Re: [openpgp] OpenPGP SEIP downgrade attack

Watson Ladd <watsonbladd@gmail.com> Thu, 08 October 2015 16:24 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A471E1A9104 for <openpgp@ietfa.amsl.com>; Thu, 8 Oct 2015 09:24:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1RAaJTpuWFsT for <openpgp@ietfa.amsl.com>; Thu, 8 Oct 2015 09:24:00 -0700 (PDT)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB9051A9118 for <openpgp@ietf.org>; Thu, 8 Oct 2015 09:23:54 -0700 (PDT)
Received: by wicfx3 with SMTP id fx3so36128660wic.1 for <openpgp@ietf.org>; Thu, 08 Oct 2015 09:23:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=N/j0Mg6Xs/3oh1jZrU8pNvspZR6rnTSHVQXFxQZnHMQ=; b=bF6W5BN6UUYTQIRjt7VPtAtklOqiFiY9bn9fhCjrbba6yxHfhTEhqT4AGxVSZX+Yd9 /EC53HXO1d0QqAQeCXuYLJJ6tZprdmGfBR6sg6r13VG19Lv+GtczZFoX5ci3qsjjqfY7 fblO2AmUtXaUbR0hjcRnXkhf5mjt2TY/vbWZRkHfjrDzX23Tdv2u+NJnWUP1ekwzHszV NS/xRiaSPXmt9EjcYokPgEJhu3G3VEwIk5CBF+hQUf8QjRKHrd/AiPbSrqWbfwu5kAII +/sCzbtpfNZx7AD3OSZKxWEYZufUBOdc8LmUU5lhK9QIuMIWae6XMGN3NInPcv97/XeY qlEw==
MIME-Version: 1.0
X-Received: by 10.194.175.232 with SMTP id cd8mr9724307wjc.45.1444321433094; Thu, 08 Oct 2015 09:23:53 -0700 (PDT)
Received: by 10.28.51.145 with HTTP; Thu, 8 Oct 2015 09:23:52 -0700 (PDT)
Received: by 10.28.51.145 with HTTP; Thu, 8 Oct 2015 09:23:52 -0700 (PDT)
In-Reply-To: <877fmx1ghi.fsf@vigenere.g10code.de>
References: <56128436.40607@assured.se> <87y4fh4210.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B28383@uxcn10-5.UoA.auckland.ac.nz> <87k2r04hak.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B2C5B4@uxcn10-5.UoA.auckland.ac.nz> <87si5m1ncm.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B2D532@uxcn10-5.UoA.auckland.ac.nz> <877fmx1ghi.fsf@vigenere.g10code.de>
Date: Thu, 8 Oct 2015 12:23:52 -0400
Message-ID: <CACsn0cnr3O3sqS2-zL0VDd1CKW0eZsp+ST-tG-sQd4SAf8zg_w@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>, "cfrg@mail.ietf.org" <cfrg@mail.ietf.org>, "openpgp@ietf.org" <openpgp@ietf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Jonas Magazinius <jonas.magazinius@assured.se>
Content-Type: multipart/alternative; boundary=089e013d1020f60e3a05219a496c
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/p6ADrMkbW0wCYQroT7jXW9IRjfs>
Subject: Re: [openpgp] OpenPGP SEIP downgrade attack
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2015 16:24:08 -0000

On Oct 8, 2015 12:21 PM, "Werner Koch" <wk@gnupg.org>; wrote:
>
> On Thu,  8 Oct 2015 16:59, pgut001@cs.auckland.ac.nz said:
>
> > (It's also not clear whether someone encrypting a 10k email message
with PGP
> > is going to notice it being processed at 100MB/s or 150MB/s).
>
> I heard of backups somewhat larger than that.  For mail it is anyway not a
> problem - you sign and encrypt and you are done.  Not even a need for an
> MDC.

Does this provide the right agreement semantics for both sender and
recipient? It certainly doesn't solve the security issues with CFB mode.

>
> > (I actually really like OCB and don't like GCM much, but the patent
situation
> > makes it pretty problematic).
>
> Well, for the majority of uses cases there is a gratis license grant
> from Phil Rogaway for his patents.
> Further daft-zauner-tls-aes-ocb-03.txt states:
>
>    6.  Intellectual Propery Rights Issues
>
>    Historically OCB Mode has seen difficulty with deployment and
>    standardization because of pending patents and intellectual rights
>    claims on OCB itself.  In preparation of this document all interested
>    parties have declared they will issue IPR statements exempting use of
>    OCB Mode in TLS from these claims.  Specifically - OCB Mode as
>    described in this document for use in TLS - is based, and strongly
>    influenced, by earlier work from Charanjit Jutla on [IAPM].
>
> At IETF-93 this case was mentioned and it was suggested to ask for a
> similar licenses exception [1,2] if we consider to use OCB for OpenPGP.
>
>
> Salam-Shalom,
>
>    Werner
>
>
> [1] https://datatracker.ietf.org/ipr/2647/
> [1] https://datatracker.ietf.org/ipr/2640/
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp