From nobody Sat Jul 1 16:55:23 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CB64129AB7 for ; Sat, 1 Jul 2017 16:55:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.699 X-Spam-Level: X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HE4Hx60B2_Ny for ; Sat, 1 Jul 2017 16:55:20 -0700 (PDT) Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D267712869B for ; Sat, 1 Jul 2017 16:55:19 -0700 (PDT) Received: by mail-it0-x22b.google.com with SMTP id k192so41074173ith.1 for ; Sat, 01 Jul 2017 16:55:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=AWgJ1ifQ6nwfFfd8RwIJ+Da8AihJP8B9Nn8jiY2Ahyg=; b=q0mj8x2l7gBMWD4jH4l64POjeVbNFfEqSRccmsW5pb8rX+AdqUDbwoIP80TaQegrK8 /Brqtw/WVH/Cu9ZGWT2RTHO3rJLdDqxjEVzLIZI7jMdw3tAb790eHvRJVpmU85AABYYW 2BPuRD7ChaJPJ6CsfePl945Oz4dADCjo2cyl4r6kNd5NSi64UrKWRRqVOMvxyREtTYGZ Ee0xGRyTm9pH5mEzxvepWcYoBVAFlI/MYJZR+KxbdBTDpqQfhtkFgXzT3kli9TJt1zqg rF0Ly/QrMh1Xlv98gu4I2663Xg+5P2p0JofLfjo03NaaegZAxc+gICz8k5GgIPw+spCq SdMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=AWgJ1ifQ6nwfFfd8RwIJ+Da8AihJP8B9Nn8jiY2Ahyg=; b=CxvYs2ngZVP2SB23/kQuxA8lmWSplfnlbPJbFFZPJlY9ZJb5Kvl6dyYUAEiTaiW875 MAA93hJnfYKdY/0w/NBIAFUKPeiTmX7mdNm6QASB7m12kOUzVL81ll9M5CaxbQfaGRuT i4PwVw7lJfnV7M3Cz/mdPbmhVPOxhuI4lTG22I02tRrmWgveIFShBVws7JUfjt6kXvTn /furPND+277PxSmyt4jhDOWXfq7JAvrL9Pw7ncKU55iDMr4TKU/FgnnH/ovU/2gh6RKJ Udfc0S2vC9jePxTK/1h1Mam4IxIx6/680DoRRIOxqAwQyhChW3XnNexsSix5EaNJS3si SBEA== X-Gm-Message-State: AIVw112ahsM5WbfL/FM+f2zA3w7+vxRJZ0MDzwa641Ln74RPRrCn3/Y+ +UQrTNJ0P085EYGDrqFkB502NIPbVPHI X-Received: by 10.36.22.5 with SMTP id a5mr8018126ita.76.1498953318760; Sat, 01 Jul 2017 16:55:18 -0700 (PDT) MIME-Version: 1.0 Sender: barryleiba@gmail.com Received: by 10.107.173.26 with HTTP; Sat, 1 Jul 2017 16:55:18 -0700 (PDT) In-Reply-To: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> From: Barry Leiba Date: Sun, 2 Jul 2017 01:55:18 +0200 X-Google-Sender-Auth: ftF4z3dvwLD3Bm_5YyWOPAPwMoo Message-ID: To: IETF OpenPGP Cc: Eric Rescorla Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2017 23:55:21 -0000 On Mon, Jun 26, 2017 at 1:42 PM, IETF Secretariat wrote: > The following draft will expire soon: > > Name: draft-ietf-openpgp-rfc4880bis > Title: OpenPGP Message Format > State: I-D Exists > Expires: 2017-07-06 (in 1 week, 2 days) This working group has an impressive record of inaction, evidenced by both the impending expiration of the group's only document and the version number's being only -01. There's been no work done here since I came into the chair position a little over a year ago. The chairs have tried to push things along in the background, but it hasn't worked. It seems clear to me that we need to accept that there's not enough interest in getting this done, and close the working group. I've CCed EKR on this by way of asking him to take action unless there's some immediate discussion that convinces us that what I say above is wrong, that there is interest, and that there will be progress very soon (in which case we would set an aggressive and firm schedule). -- Barry, as chair From nobody Sun Jul 2 13:49:17 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EB0C12EB4B for ; Sun, 2 Jul 2017 13:49:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jYGS3kFyWozq for ; Sun, 2 Jul 2017 13:49:14 -0700 (PDT) Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66D7E129AE8 for ; Sun, 2 Jul 2017 13:49:14 -0700 (PDT) Received: from quorra.local (babcom.com [216.246.132.90]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id A4E5612614B9E for ; Sun, 2 Jul 2017 13:49:13 -0700 (PDT) To: openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> From: "Robert J. Hansen" Message-ID: Date: Sun, 2 Jul 2017 16:49:11 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Sun, 02 Jul 2017 13:49:13 -0700 (PDT) Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jul 2017 20:49:15 -0000 > This working group has an impressive record of inaction, evidenced by > both the impending expiration of the group's only document and the > version number's being only -01. There's been no work done here since I > came into the chair position a little over a year ago. I was also disheartened to see that SHA-1 is still baked into this draft in a few places. I personally don't feel that designing the next generation of RFC is within my technical skillset -- I can make informed criticism, but that's a little different from saying "trust me, I know what I'm doing." But I've been waiting patiently to see drafts, and for years I've been telling people asking about SHA-1 deprecation "wait and let the Working Group do its job." I am absolutely sure there is interest in an RFC which gets rid of all SHA-1 dependencies; however, the people who are interested are not necessarily the ones who can draft a dependency-free RFC. I feel let down. I'm fairly sure there are others who feel similarly. From nobody Sun Jul 2 16:25:52 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8637F12F280 for ; Sun, 2 Jul 2017 16:25:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qTw7TsfSdAMr for ; Sun, 2 Jul 2017 16:25:49 -0700 (PDT) Received: from castro.crustytoothpaste.net (sandals-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3f1::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 093661200FC for ; Sun, 2 Jul 2017 16:25:49 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id D569F280AD for ; Sun, 2 Jul 2017 23:25:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1499037946; bh=ERgGZLZC9XYEE6hb4T2CfaH6uJhQCtbPdvGyN8asKgw=; h=Date:From:To:Subject:References:In-Reply-To:From; b=qFI/Lby+RiSzJCIzLKKc6z2fTiQX/5BA4I1L96aXTS7AlT6BmgXrhXmbABMR79P8Z dna0Gky8o/XRzE86n8a5Jt9WAnAcqANiXoY0QNqxnmAMUydrCWsUWwqUWdfvtNPe98 nSfcx9dOrHgLH9EW3DrSdHknc8kEH9iZYUoLxAzB58alWXFbOt9yfMZc/rLzXM6Ofz Ws8AbE3Lfy33mClGCvJ/ZJ0N3YFBfcAJbsH/zQ0UZqYQf/XKLOesIc7LNquhuWjH2x 2mOU+8UdiRmokeyw+TtaWLjN+fiwOcS2n2XmxuwG6QkEcxJcY1U7ypzYboUIvVdSO9 SQ/FG5hOAh9bnUUTDUa/kG9JOmnGwPZHJ0/a9jXGcXoUi+1m+Nxolu057BSpT0sB1v gmN2X3wBnAeIE0QKCmo51ufMLwavskSTDqK9KzHfniU1GdP6uSSvb9BdwAiIebRkSM GAn8bYUX/hSOq0EzWUI0nayDLgKEi2jv1yYX34oafNgXF429miP Date: Sun, 2 Jul 2017 23:25:42 +0000 From: "brian m. carlson" To: openpgp@ietf.org Message-ID: <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="dxndqqasn34z6yvo" Content-Disposition: inline In-Reply-To: X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.9.0-3-amd64) User-Agent: NeoMutt/20170609 (1.8.3) Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jul 2017 23:25:50 -0000 --dxndqqasn34z6yvo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jul 02, 2017 at 04:49:11PM -0400, Robert J. Hansen wrote: > > This working group has an impressive record of inaction, evidenced by > > both the impending expiration of the group's only document and the > > version number's being only -01. There's been no work done here since I > > came into the chair position a little over a year ago. >=20 > I was also disheartened to see that SHA-1 is still baked into this draft > in a few places. >=20 > I personally don't feel that designing the next generation of RFC is > within my technical skillset -- I can make informed criticism, but > that's a little different from saying "trust me, I know what I'm doing." > But I've been waiting patiently to see drafts, and for years I've been > telling people asking about SHA-1 deprecation "wait and let the Working > Group do its job." >=20 > I am absolutely sure there is interest in an RFC which gets rid of all > SHA-1 dependencies; however, the people who are interested are not > necessarily the ones who can draft a dependency-free RFC. I'm happy to try to contribute more in an effort to get the WG where it needs to be. However, I think the WG as a whole needs to provide more input and response to ideas and drafts, including useful text that can be incorporated by the editors, so that we can move forward at a reasonable rate. --=20 brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 --dxndqqasn34z6yvo Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (GNU/Linux) iQIzBAABCgAdFiEEX8OngXdrJt+H9ww3v1NdgR9S9osFAllZgPUACgkQv1NdgR9S 9osD9g/+Jl+pE2ECAymai3gBYeOckAuq58cndTBiobOuYvTAqKNrga8bc0FRYaj/ eVkmX1FoBFMDtjZl0cBYWSfXze+oQPCo942pHOZk9u3DJjmDtHFZ7I76ulZP9xp1 lKFMW4Fml5gAFV1fAYIz8eIXfbcjIeq6R3tVc09EPD79UfunuRyYvGzgzlX6HUMY OOShJDJ7uyum0F9fE0mN3Go8OeTm0JePdgwvoblGhS/IZmYOcpsgOQsa7Whwjwir Co4VAHlYp0v617E2Z+UVXy3vPvdwHDHUUO1+6YTGTSdXRpdY3GFYtVRqsXYOArJx gfbdq4jM7bQIJ4Qwzww+XZ2oFU5Ivbwgk9mGCYs2+KExIRR5AI7AMLH7IN0ewYNq +//g+NLPGl2lV5suaLYRFbimSw1H77jhpM8S604oJ/nCJsn2YE5kGCRRSCdhNUe3 bV52Axes8Hhv1tkT1YBCF4P3oEqkrQA1JotYpbV2CBa98iyrn/rg5u4oW2Z26gNJ 5srb67f95Z+9XXiZj4J7BudlNTkonJDqJvYS/qY4/otfT9R/95ly1GMz1RJBx0N1 Akye8jTycaPTtJOsSnP1Cd+qSrhuHfG9yB6jEymqSdUPos+Njvcbf7jOj4FRr+QW axAAFJ6RPc3+d9SgB2JEHpWnnb/npHtKHzVW8DUKDzXz6AgM+S0= =MMK5 -----END PGP SIGNATURE----- --dxndqqasn34z6yvo-- From nobody Sun Jul 2 21:45:13 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5383412EC16 for ; Sun, 2 Jul 2017 21:45:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvgzV5Ex8wda for ; Sun, 2 Jul 2017 21:45:09 -0700 (PDT) Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BA8A1293D6 for ; Sun, 2 Jul 2017 21:45:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1499057108; x=1530593108; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=uEySmxpABHk/3zN6SF+Tw0mpl4HwntEHFlat2yn6ikw=; b=Rb+o700hQ5nslDnrWhUuKAgDVBOT9inp7cX0hl2v6XLe9h35dQj8Lfsf jH8h1TV1zkyTSuyrCfsQpLxql666L29G0z7uUioKVyUdFZVcbB9iM21QQ /gwI9sDPfN9u1eATTNn+YFMOydrvBzqmLIjTfHGb/O/vFGCm3pNP5fTGP nIhZII9JGEGh0DB6E1TPSQJpq3itJWfXLXXWcT6x6Aznc6DFRZtaifh/q Rs1toes5c74Y/e8MHAqiKQ/Bd/7IQjjWWn83OAe6v76YWefdA2zcOfn+X m2X4evH4CU3R+OT+SeMHV/2d0ITPiaVr9IuKLmE9rjlUX0+898qi+nKm1 g==; X-IronPort-AV: E=Sophos;i="5.40,301,1496059200"; d="scan'208";a="162932563" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.2.3 - Outgoing - Outgoing Received: from uxcn13-ogg-b.uoa.auckland.ac.nz ([10.6.2.3]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 03 Jul 2017 16:45:05 +1200 Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-ogg-b.UoA.auckland.ac.nz (10.6.2.3) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 3 Jul 2017 16:45:05 +1200 Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::6929:c5b:e4d6:fd92]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::6929:c5b:e4d6:fd92%14]) with mapi id 15.00.1263.000; Mon, 3 Jul 2017 16:45:05 +1200 From: Peter Gutmann To: "Robert J. Hansen" , "openpgp@ietf.org" Thread-Topic: [openpgp] Expiration impending: Thread-Index: AQHS8sWFHqU4dlQfBk+AeHmoJilhxqJAOpqAgAFN6v8= Date: Mon, 3 Jul 2017 04:45:04 +0000 Message-ID: <1499057065761.45702@cs.auckland.ac.nz> References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> , In-Reply-To: Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 04:45:12 -0000 Robert J. Hansen writes:=0A= =0A= >I was also disheartened to see that SHA-1 is still baked into this draft i= n a=0A= >few places.=0A= =0A= That's not necessarily a problem, it's perfectly OK PRFs, MACs, and similar= =0A= situations, you just want to move away from it for signatures.=0A= =0A= Peter.=0A= From nobody Sun Jul 2 21:48:11 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0422D12EC16 for ; Sun, 2 Jul 2017 21:48:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wp0vAbJYGnYa for ; Sun, 2 Jul 2017 21:48:08 -0700 (PDT) Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA20D1293D6 for ; Sun, 2 Jul 2017 21:48:08 -0700 (PDT) Received: from quorra.local (babcom.com [216.246.132.90]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id 610BB12668DB1 for ; Sun, 2 Jul 2017 21:48:08 -0700 (PDT) To: openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <1499057065761.45702@cs.auckland.ac.nz> From: "Robert J. Hansen" Message-ID: <8a82ac55-0b13-70de-87c4-2b689cddac1c@sixdemonbag.org> Date: Mon, 3 Jul 2017 00:48:07 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <1499057065761.45702@cs.auckland.ac.nz> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Sun, 02 Jul 2017 21:48:08 -0700 (PDT) Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 04:48:10 -0000 > That's not necessarily a problem, it's perfectly OK PRFs, MACs, and > similar situations, you just want to move away from it for > signatures. Yes, but removing it cuts down on the amount of (wholly inappropriate) fearmongering that gets thrown around by the ignorant whenever SHA-1 is mentioned. OpenPGP adoption is slow enough already; continued use of SHA-1, even where it's safe, seems contraindicated. From nobody Mon Jul 3 02:11:43 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7D71131480 for ; Mon, 3 Jul 2017 02:11:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id glPLMx_8Bjll for ; Mon, 3 Jul 2017 02:11:34 -0700 (PDT) Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EC8313146A for ; Mon, 3 Jul 2017 02:11:29 -0700 (PDT) Received: from localhost (p5B11C77D.dip0.t-ipconnect.de [91.17.199.125]) by mail.mugenguild.com (Postfix) with ESMTPSA id 4C3BB5FA43 for ; Mon, 3 Jul 2017 11:11:27 +0200 (CEST) Date: Mon, 3 Jul 2017 11:11:25 +0200 From: Vincent Breitmoser To: openpgp@ietf.org Message-ID: <20170703091033.5am2l4qs42ntkhpm@calamity> References: <87varlou5m.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87varlou5m.fsf@wheatstone.g10code.de> User-Agent: NeoMutt/20170113 (1.7.2) Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 09:11:37 -0000 Hi, (also picking this up from the expiry thread:) It has been a while since this thread died down, and it looks like the topic of the v5 fingerprint format turned out to be somewhat of a blocker for 4880-bis as a whole. Compared to many other changes, the overall deal of consensus vs. necessity vs. usefulness vs. ecosystem complexity for this issue doesn't seem that good. However, we *do* have a bunch of things that we have easy consensus on (many of which are in the first draft!), and that would be helpful to have in the spec. It would be a shame if those things were blocked by our inability to finish the fingerprint discussion. So I'd like to put a new proposal on the table: we stick with the v4 fingerprint format, and focus on other topics. - V From nobody Mon Jul 3 08:59:10 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F795131699 for ; Mon, 3 Jul 2017 08:59:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OBEEzn1b3Efo for ; Mon, 3 Jul 2017 08:59:07 -0700 (PDT) Received: from castro.crustytoothpaste.net (castro.crustytoothpaste.net [75.10.60.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B154B12EC3E for ; Mon, 3 Jul 2017 08:58:53 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 065D3280AD for ; Mon, 3 Jul 2017 15:58:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1499097532; bh=aNuMPd6SSyd3u9LTghHO38hiThZbPbJPuaGiKlH5IVI=; h=Date:From:To:Subject:References:In-Reply-To:From; b=A1yGW8X3yblKHqzyjcG7G9YZM48T0i3KqlumfSoZSIHwVtMIySwE+pda96TRIP6TR UC+SVpDAaLIib6fRHEo7ReKqIqaXtfaEjsbvmFLwtDr928shZLGCnPnOiww+1Q1p+g AV6nK45aIldT6ztQlu2TSRKA1UHMTCTNmjx3l8SPxa1EdwR6Le+KvbGKhIvA8WFSUn kNauvp2yXwXNSLRq+IGkN+9/9TmbYlGhWbBMwYlEi+QNFqxMx3NU24bKc6PsG53rhR iXY6Jj91Xcys9vsh2pzGzUN8yO3Wh+hc9a+xTvJisejVL+N2fC2qwnQffgbPk3Sh84 1g0pxLaIZS7bewA1WnsiiUkVxTYtFCv8JkqklqcMe4g9hYvZb9Lm66CHcipE4GyuwV ZxQqi9HEg3H9WD7is4dCttdn672cYOU8DlZrEgbUpL+jjVJ/brmcqP5KUOysw+lsy1 RWu5uh4Fm/FFXia8JAIHexNsM4QQgGQBd/zYjaC+71VgRyJ5BYp Date: Mon, 3 Jul 2017 15:58:47 +0000 From: "brian m. carlson" To: openpgp@ietf.org Message-ID: <20170703155846.63pgtblxycggni46@genre.crustytoothpaste.net> References: <87varlou5m.fsf@wheatstone.g10code.de> <20170703091033.5am2l4qs42ntkhpm@calamity> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ytsj3krzx2achauf" Content-Disposition: inline In-Reply-To: <20170703091033.5am2l4qs42ntkhpm@calamity> X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.9.0-3-amd64) User-Agent: NeoMutt/20170609 (1.8.3) Archived-At: Subject: Re: [openpgp] Version 5 key and fingerprint proposal X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 15:59:09 -0000 --ytsj3krzx2achauf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 03, 2017 at 11:11:25AM +0200, Vincent Breitmoser wrote: > Hi, >=20 > (also picking this up from the expiry thread:) >=20 > It has been a while since this thread died down, and it looks like the > topic of the v5 fingerprint format turned out to be somewhat of a > blocker for 4880-bis as a whole. >=20 > Compared to many other changes, the overall deal of consensus vs. > necessity vs. usefulness vs. ecosystem complexity for this issue doesn't > seem that good. >=20 > However, we *do* have a bunch of things that we have easy consensus on > (many of which are in the first draft!), and that would be helpful to > have in the spec. It would be a shame if those things were blocked by > our inability to finish the fingerprint discussion. >=20 > So I'd like to put a new proposal on the table: we stick with the v4 > fingerprint format, and focus on other topics. Since I was one of the ones that proposed alternatives, let me say that I'm happy with Werner's proposal as it stands. I did see one issue with a "0x99" where it should have been "0x9a", but that's an editorial issue. My sense of the group is that we want to move away from SHA-1 where possible, and I think Werner's proposal gets us to that point. --=20 brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 --ytsj3krzx2achauf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (GNU/Linux) iQIzBAABCgAdFiEEX8OngXdrJt+H9ww3v1NdgR9S9osFAllaabYACgkQv1NdgR9S 9ovGoA/9HLx1/mCqxw85PYjSRhbvS3pkj4Q3kWKq8rrmGkbBMqkwg+J/XoRjXQsy uA0YtBPGKkN6fn9FV4DIUqUxKQ12T/582W7Cbbz/4x+d57XT3vH7+4yTWkOQBPJR EIDAKdr2/NlSXutjLyK+Trqrll6+veHzOyQYDzsk9o2HbdjqpCmX7qsHMiwjP2dD Jp98vhY+JKJDAYMc/kagnuEEYf4N6cGT6hV2LlErWr2207UOBcCF154xzuW9MRhv tlnMc+ftxOzwwQGZ/T7+U8VQGuR3vjNG4dl9yrot4CmpFifS+dn4b/EQRGWqCwLY hSTsgDDzTHxH3CkrlBsSHYzayAQaOfCtxYkrwR+e+5E84tpNowxGZs3bRXmmdEwn 6wlpT1vPky7epbjc6oWwpqzf0K7uJl9zGCgVV8kNVRMRYPFLwc5JKdfekth414Xj E0/B8MrJITd8GymXDKZdVDjViGstv7W1V+pNLMWgQt/X08o203sutEPeEg8t7z3p YjpVd3j+1jy1PmK3ak6aykKehJSguQEdphrKjqlfKN41xq2tyswPB8x3P9KJ6Y4s 3yIiPq+UYr2izhFLZiMPOoUIyGsA9BXiS7Q7NXIxOjlNrzsbqfPD+KP6kdLyKhUw OUDalXgkHhfcVsqEVtzXJNi5XH6WTe/QnT7g++CAXC86xbl3JWo= =lAX/ -----END PGP SIGNATURE----- --ytsj3krzx2achauf-- From nobody Mon Jul 3 09:01:05 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91F8212F253 for ; Mon, 3 Jul 2017 09:01:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k6C_XuJ72-oB for ; Mon, 3 Jul 2017 09:01:01 -0700 (PDT) Received: from castro.crustytoothpaste.net (sandals-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3f1::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89706131699 for ; Mon, 3 Jul 2017 09:01:00 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id CA4AD280AD for ; Mon, 3 Jul 2017 16:00:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1499097659; bh=rn8j3cXozGfFN34TESrYBLtvZUl/Im/BQj3aUt7q1oo=; h=Date:From:To:Subject:References:In-Reply-To:From; b=npxf4bhjo+zVDSdpK4k/38h1cF3hzfnGVI/VjDFFOgTbsGGNa6kZkeGABzJ/JGgpM 1HNqLAnqDJZ5AkUVRiM2DtKNfJLJZ1E+QXK0D/b4H6b7XTwnXb20H6Cn352eqJFb3b zlpaFof0kY/gp+7yXp5tq85zHsFKdWAaWdO+QHIo2goZu3oqjvDAPor799/cJjKGuX EIQTuzKF4csNyvmtG36xquwaxmKIB61ZlMeRJ/c1akYSENauxxLZ56Hq+IJrizGGn1 gMLa7LylmGoWQTsYWMrIDjsupJx4Oe/phJ3CICQmwb8OjI3TPsj0b5re1bHycdPtTi KQoN0FzvMMDnMPqpMMGwicUw0egfyWqf3UoUO6nw7adrX6Eoy3lbUl87fHVPDDSyca v7EElH7GyEC7FpBY9VNRIQmP1hNZ4EJ4aODr8SP4LjJuNZJeoXevKX2aqClnjMy5/a qzoRHltCAG/KuxeIwKvWmjOAl8iUgdefkF1AeIpla281dzTPSNV Date: Mon, 3 Jul 2017 16:00:56 +0000 From: "brian m. carlson" To: openpgp@ietf.org Message-ID: <20170703160056.e4a2chvq6qvki4a4@genre.crustytoothpaste.net> References: <20170521234302.gb3qc66zwwchr24j@genre.crustytoothpaste.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="tgyaq5yj5a4pcdr3" Content-Disposition: inline In-Reply-To: <20170521234302.gb3qc66zwwchr24j@genre.crustytoothpaste.net> X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.9.0-3-amd64) User-Agent: NeoMutt/20170609 (1.8.3) Archived-At: Subject: Re: [openpgp] AEAD encrypted data packet with EAX X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 16:01:04 -0000 --tgyaq5yj5a4pcdr3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, May 21, 2017 at 11:43:02PM +0000, brian m. carlson wrote: > I have a proposed pull request for a streaming AEAD encrypted data > packet using EAX mode[0]. I will send a patch shortly. >=20 > EAX is a block cipher mode combining CTR mode and OMAC. It is similar > to CCM and is considered secure. It can be easily implemented securely > in a variety of languages using the CBC and CTR modes available in most > cryptographic libraries. >=20 > The packet allows for fixed-sized chunks from 64 bytes to 65536 bytes > (or larger) in size and also permits streaming. It contains truncation > detection at the cost of 16 bytes of buffering. >=20 > I retained the AEAD algorithm octet so as