com> <4dd0ad8b-9de7-15e6-a9ef-e0401acd69f8@sixdemonbag.org> <p_7pskU0MxbpIjGwmAUTMmFsJxjA8QRQCGDbCfrYQTSXocrlDUFDdNuHXChjBwy3RAc2eA_mRIyGFDWD6u5peNNL_F9I3yUYXAa5Khy5XqE=@protonmail.com>
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>, "Robert J. Hansen" <rjh@sixdemonbag.org>, Daniel Huigens <d.huigens@protonmail.com>, openpgp@ietf.org, Jon Callas <joncallas=40icloud.com@dmarc.ietf.org>
Date: Mon, 13 Jun 2022 18:49:52 +0200
In-Reply-To: <p_7pskU0MxbpIjGwmAUTMmFsJxjA8QRQCGDbCfrYQTSXocrlDUFDdNuHXChjBwy3RAc2eA_mRIyGFDWD6u5peNNL_F9I3yUYXAa5Khy5XqE=@protonmail.com> (Daniel Huigens's message of "Mon, 13 Jun 2022 10:41:53 +0000")
Message-ID: <87y1y0bj9r.fsf_-_@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Pandemic_Spillover_warfare_9/11_president_cypherpunk_Help_Watergate="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/mawKFoP3ChRH-xB7nJxOCKhAino>
Subject: [openpgp] AEAD and Rome (was: First remarks on the last I-D)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2022 16:50:24 -0000
On Mon, 13 Jun 2022 10:41, Daniel Huigens said: > the way it is. So I think that while it's not ideal, having GCM > (in addition to OCB) in the standard is better than not having it. Fast wind back to the second AES conference in Rome in 2000. PRZ and Jon asked me to attend to talk about OpenPGP. Aside of the MDC thing, Phil's main fear was that we would add more and more algorithms to OpenPGP. We should limit that to help with maintenance in the years to come. Thus we agreed to add only new algorithms if they are technically required but don't give more options than absolutely required. Right, later we added Camellia and (NIST or Brainpool) for political reasons. But we also refused to accept all the new ideas about cool new algorithms. Even the Chinese and Russians didn't yet insist on having their home ciphers added. Aside of deprecating SHA-1 use, a modern and faster AD algorithm was the main goal for RFC-4880bis. The need to also add EAX was due to uncertainty about the patent status in all application areas. We discussed this here and unfortunately had to do that. However, it was also clear that EAX won't be used in reality and added only to satisfy the patent concerns which had bugged PGP over all the 30 years. But: Adding GCM and having to drop a widely deployed and tested AEAD cipher is just the opposite of the Rome agreement. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
- [openpgp] I-D Action: draft-ietf-openpgp-crypto-r… internet-drafts
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Paul Wouters
- [openpgp] First remarks on the last I-D (Was: I-D… Werner Koch
- Re: [openpgp] First remarks on the last I-D (Was:… Paul Wouters
- Re: [openpgp] First remarks on the last I-D (Was:… Justus Winter
- Re: [openpgp] First remarks on the last I-D (Was:… Stephen Farrell
- Re: [openpgp] First remarks on the last I-D (Was:… Daniel Huigens
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Robert J. Hansen
- Re: [openpgp] First remarks on the last I-D Peter Gutmann
- Re: [openpgp] First remarks on the last I-D Ronald Tse
- Re: [openpgp] First remarks on the last I-D Paul Wouters
- Re: [openpgp] First remarks on the last I-D (Was:… brian m. carlson
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D Paul Wouters
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D brian m. carlson
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Peter Gutmann
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Paul Schaub
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D Robert J. Hansen
- Re: [openpgp] First remarks on the last I-D Daniel Huigens
- [openpgp] AEAD and Rome (was: First remarks on th… Werner Koch
- Re: [openpgp] AEAD and Rome (was: First remarks o… Daniel Huigens
- [openpgp] Choices for AEAD modes [was: AEAD and R… Daniel Kahn Gillmor
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Justus Winter
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Paul Wouters
- Re: [openpgp] Choices for AEAD modes Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… brian m. carlson
- Re: [openpgp] Choices for AEAD modes Ronald Tse
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Stephen Farrell
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Stephen Farrell
- Re: [openpgp] Choices for AEAD modes Werner Koch
- Re: [openpgp] Choices for AEAD modes Stephen Farrell