IETF Logo Mail Archive

Re: [openpgp] First remarks on the last I-D

Jon Callas <joncallas@icloud.com> Wed, 08 June 2022 17:47 UTC

Return-Path: <joncallas@icloud.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DD19C14CF1F for <openpgp@ietfa.amsl.com>; Wed, 8 Jun 2022 10:47:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jydT_UDOJ1OT for <openpgp@ietfa.amsl.com>; Wed, 8 Jun 2022 10:47:44 -0700 (PDT)
Received: from mr85p00im-zteg06021501.me.com (mr85p00im-zteg06021501.me.com [17.58.23.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A656C15AACA for <openpgp@ietf.org>; Wed, 8 Jun 2022 10:47:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1654710451; bh=HZM5LaykPLW2+hYmL5liNU0f4jDrurg5+EjdQmvOaVI=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=HoqsCxNoMc8DcuZUlX1ne5BuEhXlcUXizW8K5C3hONGs4Ldw9/sx641uf6bX4QTTz /Mcqowcsd5dlmWzkvmxfOMVecu9TzKOWq8yLdfQmyOTbh2a1Dmj70AFzp7hwkEH8L8 ACSLuMkd0NDQ8MVBKpw+7hvUzKgRyxGy0A/1aIiHUssmCco5+qoQxoWkzE5i4fzUxM WomJDOKvAXhrKuQ3FsugV2HHBAzdl2wTrwqG9J2xyXNNVo0QEjh0pE9r9KWMqGhtFc K6dBLhmY1ny1mIrBaVkiJCCsjjOrvW83AaKSq8O/iUiC8IjfzNx6cUubkuM5v0savL efmYYm5/9K8TQ==
Received: from smtpclient.apple (mr38p00im-dlb-asmtp-mailmevip.me.com [17.57.152.18]) by mr85p00im-zteg06021501.me.com (Postfix) with ESMTPSA id CC2E2279411A; Wed, 8 Jun 2022 17:47:30 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
From: Jon Callas <joncallas@icloud.com>
In-Reply-To: <18396bf2-5319-87c3-095e-f804632618f2@cs.tcd.ie>
Date: Wed, 08 Jun 2022 10:47:29 -0700
Cc: Jon Callas <joncallas@icloud.com>, Paul Wouters <paul@nohats.ca>, Ronald Tse <tse=40ribose.com@dmarc.ietf.org>, openpgp@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <5100C338-C6DC-4BB1-86A4-DAC353AA82CC@icloud.com>
References: <BB9D0AB9-CC8C-420E-8082-E9F64B09BF46@ribose.com> <790E2D75-3B92-4322-A72A-DC8ABED899BF@nohats.ca> <87czfji7w1.fsf@wheatstone.g10code.de> <18396bf2-5319-87c3-095e-f804632618f2@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3696.100.31)
X-Proofpoint-ORIG-GUID: 4-ILzwsFJdDrl5vAAqxshjArpNUxmC7q
X-Proofpoint-GUID: 4-ILzwsFJdDrl5vAAqxshjArpNUxmC7q
X-Proofpoint-Virus-Version: vendor=fsecure engine=1.1.170-22c6f66c430a71ce266a39bfe25bc2903e8d5c8f:6.0.138,18.0.572,17.11.62.513.0000000 definitions=2020-02-14_11:2020-02-14_02,2020-02-14_11,2021-12-02_01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 spamscore=0 clxscore=1011 mlxlogscore=999 adultscore=0 phishscore=0 suspectscore=0 mlxscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2206080071
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/nJhoWNZFeVHcoknyoURUQndLhBY>
Subject: Re: [openpgp] First remarks on the last I-D
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2022 17:47:45 -0000


> On Jun 8, 2022, at 07:08, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> 
> FWIW, my reading of the charter is that inclusion of gcm,
> if that's what the WG want, would be allowed by our charter.
> It doesn't matter so much what motivates people to want that
> (for those that do), but FIPS compliance isn't at all an
> unusual requirement for some implementers and is a reasonable
> motivation to provide if one is arguing for inclusion of gcm.
> (It's not a "winning" argument for me, but is reasonable.)
> To be clear, our charter does not require us to aim for FIPS
> compliance but I don't think anyone's made that argument.
> 
> IOW, I don't think charter text decides this topic for us.

Stephen,

I agree with the basics of what you're saying, that FIPS compliance is something that people want and often need.

However, GCM mode is not required for FIPS. It is neither necessary nor sufficient. PGP was the very first software-only FIPS 140 module, over twenty years ago. If someone is claiming that they need GCM mode for FIPS, they're mistaken. 

And for what it's worth, I'm also against using GCM mode for storage encryption in particular, and thus in OpenPGP. 

	Jon

v2.23.0 | Report a Bug | By Email