not to need to overload one > octet with cipher type and AEAD algorithm. This allows us to use > something like Poly1305 with both AES and ChaCha20 in the future. >=20 > I welcome feedback on this proposal. If it's determined to be viable, > I'd also like to see adjustments to the SKESK and Secret Key packets to > add AEAD support. Were there opinions on this proposal? Do people like it, dislike it, not care, etc? I'm happy to try to revise or let the editors do that, but it would be useful to get some feedback on it at all, even if it's that people hate it and want something else. --=20 brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 --tgyaq5yj5a4pcdr3 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (GNU/Linux) iQIzBAABCgAdFiEEX8OngXdrJt+H9ww3v1NdgR9S9osFAllaajgACgkQv1NdgR9S 9ou52Q/+PzWl7djbzZfMTY7uXyiz4MEqJKkP2SB2EKbPD5ImscJSHY76y6yq/pl5 nfcntcgouh9vwgT0ShinrAkkz+FidYboOpV9unBVj/V0lcANCtOjDG30eByNRGtw JNpQQ/EE3/28RDJ8L62swnwuQQhFdrygaYoK++snwAuJaybUilKsMSv9U12FV6QC vn0azJZPqOY9jBdMRHEt/gyaDZ3CSys4Fsp8PQc13RBf4QeYyc/IP4b2yyhNNo8r H3M7RaawvYY/YDgSVVhN1cNvxHiE6eDXXwVFHtg6w+3ncFx+Ug9xBE6bOtTlXZiW o62niZzlaTvHCYCZ1HYQNz/b81BzPYntu67paCa++pzGKJyOOcPRVGBFL4P10jx3 gKaJ9zL2G8RzG4KZ949eMTjNyHRgGQd8hUnYBjdWHQ/N8YGkmQAzD2wBE7MC9mLU BsYBzzQPsAPNjYkeN1IZ097bxXoSQQYKwT5YcVZi6AL61HQkPnKIBm/iAjQo28Ww xzeTTfhS4cs09e2ySZI37hnyKrDPN4DDvX5uZ0ICf5GZlPe7VJ+MSPfSfK/3GIQ7 Ie1iG7rLz6iBKpjfPSObN0tn3SE9IEWQ1tz592IbwT+YnFhuJSbQ+jY6ypttuGIt W6jFPvapbfW3SHqjZmU30z6z82pFI0nGdHL6EpFC+6yqS7nl9hs= =NYFm -----END PGP SIGNATURE----- --tgyaq5yj5a4pcdr3-- From nobody Mon Jul 3 09:49:36 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC95C12F3D5 for ; Mon, 3 Jul 2017 09:49:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qc1SbVNg1pKI for ; Mon, 3 Jul 2017 09:49:32 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8940213147C for ; Mon, 3 Jul 2017 09:49:31 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1dS4XR-0003pE-U8 for ; Mon, 03 Jul 2017 18:49:29 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1dS4PP-0003ci-W9; Mon, 03 Jul 2017 18:41:12 +0200 From: Werner Koch To: "brian m. carlson" Cc: openpgp@ietf.org References: <20170521234302.gb3qc66zwwchr24j@genre.crustytoothpaste.net> <20170703160056.e4a2chvq6qvki4a4@genre.crustytoothpaste.net> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "brian m. carlson" , openpgp@ietf.org Date: Mon, 03 Jul 2017 18:41:11 +0200 In-Reply-To: <20170703160056.e4a2chvq6qvki4a4@genre.crustytoothpaste.net> (brian m. carlson's message of "Mon, 3 Jul 2017 16:00:56 +0000") Message-ID: <871spxtqvs.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=Venezuela_Plame_BLU-97_A/B_Dick_Cheney_Geraldton_Abu_Ghraib_AIMSX_cs"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] AEAD encrypted data packet with EAX X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 16:49:35 -0000 --=Venezuela_Plame_BLU-97_A/B_Dick_Cheney_Geraldton_Abu_Ghraib_AIMSX_cs Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 3 Jul 2017 18:00, sandals@crustytoothpaste.net said: > Were there opinions on this proposal? Do people like it, dislike it, I have an opinion on your proposal but wanted to give others time to reply first ;-). I have had too many other open tasks this year so that my editorial work was too much delayed, I am sorry for this. I have two points, briefly: 1. The prior discussion showed that it will be hard to find a common conclusion on what algorithm to use. Thus instead of having one fixed algorithm, I will propose a modification to make the new packet format extensible. I know that this had a lot of drawbacks and having only one algorithm would be far better than a bunch of algorithms which we may all need to implement. But the advantage of allow other algorithms will give the implementers more options to to show in practice the advantages of different algorithms. 2. We really should have a way to early detect a corrupt message - not necessary an attack but for example a bit flip somewhere on the channel. Inserting a running checksum (say, every 1GiB) would solve this. Obviously this depends on the algorithms, so that the existing cipher state can be used for such a checksum. A hackish way to that could be to take the internal state of the algorithm, hash it and insert it into the stream. A cleaner solution would require several concatenated cipher streams. Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=Venezuela_Plame_BLU-97_A/B_Dick_Cheney_Geraldton_Abu_Ghraib_AIMSX_cs Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWVpzpwAKCRD/gK6dHew1 jWbjAP9b/WHcpJN1Bz4V+kkgjuUCi2AZ4hIhj95wZF9qCy51XQEAp3v90ppwuW4d SxaN6kZLya+NdWSnjNhnUlmAYvb/dww= =Uq4l -----END PGP SIGNATURE----- --=Venezuela_Plame_BLU-97_A/B_Dick_Cheney_Geraldton_Abu_Ghraib_AIMSX_cs-- From nobody Mon Jul 3 10:06:38 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DBF7129503 for ; Mon, 3 Jul 2017 10:06:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7bRej2JRkvX8 for ; Mon, 3 Jul 2017 10:06:34 -0700 (PDT) Received: from castro.crustytoothpaste.net (castro.crustytoothpaste.net [75.10.60.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96E041267BB for ; Mon, 3 Jul 2017 10:06:34 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 9B6B1280AD for ; Mon, 3 Jul 2017 17:06:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1499101593; bh=UhgBseBwAMEckEHEfNUGH3AbimM9h2o7UBbH7+Jrg/U=; h=Date:From:To:Subject:References:In-Reply-To:From; b=jMLEyD6Lww4muOEjacjYM4563rBUUn2aNYRl2abIjHUzurho/BsYU2kt3rg0+CO0E r449igjoW61gHGj00I455CIY5cjio75OQZfHib41kR6p3ggURQBGjwoVB2l1lEFbiO pmXNFnhjO36nKapqb8y8cNN9XMDPqflYpylUiS1eKt+DDmHrSo9r0pyWR7jkyNG5lL rqo9hJhEKeKuwujh4F+ht0xuEBkqOUt7y39QD8dTC8Q4b9UtMQ4vbq1t3Yn0UlETyo XkMzEvJ3FUicSxPT/cCFF5JWxhh/vp8VC5XMdwqU/n7XExuJ6U8kaXjSKYzyMNGvzs Uey+Ruqydm+VXeMEBscjb6FRj49mh52dOHt5ctiqf4w7Q+a4+PBwqMy8JCQerfpCFs Jd2ky8baJAWHnoOLQtxI4UKnsDTkLGkdavTwc0CyY01BKblrcOm8PKGdoSZNVBtbtN 9moz9cg4wZ4+6nG9oCAzsVGx2P7AD/qzD9+hFAAiEStWJCqTD4p Date: Mon, 3 Jul 2017 17:06:28 +0000 From: "brian m. carlson" To: openpgp@ietf.org Message-ID: <20170703170628.6wn5r4o7d7c4gwdh@genre.crustytoothpaste.net> References: <20170521234302.gb3qc66zwwchr24j@genre.crustytoothpaste.net> <20170703160056.e4a2chvq6qvki4a4@genre.crustytoothpaste.net> <871spxtqvs.