Re: [openpgp] First 4880bis drafts

"brian m. carlson" <> Thu, 05 November 2015 01:30 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2DBBB1A870A for <>; Wed, 4 Nov 2015 17:30:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_12=0.6, SPF_FAIL=0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6J5dYqonuaKb for <>; Wed, 4 Nov 2015 17:30:56 -0800 (PST)
Received: from ( [IPv6:2001:470:1f04:79::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E79261B35A8 for <>; Wed, 4 Nov 2015 17:30:55 -0800 (PST)
Received: from (unknown [IPv6:2001:470:1f05:79:f2de:f1ff:feb8:36fd]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id D493D28094; Thu, 5 Nov 2015 01:30:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=default; t=1446687054; bh=doxFep1LlNOBQRr1jjykfYVaqH7HkP1bxyRiB8Ab8MM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=wYBKglvLmsE3ub2hoqBUcXw1M+VTQMX+AMNzHG8IW8rb6RxqoUJQ8VoHlCBccmBIP iBcz303IuIErwqA5LDD9zpEonY/K1/5NSn/0YThG1ccawrvVxWNbEk7XlzPX7vBfpd heSybqpULgATQw7rgNb5+vMQAA3oqOV2lJhDRisSdPmVJH1MNYRNQbv1l1j8uF7Q73 1ZuS/mvKPj77Ia/ktWABOfRjf96lehGNscA/pX2o7RuwtC/t1ChL/HJGgJz0LQGtrm lMNPLlCX3a/0Q2qHK0ExThjp0IcbTNc+girmuJrkDQ9n7kdL9SSt6BpJ3BJ/PmAmHi NIeh2BWfDPuOZe8sePi4RD4Q4UQfzACxvUfWiwImNYFVbpc7o4UcW4NR6pmdfh1FV2 /OFWrVAkC7YH7LqRdvNhTo9fViEeheALNGYCmcl1XwEGIZe++ttpKcEOxCbRQ0057e RK8ui5Z2r4miDDulbmzDK4Ix1T9s9MFAQ5FFBIabkYDdesOPMcO
Date: Thu, 5 Nov 2015 01:30:51 +0000
From: "brian m. carlson" <>
To: Aaron Zauner <>
Message-ID: <>
References: <> <20151104182705.86af2e43c8@baae13974eb4556>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lc9FT7cWel8HagAv"
Content-Disposition: inline
In-Reply-To: <20151104182705.86af2e43c8@baae13974eb4556>
X-Machine: Running on vauxhall using GNU/Linux on x86_64 (Linux kernel 4.2.0-1-amd64)
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <>
Cc: Werner Koch <>,
Subject: Re: [openpgp] First 4880bis drafts
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Nov 2015 01:30:57 -0000

On Wed, Nov 04, 2015 at 06:34:33PM +0100, Aaron Zauner wrote:
> * Werner Koch <> [04/11/2015 12:51:25] wrote:
> > 
> >    o  Added Camellia cipher from RFC 5581.
> Hrm. I'm against this. CAMELLIA is going to be deprecated in e.g.
> TLS because barely anyone uses it. I'm explicitly excluding anything
> other than AES128 or 256 from my GnuPG config currently, I haven't
> noticed any breakage in almost a year:

As Werner pointed out, Camellia has been around for some time.  It's
also good to have enough diversity that if someone comes out with a
major attack against AES, we're not totally sunk.  Camellia is a Feistel
cipher, while AES is a substitution-permutation network, which means
that attacks are unlikely to work against both.

Currently, if AES were to be broken, TLS implementations would not
interoperate at a 128-bit or higher security level.  OpenPGP would
continue to function without much thought, which is a major asset.

I'm for deprecating algorithms which provide less than a 128-bit
security level, such as SHA-1 and 3DES.

> The ECC addition makes sense, but I'd also limit the number of
> possible curves to a few vetted ones instead of verbatim including
> all those NIST curves. For example: do we want to keep P256? Or are
> we going with a higher 'security level' alltogether? I consider this
> cruft that should be removed. Why not just use Curve25519 and
> Goldilocks?

I believe Google's End-to-End is using the NIST curves, and there are
already keys using these curves.  I think Curve25519 and Goldilocks
would be valuable due to their rigidity and the CFRG endorsement.
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187