Re: [openpgp] AEAD and Rome (was: First remarks on the last I-D)
Daniel Huigens <d.huigens@protonmail.com> Mon, 13 June 2022 18:20 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BA83C15AAEE for <openpgp@ietfa.amsl.com>; Mon, 13 Jun 2022 11:20:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.11
X-Spam-Level:
X-Spam-Status: No, score=-7.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G0d_UpZg_yuD for <openpgp@ietfa.amsl.com>; Mon, 13 Jun 2022 11:20:07 -0700 (PDT)
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29722C14F74C for <openpgp@ietf.org>; Mon, 13 Jun 2022 11:20:07 -0700 (PDT)
Date: Mon, 13 Jun 2022 18:19:58 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1655144405; x=1655403605; bh=aQivP+qEB1hQzOYelmUMQsi6wlvqmIGgh4WE/L+XPqY=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=hexEhzOyFspS8oLmyO6wgyeDyW9GUJdEGgbMw2Hh2kQYI2b3C0lTvTfQh8j60FuLL UpCdzeotkqb4J6u4dWwzY/66+RgVDVZNzyxNlyhUsa6KYi14SMbjD0sRZnbZWtAybx L0vR2ae8jPYZSPq7tdJ4Q+zQnKuLNqVGTmx8mFCd/yssxNMdPQBmutq1Z5Q1WzZaMZ 8TxCgvdzxsVNfyFib4cBNaycYggiEkicpAMMZEdMSdQFwfffcIgoxF7PRbS/bGTBs2 HwyxBD5HqFfDUtQ0MMYqW/PT0F6BlDvserypGNN4HSM6E/E7me7gwrJE4KDiv0/0we a9p6lGsg2BYiw==
To: Werner Koch <wk@gnupg.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: "Robert J. Hansen" <rjh@sixdemonbag.org>, openpgp@ietf.org, Jon Callas <joncallas=40icloud.com@dmarc.ietf.org>
Reply-To: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <mAnMlR7HNIXC0Mzquewg8bVEHE9cqSkScWwn7zNyD0GBWXzr6CFS858ENPS6fPzVV7TyIbkOhgiG75aVKSuw2EBeCc_SDYpaG5IIzmDGemQ=@protonmail.com>
In-Reply-To: <87y1y0bj9r.fsf_-_@wheatstone.g10code.de>
References: <BB9D0AB9-CC8C-420E-8082-E9F64B09BF46@ribose.com> <7547a547-bb71-2bdd-f85e-91d46476bc6@nohats.ca> <54B2F360-C996-4A5D-BE3D-6EA405406C68@icloud.com> <YqPEw8OIlf0PG40T@camp.crustytoothpaste.net> <25c3a7b5-07ef-1521-1a14-43ef0c7b4043@cs.tcd.ie> <SY4PR01MB6251D365368552630ECCD720EEA99@SY4PR01MB6251.ausprd01.prod.outlook.com> <4dd0ad8b-9de7-15e6-a9ef-e0401acd69f8@sixdemonbag.org> <p_7pskU0MxbpIjGwmAUTMmFsJxjA8QRQCGDbCfrYQTSXocrlDUFDdNuHXChjBwy3RAc2eA_mRIyGFDWD6u5peNNL_F9I3yUYXAa5Khy5XqE=@protonmail.com> <87y1y0bj9r.fsf_-_@wheatstone.g10code.de>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/o6GAvsq5aYw4kvBIBsol4VX0D3w>
Subject: Re: [openpgp] AEAD and Rome (was: First remarks on the last I-D)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2022 18:20:11 -0000
Yeah. In general I agree with this goal. We haven't implemented Camellia, and to be honest, I'd love to get rid of the NIST and Brainpool curves, and keep only the CFRG curves. (As I said before I personally don't care much about FIPS compliance in general, though I know some people do.) I also wouldn't be opposed to removing EAX, I agree it's no longer really necessary. Relative to those, adding GCM adds less code and maintenance burden for us, as it's already included in the underlying crypto libraries. However, I can definitely sympathize if it adds a burden for others. I certainly wouldn't make GCM mandatory to implement. That way, only those who want to implement it can, and if it's not included in the algorithm preferences, nobody will send GCM encrypted messages to that key; and the implementation can use MTI algorithms instead. This is in contrast to public-key algorithms, where if anybody publishes a key using a given algorithm, there's no option to fall back to a MTI algorithm. Thus I think we should be more restrictive about adding public-key algorithms (and curves) than symmetric-key algorithms. However, if the general goal is to have as few algorithms as possible, I also wouldn't be entirely opposed to having only OCB. But then I would simplify the entire AEAD system and just hardcode OCB, and if we ever think that might be(come) no longer sufficiently secure, we can just define a new packet version. That would be a large overhaul, though, so I'm not sure if that's worth it at this point. And presumably the people that care about FIPS compliance would object to that. Best, Daniel
- [openpgp] I-D Action: draft-ietf-openpgp-crypto-r… internet-drafts
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Paul Wouters
- [openpgp] First remarks on the last I-D (Was: I-D… Werner Koch
- Re: [openpgp] First remarks on the last I-D (Was:… Paul Wouters
- Re: [openpgp] First remarks on the last I-D (Was:… Justus Winter
- Re: [openpgp] First remarks on the last I-D (Was:… Stephen Farrell
- Re: [openpgp] First remarks on the last I-D (Was:… Daniel Huigens
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Robert J. Hansen
- Re: [openpgp] First remarks on the last I-D Peter Gutmann
- Re: [openpgp] First remarks on the last I-D Ronald Tse
- Re: [openpgp] First remarks on the last I-D Paul Wouters
- Re: [openpgp] First remarks on the last I-D (Was:… brian m. carlson
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D Paul Wouters
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D brian m. carlson
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Peter Gutmann
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Paul Schaub
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D Robert J. Hansen
- Re: [openpgp] First remarks on the last I-D Daniel Huigens
- [openpgp] AEAD and Rome (was: First remarks on th… Werner Koch
- Re: [openpgp] AEAD and Rome (was: First remarks o… Daniel Huigens
- [openpgp] Choices for AEAD modes [was: AEAD and R… Daniel Kahn Gillmor
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Justus Winter
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Paul Wouters
- Re: [openpgp] Choices for AEAD modes Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… brian m. carlson
- Re: [openpgp] Choices for AEAD modes Ronald Tse
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Stephen Farrell
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Stephen Farrell
- Re: [openpgp] Choices for AEAD modes Werner Koch
- Re: [openpgp] Choices for AEAD modes Stephen Farrell