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="f6ugfscfcxqj7fft" Content-Disposition: inline In-Reply-To: <871spxtqvs.fsf@wheatstone.g10code.de> X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.9.0-3-amd64) User-Agent: NeoMutt/20170609 (1.8.3) Archived-At: Subject: Re: [openpgp] AEAD encrypted data packet with EAX X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 17:06:37 -0000 --f6ugfscfcxqj7fft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 03, 2017 at 06:41:11PM +0200, Werner Koch wrote: > On Mon, 3 Jul 2017 18:00, sandals@crustytoothpaste.net said: >=20 > > Were there opinions on this proposal? Do people like it, dislike it, >=20 > I have an opinion on your proposal but wanted to give others time to > reply first ;-). I have had too many other open tasks this year so that > my editorial work was too much delayed, I am sorry for this. >=20 > I have two points, briefly: >=20 > 1. The prior discussion showed that it will be hard to find a common > conclusion on what algorithm to use. Thus instead of having one > fixed algorithm, I will propose a modification to make the new packet > format extensible. I know that this had a lot of drawbacks and > having only one algorithm would be far better than a bunch of > algorithms which we may all need to implement. But the advantage of > allow other algorithms will give the implementers more options to > to show in practice the advantages of different algorithms. Yes, I tend to agree. Did you feel the existing extensibility mechanism in my proposal (cipher algo, AEAD algo, chunk size) was insufficient or did you have something else in mind? > 2. We really should have a way to early detect a corrupt message - not > necessary an attack but for example a bit flip somewhere on the > channel. Inserting a running checksum (say, every 1GiB) would solve > this. Obviously this depends on the algorithms, so that the existing > cipher state can be used for such a checksum. A hackish way to that > could be to take the internal state of the algorithm, hash it and > insert it into the stream. A cleaner solution would require several > concatenated cipher streams. I think my proposal actually implements that. Since my chunk proposal contains the chunk index (basically, an incrementing counter), as long as we have the key, we can immediately tell if any chunk is corrupt simply by knowing the chunk size and authentication tag length. That allows random-access to data if, for example, you know that all of your data is uncompressed tar archives. If we want something simpler in addition, we could reuse the CRC24 as most implementations will require it for the ASCII armor format. --=20 brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 --f6ugfscfcxqj7fft Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (GNU/Linux) iQIzBAABCgAdFiEEX8OngXdrJt+H9ww3v1NdgR9S9osFAllaeZQACgkQv1NdgR9S 9osVXBAAxcrB8TEC5TNDc2Z6/Ssobop2uZfCWOF7Py0F24iv6QS6bVfx9HtVCvR5 tN3BkpwQX29/684F3T/c/ltCO0hNBM5zjxYnSR6rSe7Hq4CpeuNAzfNgIFjzduly O/SbGzRsPSDhqGliBkbQduM2N32PRzdn7pK/0/f0q9eB1Ko71++hoTT2vpFgW7MK cZKvzpP28IdsYXhUyWULU6HXhddEvmLO5SKKLGON43ZGdMRCEVoU5gLW4AgLyehx nDU432MIuN9U8xE81ZHdDmryam0kgjy4FzgIk6/ifXeX70Gs/9C5Mywb+jMHwliH nNQnkYpxLrdCfZhFuFN0GMwy25Hh3GqkJ6If8+fJ8jcKPR6EEuENKbIHJvIJcLKJ gbhttcl3q+v1DSjiNRq5NueciWBzqR3vNj0SkklG8CU7liJfNjrGjtFJbUkvDkr3 ktSv+dy8mku94xTtDXWPNdayEQcBr0uAU1KhM+prMEUKZmqmOH9mkgUqdQw97roI d9Qxusf2w/4H8p+DvmkaprxsJLxT6SwLpiWv0xKboOX4FYfKw77+IBRIvcGxVzQo +EYQNYLscV1gC1HbVUTikxuO9ci+LkzzCHIT2On5xjBYizJWsnta1Jk3TrWqv8Hw HqT/Z7JfR54nWNGbEveD1NuqMLGlFOoe1goPUYsOpz0oJUPozMc= =/gZ4 -----END PGP SIGNATURE----- --f6ugfscfcxqj7fft-- From nobody Mon Jul 3 11:24:35 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ACE612783A for ; Mon, 3 Jul 2017 11:24:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qv1GI2dx5dXM for ; Mon, 3 Jul 2017 11:24:32 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CC2812ECAD for ; Mon, 3 Jul 2017 11:24:32 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1dS61O-0005Yz-3R for ; Mon, 03 Jul 2017 20:24:30 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1dS5wp-0004IF-1u; Mon, 03 Jul 2017 20:19:47 +0200 From: Werner Koch To: "brian m. carlson" Cc: openpgp@ietf.org References: <20170521234302.gb3qc66zwwchr24j@genre.crustytoothpaste.net> <20170703160056.e4a2chvq6qvki4a4@genre.crustytoothpaste.net> <871spxtqvs.fsf@wheatstone.g10code.de> <20170703170628.6wn5r4o7d7c4gwdh@genre.crustytoothpaste.net> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "brian m. carlson" , openpgp@ietf.org Date: Mon, 03 Jul 2017 20:19:46 +0200 In-Reply-To: <20170703170628.6wn5r4o7d7c4gwdh@genre.crustytoothpaste.net> (brian m. carlson's message of "Mon, 3 Jul 2017 17:06:28 +0000") Message-ID: <87shids7r1.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=passwd_Glock_cracking_RSA_Al_Jazeera_counter_terrorism_Maple_AMW=Att"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] AEAD encrypted data packet with EAX X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 18:24:34 -0000 --=passwd_Glock_cracking_RSA_Al_Jazeera_counter_terrorism_Maple_AMW=Att Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 3 Jul 2017 19:06, sandals@crustytoothpaste.net said: > Yes, I tend to agree. Did you feel the existing extensibility mechanism > in my proposal (cipher algo, AEAD algo, chunk size) was insufficient or > did you have something else in mind? Frankly, I answered out of my memory without reading your proposal again. Let's see: * A one-octet chunk size. This is general enough for all algorithms. * A starting initialization vector of size specified by the AEAD algorithm. This value MUST be unique and it MUST be unpredictable. This seems to be specific for the selected AEAD mode. Thus I would prefer to put this into an algorithm specific section. For ease of describing it might be easier to put the next two items also into such an AEAD specific section. > I think my proposal actually implements that. Since my chunk proposal > contains the chunk index (basically, an incrementing counter), as long > as we have the key, we can immediately tell if any chunk is corrupt Right. I would prefer to have this algorithm specific, though. Your description says: The chunk size octet specifies the size of chunks using the following formula (in C), where c is the chunk size octet: chunk_size =3D ((uint64_t)1 << (c + 6)) An implementation MUST support chunk size octets with values from 0 to 10. An implementation MAY support other chunk sizes. Chunk size octets with values larger than 127 are reserved for future extensions. Thus this allowed for chunks from 64 to 65536 octets. Given that larger values are optional, implementations will need limit C to 10. I consider this too low for practical purposes. We should require all implementations to support the same range. Given that we have a 64 bit counter the maximum value for C should be 57 =2D I would even say 56 so that we avoid signed and signed problems in the number of octets. > If we want something simpler in addition, we could reuse the CRC24 as > most implementations will require it for the ASCII armor format. Better not. That requires to run a second algorithm over the data. