[openpgp] draft-irtf-cfrg-aead-limits lacks EAX and OCB
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 31 July 2021 05:09 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 134603A1434
for <openpgp@ietfa.amsl.com>; Fri, 30 Jul 2021 22:09:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral
reason="invalid (unsupported algorithm ed25519-sha256)"
header.d=fifthhorseman.net header.b=n88i4aVh; dkim=pass (2048-bit key)
header.d=fifthhorseman.net header.b=rUvf6tKB
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id xq5CVEJnRhns for <openpgp@ietfa.amsl.com>;
Fri, 30 Jul 2021 22:09:10 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id AE9943A1432
for <openpgp@ietf.org>; Fri, 30 Jul 2021 22:09:10 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple;
d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019;
t=1627708146; h=from : to : subject : date : message-id : mime-version
: content-type : from;
bh=JnAcePtjj2/+7+bOj9xbGVkCEPa1SbJK1k/uSvUee+E=;
b=n88i4aVhXGn+lCV58R8g+36DFZzibnYgnGfG8VqCcQPDl5GBHfQah/4XGpR3oFnbza+ta
YqQqsTu3GWPAeKaCg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net;
i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1627708146; h=from : to
: subject : date : message-id : mime-version : content-type : from;
bh=JnAcePtjj2/+7+bOj9xbGVkCEPa1SbJK1k/uSvUee+E=;
b=rUvf6tKBgXktN4icPPtl1BkC4OKfII9+cKS19w+boHHm9jX+v9Oxa1arOyMPImm3hldSV
YTMHS5OFJsVTtldIKYgt07dWA1ClD8+fDYoZfqja57VhR5Pf/vY1Gb7rapefytqfJHgXOPe
1N+eRX0e5zCWCjj2gTPNYrk2lVtqtIcvAnGgHsVl4FsI7T7Rct5RKiByBOwKAPQw2ynvr9s
EocoZJBoVs60yiUS21hCC0mBxCFE1M170fk5qxzqNn+xM7tKoFF4ztgnMAuh9gGIbrhVms8
CzuwwYe2J5hfE1pXwr7QVNhSLJ5UgEZma3VMCIY0pZye1ShK6sVmvTFlop9A==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by che.mayfirst.org (Postfix) with ESMTPSA id E3F90F9A7;
Sat, 31 Jul 2021 01:09:05 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000)
id 6A101205EA; Sat, 31 Jul 2021 01:08:15 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org, cfrg@irtf.org
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata=
mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf
FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl
cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh
BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su
G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u
bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh
dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI
ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4
+s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE
AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ
BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+
nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He
VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+
jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N
stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh
BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk
eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH
QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA
CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b
J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX
mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR
fRxL7Z37WZXoH8AH
Date: Sat, 31 Jul 2021 01:08:14 -0400
Message-ID: <87r1fful35.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/xvBhcvFz0cjnXC3uqWOMTsah7Ms>
Subject: [openpgp] draft-irtf-cfrg-aead-limits lacks EAX and OCB
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>,
<mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>,
<mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2021 05:09:16 -0000
Hi CFRG and OpenPGP folks-- In the CFRG meeting today, i noticed that the AEAD Limits draft does not include a mention of EAX and OCB. EAX and OCB are both candidates for inclusion in the forthcoming cryptographic refresh of OpenPGP (https://gitlab.com/openpgp-wg/rfc4880bis/-/blob/main/crypto-refresh.md). I note that for OCB, RFC 7253 does include some suggestions of the kinds of limits that are appropriate. I'm not skilled enough with the kind of analysis that's happening in these drafts to tell whether the guidance in 7253 translates into the same sort of answers that draft-irtf-cfrg-aead-limits is trying to systematize. If it is, and CFRG folks find the limits in 7253 plausible, perhaps a new section in the AEAD limits draft could import the relevant figures and reference 7253? I don't know of any comparable analysis for EAX, but if anyone can point to some, i'd be interested in seeing EAX analyzed as well. Sorry to not have the chops to analyze this myself, but i'm hoping that someone in CFRG have enough capacity to at least look into it and tell me why it doesn't match. Regards, --dkg
- [openpgp] draft-irtf-cfrg-aead-limits lacks EAX a… Daniel Kahn Gillmor