Re: [openpgp] First 4880bis drafts

"brian m. carlson" <sandals@crustytoothpaste.net> Thu, 05 November 2015 01:30 UTC

Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DBBB1A870A for <openpgp@ietfa.amsl.com>; Wed, 4 Nov 2015 17:30:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_12=0.6, SPF_FAIL=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6J5dYqonuaKb for <openpgp@ietfa.amsl.com>; Wed, 4 Nov 2015 17:30:56 -0800 (PST)
Received: from castro.crustytoothpaste.net (sandals-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:79::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E79261B35A8 for <openpgp@ietf.org>; Wed, 4 Nov 2015 17:30:55 -0800 (PST)
Received: from vauxhall.crustytoothpaste.net (unknown [IPv6:2001:470:1f05:79:f2de:f1ff:feb8:36fd]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id D493D28094; Thu, 5 Nov 2015 01:30:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1446687054; bh=doxFep1LlNOBQRr1jjykfYVaqH7HkP1bxyRiB8Ab8MM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=wYBKglvLmsE3ub2hoqBUcXw1M+VTQMX+AMNzHG8IW8rb6RxqoUJQ8VoHlCBccmBIP iBcz303IuIErwqA5LDD9zpEonY/K1/5NSn/0YThG1ccawrvVxWNbEk7XlzPX7vBfpd heSybqpULgATQw7rgNb5+vMQAA3oqOV2lJhDRisSdPmVJH1MNYRNQbv1l1j8uF7Q73 1ZuS/mvKPj77Ia/ktWABOfRjf96lehGNscA/pX2o7RuwtC/t1ChL/HJGgJz0LQGtrm lMNPLlCX3a/0Q2qHK0ExThjp0IcbTNc+girmuJrkDQ9n7kdL9SSt6BpJ3BJ/PmAmHi NIeh2BWfDPuOZe8sePi4RD4Q4UQfzACxvUfWiwImNYFVbpc7o4UcW4NR6pmdfh1FV2 /OFWrVAkC7YH7LqRdvNhTo9fViEeheALNGYCmcl1XwEGIZe++ttpKcEOxCbRQ0057e RK8ui5Z2r4miDDulbmzDK4Ix1T9s9MFAQ5FFBIabkYDdesOPMcO
Date: Thu, 5 Nov 2015 01:30:51 +0000
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Aaron Zauner <azet@azet.org>
Message-ID: <20151105013051.GD3896@vauxhall.crustytoothpaste.net>
References: <87lhaet2cq.fsf@vigenere.g10code.de> <20151104182705.86af2e43c8@baae13974eb4556>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lc9FT7cWel8HagAv"
Content-Disposition: inline
In-Reply-To: <20151104182705.86af2e43c8@baae13974eb4556>
X-Machine: Running on vauxhall using GNU/Linux on x86_64 (Linux kernel 4.2.0-1-amd64)
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/rIfZtyvMc4qiDJuiFa0pPp5bN_Q>
Cc: Werner Koch <wk@gnupg.org>, openpgp@ietf.org
Subject: Re: [openpgp] First 4880bis drafts
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2015 01:30:57 -0000

On Wed, Nov 04, 2015 at 06:34:33PM +0100, Aaron Zauner wrote:
> * Werner Koch <wk@gnupg.org> [04/11/2015 12:51:25] wrote:
> > 
> >    o  Added Camellia cipher from RFC 5581.
> 
> Hrm. I'm against this. CAMELLIA is going to be deprecated in e.g.
> TLS because barely anyone uses it. I'm explicitly excluding anything
> other than AES128 or 256 from my GnuPG config currently, I haven't
> noticed any breakage in almost a year:
> https://github.com/azet/dotfiles/blob/master/.gnupg/gpg.conf

As Werner pointed out, Camellia has been around for some time.  It's
also good to have enough diversity that if someone comes out with a
major attack against AES, we're not totally sunk.  Camellia is a Feistel
cipher, while AES is a substitution-permutation network, which means
that attacks are unlikely to work against both.

Currently, if AES were to be broken, TLS implementations would not
interoperate at a 128-bit or higher security level.  OpenPGP would
continue to function without much thought, which is a major asset.

I'm for deprecating algorithms which provide less than a 128-bit
security level, such as SHA-1 and 3DES.

> The ECC addition makes sense, but I'd also limit the number of
> possible curves to a few vetted ones instead of verbatim including
> all those NIST curves. For example: do we want to keep P256? Or are
> we going with a higher 'security level' alltogether? I consider this
> cruft that should be removed. Why not just use Curve25519 and
> Goldilocks?

I believe Google's End-to-End is using the NIST curves, and there are
already keys using these curves.  I think Curve25519 and Goldilocks
would be valuable due to their rigidity and the CFRG endorsement.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187