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=passwd_Glock_cracking_RSA_Al_Jazeera_counter_terrorism_Maple_AMW=Att Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWVqKwgAKCRD/gK6dHew1 jUFoAP9TDsVymw0174Dc9Uld0i9wIZslPvNl80dixSumx8ndLwEAnDLUN2TLXrai E0j0GF4RrYydLPR+aB14QLtzGQADdAI= =2YK+ -----END PGP SIGNATURE----- --=passwd_Glock_cracking_RSA_Al_Jazeera_counter_terrorism_Maple_AMW=Att-- From nobody Mon Jul 3 12:25:43 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCD95131738 for ; Mon, 3 Jul 2017 12:25:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GdUcp0IyNaw0 for ; Mon, 3 Jul 2017 12:25:37 -0700 (PDT) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCC1E12ECC1 for ; Mon, 3 Jul 2017 12:25:36 -0700 (PDT) Received: from [192.168.178.30] ([78.52.158.107]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0LoE4f-1dup5b3t3R-00gGuC for ; Mon, 03 Jul 2017 21:25:35 +0200 To: openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> From: Heiko Stamer Message-ID: <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> Date: Mon, 3 Jul 2017 21:26:24 +0200 MIME-Version: 1.0 In-Reply-To: <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:YHSvRaONmDuk7/mq5jhTYOBHrksf2S3in+X+6JvjP7EJbIhw5pF UD/rj5odDGZ221oP7W/CznyhH+Tq05Yvbe9Jf+dHmF2n2zMue29uq45cNN4TcGrgf0Yp7// CUIW+L5iuwActGtEIR3/jiwEwVwI7tSy2mrjsmFHFWyiLOM62yUMohHqpq6RNbGUJKVJ8yK ih4pTn/p5BWh1wDNpIfrw== X-UI-Out-Filterresults: notjunk:1;V01:K0:WZu78HIpnGM=:BKZjsuZKNNG3XtWauF/+Hx lmc9byOk768aixHgVzI64Jeuesa53IK1nJYiimCttLbGW3pLlFVvONLDMPvHlV4i82a+ZmBku 2nknTOun5YyfG2cc54lbTJLqgLUYUJzaFlf4LzgOWx8qWbVmLTdwGl6gOTEmcC06+WULgtyFK zQLK4yrieR3knTF5HMB++DYOHUjbPnTGo6WeBDwJJ6rZZ1t4TfGDgqZTy6QAEJ+wSiPi7w8Sc cNvqfJNO7fCo2dHYzuniTS5hYZaefQ/A39SVOFvoa5UI3vB3rSWn2tyPC783eMgqFoUA8WlRQ VxbEsauzDGAMve4DU6V9rtF9xZk73NPNhDIUihR/9aNeg3/w4uXOM8pcn+92Prkn9mw/6B8Di VX2z0Jg4p2bDYjs8LX7gE2bty+aM747Lj4yQyZjqnq4VhuN7bi6zfBYcxndOE0IlLONwr00I9 4n9KnTCDJrMNZ9iG2tX4bGqvMoDjrbMym+4LqEeFFL7YOFBDZIaWGf66xcDkcSSftlqXGW0X6 J6MlR9uZCtviRSnCaLp+Ge8N1wm0Ek4yYSPEEsYfBofjcoqXZPwwbkbKQbzbXZV7rtTT5UOOT sDzJNnEri9lAkz6SujIDzr/qbQDW/bKSsqkD1hG98qrtatw5T37RiGilE0pI2+W+gH2soHupv pe8uBqYIbC9VYEU2ftbdf0uQrYWtjrWIrdWaDXGRW7VLuS6/uxV4mEfmdCu3e7r8LEoCvKKVD W1od85+NqCXqBCba7NysnlSP0C77vdG0VLj0cI17xNshdhfCt9A9E6kwipzD0s+mnTUqHBaqq l0ZQeQA Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:25:39 -0000 Hey, first of all, I am new to this mailing list. So please forgive me, if I comment on things that have been already discussed before. brian m. carlson wrote: > However, I think the WG as a whole needs to provide more input What's your opinion about defining additional (non-ECC) public-key algorithms, e.g., Cramer-Shoup or an IND-CPA secure variant of ElGamal? Best regards, Heiko Stamer. From nobody Mon Jul 3 12:29:29 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5AB8131708 for ; Mon, 3 Jul 2017 12:29:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YVHqff9wLVLL for ; Mon, 3 Jul 2017 12:29:26 -0700 (PDT) Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA291131748 for ; Mon, 3 Jul 2017 12:29:25 -0700 (PDT) Received: from quorra.local (babcom.com [216.246.132.90]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id 61DED136B6900 for ; Mon, 3 Jul 2017 12:29:25 -0700 (PDT) To: openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> From: "Robert J. Hansen" Message-ID: <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> Date: Mon, 3 Jul 2017 15:29:23 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Mon, 03 Jul 2017 12:29:25 -0700 (PDT) Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:29:27 -0000 > What's your opinion about defining additional (non-ECC) public-key > algorithms, e.g., Cramer-Shoup or an IND-CPA secure variant of ElGamal? I would be opposed to this. This is not the time to start adding neat stuff to the RFC. Now is the time to make the critical and necessary changes to the RFC and *get it published*. Once we have an RFC with the urgent changes published, then we can circle back and have conversations about every neat thing under the sun. From nobody Mon Jul 3 12:35:47 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D503E131757 for ; Mon, 3 Jul 2017 12:35:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yjWfduddVJCU for ; Mon, 3 Jul 2017 12:35:44 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 730CC131756 for ; Mon, 3 Jul 2017 12:35:44 -0700 (PDT) Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v63JVxkt005629; Mon, 3 Jul 2017 20:35:42 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=jan2016.eng; bh=rV057vfwJCTcbAeeL0Oag7lLZe/Gp5FnTHcW2X7CksQ=; b=nMbNsrqpShLmr6opAF/n4W7g6pZ11dhpkZ3w+V7HGy/AYR7KcFpMJ0AWDCoypPJDtjLB itGlTT9NICN7deiOix21XbdztEhyIHqHFptprsqjr2mskP9w2Lf96hYbo3U0eSVgZ+vJ zupXw+EFUOBZBfMqxc6fv1YSS0x5NeQiYHnvQpc4S8Wpb4GLVoSqIFpSn8C/ugpDFIbi 7HvXGA+SDa9hlmgCHEsAPKvivGduj7zQStVTYsz7JXAuOEotW/+EE1kcqqzN199e3frt ZE3r5LU/tRQPEQG1Gy7/gLJ111sIYNV93s0zVJ9vhXygyP+GZ4e/nvwUGonKvhz2GhJE +A== Received: from prod-mail-ppoint1 (a184-51-33-18.deploy.static.akamaitechnologies.com [184.51.33.18] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 2be3949rje-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 03 Jul 2017 20:35:42 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v63JUopC007760; Mon, 3 Jul 2017 15:35:40 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint1.akamai.com with ESMTP id 2be72u5b5q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 03 Jul 2017 15:35:40 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 3 Jul 2017 12:35:40 -0700 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Mon, 3 Jul 2017 15:35:39 -0400 From: "Salz, Rich" To: "Robert J. Hansen" , "openpgp@ietf.org" Thread-Topic: [openpgp] Expiration impending: Thread-Index: AQHS8sWEh9Lc8i/Rkk2/JG/FGnFEUKJBRtOAgAAruwCAAU95AIAAANWA//++Z8A= Date: Mon, 3 Jul 2017 19:35:38 +0000 Message-ID: <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> In-Reply-To: <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.45.87] Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-03_13:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1707030318 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-03_13:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1707030318 Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:35:46 -0000 > > What's your opinion about defining additional (non-ECC) public-key > > algorithms, e.g., Cramer-Shoup or an IND-CPA secure variant of ElGamal? >=20 > I would be opposed to this. This is not the time to start adding neat st= uff to > the RFC. Now is the time to make the critical and necessary changes to t= he > RFC and *get it published*. Strongly agree. From dirk@o.banes.ch Mon Jul 3 12:41:43 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EDE112ECC1 for ; Mon, 3 Jul 2017 12:41:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=banes.ch Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d_SLh1JwbZbD for ; Mon, 3 Jul 2017 12:41:40 -0700 (PDT) Received: from mail.banes.ch (mail.banes.ch [IPv6:2a03:4000:6:30bc::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4735813171F for ; Mon, 3 Jul 2017 12:41:39 -0700 (PDT) Received: from [IPv6:2001:8e0:1084:de02:e9f8:f772:64a7:84e0] (unknown [IPv6:2001:8e0:1084:de02:e9f8:f772:64a7:84e0]) by mail.banes.ch (Postfix) with ESMTPSA id 09244FFC67 for ; Mon, 3 Jul 2017 