IETF Logo Mail Archive

[openpgp] AEAD and Rome (was: First remarks on the last I-D)

Werner Koch <wk@gnupg.org> Mon, 13 June 2022 16:50 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47CDEC14F740 for <openpgp@ietfa.amsl.com>; Mon, 13 Jun 2022 09:50:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.11
X-Spam-Level:
X-Spam-Status: No, score=-7.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TjoSwF5cAghb for <openpgp@ietfa.amsl.com>; Mon, 13 Jun 2022 09:50:20 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45AEAC157B55 for <openpgp@ietf.org>; Mon, 13 Jun 2022 09:50:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=5uOl8odQ/ZUIgMKv15TYr1hg6V3708LUvE6XWpO1jfo=; b=SVc/d+cN+WJSc890XxWiwGGXLR y8KoWMRlbiBecocynj49BRnGUpuqCgIfmbqgkd04a37iTD/KI3kiYILj9Q/PKIdGfC95S9SQiiYlV 1Eq6AnjGtweeU1+TObBKhS5wIJ5NyYrlbgjZg0q6aFLrZrFD5oW/G6fh60qV1XLNvm1Q=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1o0nGR-00059v-C0 for <openpgp@ietf.org>; Mon, 13 Jun 2022 18:50:07 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1o0nGC-0006Gq-Lv; Mon, 13 Jun 2022 18:49:52 +0200
From: Werner Koch <wk@gnupg.org>
To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>
Cc: "Robert J. Hansen" <rjh@sixdemonbag.org>, Daniel Huigens <d.huigens@protonmail.com>, openpgp@ietf.org, Jon Callas <joncallas=40icloud.com@dmarc.ietf.org>
References: <BB9D0AB9-CC8C-420E-8082-E9F64B09BF46@ribose.com> <18396bf2-5319-87c3-095e-f804632618f2@cs.tcd.ie> <5100C338-C6DC-4BB1-86A4-DAC353AA82CC@icloud.com> <7547a547-bb71-2bdd-f85e-91d46476bc6@nohats.ca> <54B2F360-C996-4A5D-BE3D-6EA405406C68@icloud.com> <YqPEw8OIlf0PG40T@camp.crustytoothpaste.net> <25c3a7b5-07ef-1521-1a14-43ef0c7b4043@cs.tcd.ie> <SY4PR01MB6251D365368552630ECCD720EEA99@SY4PR01MB6251.ausprd01.prod.outlook.com> <4dd0ad8b-9de7-15e6-a9ef-e0401acd69f8@sixdemonbag.org> <p_7pskU0MxbpIjGwmAUTMmFsJxjA8QRQCGDbCfrYQTSXocrlDUFDdNuHXChjBwy3RAc2eA_mRIyGFDWD6u5peNNL_F9I3yUYXAa5Khy5XqE=@protonmail.com>
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>, "Robert J. Hansen" <rjh@sixdemonbag.org>, Daniel Huigens <d.huigens@protonmail.com>, openpgp@ietf.org, Jon Callas <joncallas=40icloud.com@dmarc.ietf.org>
Date: Mon, 13 Jun 2022 18:49:52 +0200
In-Reply-To: <p_7pskU0MxbpIjGwmAUTMmFsJxjA8QRQCGDbCfrYQTSXocrlDUFDdNuHXChjBwy3RAc2eA_mRIyGFDWD6u5peNNL_F9I3yUYXAa5Khy5XqE=@protonmail.com> (Daniel Huigens's message of "Mon, 13 Jun 2022 10:41:53 +0000")
Message-ID: <87y1y0bj9r.fsf_-_@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Pandemic_Spillover_warfare_9/11_president_cypherpunk_Help_Watergate="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/mawKFoP3ChRH-xB7nJxOCKhAino>
Subject: [openpgp] AEAD and Rome (was: First remarks on the last I-D)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2022 16:50:24 -0000

On Mon, 13 Jun 2022 10:41, Daniel Huigens said:

> the way it is. So I think that while it's not ideal, having GCM
> (in addition to OCB) in the standard is better than not having it.

Fast wind back to the second AES conference in Rome in 2000.  PRZ and
Jon asked me to attend to talk about OpenPGP.  Aside of the MDC thing,
Phil's main fear was that we would add more and more algorithms to
OpenPGP.  We should limit that to help with maintenance in the years to
come.  Thus we agreed to add only new algorithms if they are technically
required but don't give more options than absolutely required.

Right, later we added Camellia and (NIST or Brainpool) for political
reasons.  But we also refused to accept all the new ideas about cool new
algorithms.  Even the Chinese and Russians didn't yet insist on having
their home ciphers added.

Aside of deprecating SHA-1 use, a modern and faster AD algorithm was the
main goal for RFC-4880bis.  The need to also add EAX was due to
uncertainty about the patent status in all application areas.  We
discussed this here and unfortunately had to do that.  However, it was
also clear that EAX won't be used in reality and added only to satisfy
the patent concerns which had bugged PGP over all the 30 years.

But: Adding GCM and having to drop a widely deployed and tested AEAD
cipher is just the opposite of the Rome agreement.


Salam-Shalom,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein

v2.23.0 | Report a Bug | By Email