Re: [openpgp] AEAD mode unverified chunks
Werner Koch <wk@gnupg.org> Mon, 23 July 2018 14:33 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0239130DD4 for <openpgp@ietfa.amsl.com>; Mon, 23 Jul 2018 07:33:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K-3wdEvfQwAu for <openpgp@ietfa.amsl.com>; Mon, 23 Jul 2018 07:33:47 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EE7C130DC0 for <openpgp@ietf.org>; Mon, 23 Jul 2018 07:33:47 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1fhbuC-0007xX-HF for <openpgp@ietf.org>; Mon, 23 Jul 2018 16:33:44 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1fhbjY-00006d-HI; Mon, 23 Jul 2018 16:22:44 +0200
From: Werner Koch <wk@gnupg.org>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Marcus Brinkmann <marcus.brinkmann=40ruhr-uni-bochum.de@dmarc.ietf.org>, "openpgp@ietf.org" <openpgp@ietf.org>
References: <df7db7b9-b661-7534-1c34-fd63ae2876d9@ruhr-uni-bochum.de> <1530428015814.83795@cs.auckland.ac.nz> <7080a271-6244-13d3-04da-d00a32766de1@ruhr-uni-bochum.de> <1530453318943.37822@cs.auckland.ac.nz> <8f10ae91-9656-4f6d-b41d-9a579b7eb283@ruhr-uni-bochum.de> <1530500589685.30228@cs.auckland.ac.nz>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Marcus Brinkmann <marcus.brinkmann=40ruhr-uni-bochum.de@dmarc.ietf.org>, "openpgp\@ietf.org" <openpgp@ietf.org>
Date: Mon, 23 Jul 2018 16:22:38 +0200
In-Reply-To: <1530500589685.30228@cs.auckland.ac.nz> (Peter Gutmann's message of "Mon, 2 Jul 2018 03:03:22 +0000")
Message-ID: <87in56ghg1.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=bank_MP5K-SD_Delta_Force_Mantis_Exon_Shell_brigand_bce_Abbas_event=s"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/wbcqDPQ6JkNi-vLwZiepFVTUQ7E>
Subject: Re: [openpgp] AEAD mode unverified chunks
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jul 2018 14:33:50 -0000
On Mon, 2 Jul 2018 05:03, pgut001@cs.auckland.ac.nz said: > security. It's just a personal preference, but I'd add a somewhat stronger > warning to the text in 5.16 for per-chunk unique/random IVs and the > consequences of not using them when some AEAD modes are used. What about this: A new random initialization vector MUST be used for each message. Failure to do so for each message will lead to a catastrophic failure depending on the used AEAD mode. Or propose a different text. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] AEAD mode unverified chunks Marcus Brinkmann
- Re: [openpgp] AEAD mode unverified chunks Peter Gutmann
- Re: [openpgp] AEAD mode unverified chunks Benjamin Kaduk
- Re: [openpgp] AEAD mode unverified chunks Marcus Brinkmann
- Re: [openpgp] AEAD mode unverified chunks Marcus Brinkmann
- Re: [openpgp] AEAD mode unverified chunks Peter Gutmann
- Re: [openpgp] AEAD mode unverified chunks Peter Gutmann
- Re: [openpgp] AEAD mode unverified chunks Werner Koch
- Re: [openpgp] AEAD mode unverified chunks Peter Gutmann