21:41:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=banes.ch; s=mail; t=1499110893; bh=BpMGL5DxOO5JAGHcIwsUr1WNjodfAorXwGO05b7ow90=; h=Subject:To:References:From:Date:In-Reply-To; z=Subject:=20Re:=20[openpgp]=20Expiration=20impending:=0D=0A=20|To:=20openpgp@ietf.org|Referenc es:=20<149847732613.7086.8580563657011849337.idtracker@ietfa.amsl. com>=0D=0A=20=0D=0A=20=0D=0A=20<20170702232541.t25v6mf36qnrxkex@genre.crus tytoothpaste.net>=0D=0A=20<1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gm x.net>=0D=0A=20<94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.o rg>=0D=0A=20<679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg. corp.akamai.com>|From:=20openpgp.dirk@o.banes.ch|Date:=20Mon,=203= 20Jul=202017=2021:41:36=20+0200|In-Reply-To:=20<679411c5b2de4c308c bfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com>; b=Qz5ILstk3bd1IVtwCpazFOpKaFLOZpNSLyK34HsPsp6uH74N6rdjRV2PjERXwNYB5 zeYMK8U/3/dn3RT9fvp0bkV8hM0MdiL6ulaKaBGF25zmiv/S+nrNOLRCrhL2WTiYs8 QtCAPef4+hq00FmEzYrIWqKmv+oPC8WoaIoEsxmw= To: openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> From: openpgp.dirk@o.banes.ch Message-ID: <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> Date: Mon, 3 Jul 2017 21:41:36 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: de-CH Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:42:37 -0000 Dear List, May I kindly ask if part of the critcal an necessary changes is sunsetting 3DES, SHA1. Yes I know they are still good but I think in current operation speed of standards it is definitly time to start it. I expierence in private an buisness live extra efforts to ensure pgp communication is not using 3DES for example which costs percious time in our projects. best regards Dirk On 03.07.2017 21:35, Salz, Rich wrote: >>> What's your opinion about defining additional (non-ECC) public-key >>> algorithms, e.g., Cramer-Shoup or an IND-CPA secure variant of ElGamal? >> I would be opposed to this. This is not the time to start adding neat stuff to >> the RFC. Now is the time to make the critical and necessary changes to the >> RFC and *get it published*. > Strongly agree. > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp From nobody Mon Jul 3 12:47:29 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC57A131781 for ; Mon, 3 Jul 2017 12:47:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gvTQl0hrfikP for ; Mon, 3 Jul 2017 12:47:19 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36B81131780 for ; Mon, 3 Jul 2017 12:47:19 -0700 (PDT) Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v63Jl79S026372; Mon, 3 Jul 2017 20:47:15 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=jan2016.eng; bh=AUkRX2uVL6J1AkMzuyxFZlxsc+rHWX0D33M92BiK29A=; b=YJYedPdnPqd1cbJ+WVI6+LxpQ7zZ1GQqMhHH43Jt8N/Thmr2M1InnFQbsp29z9zKUupm dhQu2WHPJzgEdVnw/m/V/PwrxjQExj7MipVS2oG+JotFsuo7IcPhSKJ3HJnsFz+xJnFd 9poRsBTAaP/6oywY0NkNmwYWfGyp9ZMO24aCK+sCqHuLHCDoWwqhOfYBYJyMqO4gts0Y gQqOP6OlFuDcYHVGTEHcw4i7HO1B9fG38JSn6tZIn32oRju+l17fz3Mw1CZkCwivz/Dd 3SRYirEjhtejbnLIm5Ww1INr5xToQjZIUwAthjmFfi+M/gPrKv4swD7eu8+P+nwyokp9 oA== Received: from prod-mail-ppoint1 (a184-51-33-18.deploy.static.akamaitechnologies.com [184.51.33.18] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 2be456hn46-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 03 Jul 2017 20:47:14 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v63JjbBB016723; Mon, 3 Jul 2017 15:47:13 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.32]) by prod-mail-ppoint1.akamai.com with ESMTP id 2be72u5bqc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 03 Jul 2017 15:47:13 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 3 Jul 2017 15:47:12 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Mon, 3 Jul 2017 15:47:12 -0400 From: "Salz, Rich" To: "openpgp.dirk@o.banes.ch" , "openpgp@ietf.org" Thread-Topic: [openpgp] Expiration impending: Thread-Index: AQHS8sWEh9Lc8i/Rkk2/JG/FGnFEUKJBRtOAgAAruwCAAU95AIAAANWA//++Z8CAAEUDAP//vdmg Date: Mon, 3 Jul 2017 19:47:11 +0000 Message-ID: References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> In-Reply-To: <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.45.87] Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-03_13:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1707030322 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-03_13:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1707030323 Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:47:21 -0000 > May I kindly ask if part of the critcal an necessary changes is sunsettin= g 3DES, > SHA1. Yes. See https://datatracker.ietf.org/wg/openpgp/about/ for a list of what= this WG was supposed to be working on. The WG has been stalled for a very long time and it's not clear this "last = minute" flurry of interest would fundamentally change that. From nobody Mon Jul 3 12:51:13 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7D74131767 for ; Mon, 3 Jul 2017 12:51:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LrRfs7IFEb7x for ; Mon, 3 Jul 2017 12:51:10 -0700 (PDT) Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47521126BFD for ; Mon, 3 Jul 2017 12:51:10 -0700 (PDT) Received: from quorra.local (babcom.com [216.246.132.90]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id 858BB136B9FBB for ; Mon, 3 Jul 2017 12:51:09 -0700 (PDT) To: openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> From: "Robert J. Hansen" Message-ID: Date: Mon, 3 Jul 2017 15:51:05 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Mon, 03 Jul 2017 12:51:10 -0700 (PDT) Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:51:12 -0000 > May I kindly ask if part of the critcal an necessary changes is > sunsetting 3DES, SHA1. The latest draft minimizes (but does not eliminate) SHA-1. 3DES is still a MUST-implement algorithm, and will likely be so for the ongoing future. 3DES has been a MUST algorithm since RFC2440, way back when; there's a lot of data encrypted with it and the RFC will continue to require 3DES be supported in order to help interoperate with old traffic. > I expierence in private an buisness live extra efforts to ensure pgp > communication is not using 3DES for example which > costs percious time in our projects. Why? What problem is presented by using 3DES for your work, which is so severe that you have to ensure 3DES isn't used? Seriously: it's still believed to be a strong cipher, there are no practical attacks on it, and no new attacks are looming on the horizon. 3DES is slow and it only has a 64-bit block size, but for the vast majority of OpenPGP usage that's not a problem. From nobody Mon Jul 3 13:34:54 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53A53127137 for ; Mon, 3 Jul 2017 13:34:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=banes.ch Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oKdI2_wS_P97 for ; Mon, 3 Jul 2017 13:34:50 -0700 (PDT) Received: from mail.banes.ch (mail.banes.ch [37.120.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BC4A13147C for ; Mon, 3 Jul 2017 13:34:47 -0700 (PDT) Received: from [IPv6:2001:8e0:1084:de02:e9f8:f772:64a7:84e0] (unknown [IPv6:2001:8e0:1084:de02:e9f8:f772:64a7:84e0]) by mail.banes.ch (Postfix) with ESMTPSA id BEA3FFFC55 for ; Mon, 3 Jul 2017 22:34:40 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=banes.ch; s=mail; t=1499114080; bh=gwRUPCq+bfPduZaLtryz78GKOHch07vKcPICQm4xX68=; h=Subject:To:References:From:Date:In-Reply-To; z=Subject:=20Re:=20[openpgp]=20Expiration=20impending:=0D=0A=20|To:=20openpgp@ietf.org|Referenc es:=20<149847732613.7086.8580563657011849337.idtracker@ietfa.amsl. com>=0D=0A=20=0D=0A=20=0D=0A=20<20170702232541.t25v6mf36qnrxkex@genre.crus tytoothpaste.net>=0D=0A=20<1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gm x.net>=0D=0A=20<94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.o rg>=0D=0A=20<679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg. corp.akamai.com>=0D=0A=20<9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.b anes.ch>=0D=0A=20|From:=20openpgp.dirk@o.banes.ch|Date:=20Mon,=203=20Jul=20201 7=2022:34:42=20+0200|In-Reply-To:=20; b=BcF+zucsgRtvyYepYx4h+8Ti5LR4rJnKDIidBdqBAq4SejhmVHuw+c54oMLWFz/G+ VxME6Gr+e2rhV8uZXGrdlPV0cfuL+y2wLynEJg8eDdJENUTKd1XTXU7DeJKNgMz6kR NF8igGhDF/fNWdDdO3LNQTQk16wG+SoAQygG0wSI= To: openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> From: openpgp.dirk@o.banes.ch Message-ID: Date: Mon, 3 Jul 2017 22:34:42 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-GB Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 20:34:52 -0000 On 03.07.2017 21:51, Robert J. Hansen wrote: > > The latest draft minimizes (but does not eliminate) SHA-1. 3DES is > still a MUST-implement algorithm, and will likely be so for the ongoing > future. 3DES has been a MUST algorithm since RFC2440, way back when; > there's a lot of data encrypted with it and the RFC will continue to > require 3DES be supported in order to help interoperate with old traffic. Not being a crypto devoloper I fully agree to keep the 3DES key for backward compatbility. My interest ist simply that new keys will not use 3DES by default (but if user wishes it could be added). >> I expierence in private an buisness live extra efforts to ensure pgp >> communication is not using 3DES for example which >> costs percious time in our projects. > Why? What problem is presented by using 3DES for your work, which is so > severe that you have to ensure 3DES isn't used? I work in the Payment Industry. Next to 3DES usage in EMV Cards we use file encryption based on PCI, VISA, MC ... regulations. (PGP) I experienced several projects where we had to again and again request clients(not necessarily crypto professionals) to regenerate keys because 3DES was still enabled. I asked our key manager why exactly this is a problem. He pointed me to some regulations where a concrete do not use 3DES for file crypto is not written. But he also mentioned that in the professional community within PCI it is more or less clear to base on also rock solid more modern an more long living ciphers like AES Family and remove 3DES for every new key. As well it is expected that one or more regulators would disapprove 3DES in near future. I give you that is hear/say but It seems to me time to say slowly good bye to old technology and base on new also proofen algorithms. Therefore 3DES for backward compatibility and opt in if wanted. But not any more as a default. > Seriously: it's still believed to be a strong cipher, there are no > practical attacks on it, and no new attacks are looming on the horizon. > 3DES is slow and it only has a 64-bit block size, but for the vast > majority of OpenPGP usage that's not a problem. I'm also very fund of my old Diesel VW. Great car - never had a problem (touch on wood). But if I look at the news here where I live it is clear my next cars will be another motor technology. Saying if something suitable new is here and you can choose - then choose new and proofen over old and proofen. best regards Dirk From nobody Mon Jul 3 13:40:15 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 779761271DF for ; Mon, 3 Jul 2017 13:40:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gwlJdkuP7GWe for ; Mon, 3 Jul 2017 13:40:13 -0700 (PDT) Received: from shards.monkeyblade.net (shards.monkeyblade.net [184.105.139.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 501E81200B9 for ; Mon, 3 Jul 2017 13:40:13 -0700 (PDT) Received: from quorra.local (babcom.com [216.246.132.90]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: rjh-sixdemonbag) by shards.monkeyblade.net (Postfix) with ESMTPSA id EC07212328381 for ; Mon, 3 Jul 2017 13:40:12 -0700 (PDT) To: openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> From: "Robert J. Hansen" Message-ID: <62df2a66-2cac-4cfe-c64d-a40af792660f@sixdemonbag.org> Date: Mon, 3 Jul 2017 16:40:09 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Mon, 03 Jul 2017 13:40:13 -0700 (PDT) Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 20:40:14 -0000 > My interest ist simply that new keys will not use 3DES by default (but > if user wishes it could be added). This will likely be left up to implementors. It's worth noting that most of the major OpenPGP implementations already shifted to AES for new keys ages ago. > I work in the Payment Industry. Next to 3DES usage in EMV Cards we use > file encryption based on PCI, VISA, MC ... regulations. (PGP) Ah, I understand: regulatory compliance. :) From nobody Mon Jul 3 21:01:51 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4A99124C27 for ; Mon, 3 Jul 2017 21:01:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TCP5qH4rNWqB for ; Mon, 3 Jul 2017 21:01:48 -0700 (PDT) Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C245C120726 for ; Mon, 3 Jul 2017 21:01:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1499140907; x=1530676907; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=gZEVNHqCUirYERgHhxc5KCHbTPChx6ILhHRqbYwIUsQ=; b=IjQ2vuESDVmmk9mhjdyxAsaaEk3uRCjUCN5c+povEaYGe89LTbSxTbPf IcVm3hwwNSk+KiETQk2Oq9/LLr6bbuTa52m9Mo0bCIq3E8htYCoIV+p3P ySCGA2XQjIIaAAXyczoy77lYQCMrO+PXIJp5Q3atRH5xtLh+W8rLYSRJp 2ptVGeFg7vyBVZGi6nwIq9lfXMXlxV3ces5SgNqGT/hOf2bXuMVnHMmFy 5ZkjfZ4Zghv76THw5af61rU7BIyhCA9X/HXZcGC5nJ+tT4VPm3HxAn5h+ N0ujTFWQWYzzaN4KDOwoYof2u/zq12tPBaldntYpaKaiNL1WYxcGozIfB A==; X-IronPort-AV: E=Sophos;i="5.40,306,1496059200"; d="scan'208";a="163123709" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.2.8 - Outgoing - Outgoing Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-ogg-e.UoA.auckland.ac.nz) ([10.6.2.8]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 04 Jul 2017 16:01:46 +1200 Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-ogg-e.UoA.auckland.ac.nz (10.6.2.8) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 4 Jul 2017 16:01:45 +1200 Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::6929:c5b:e4d6:fd92]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::6929:c5b:e4d6:fd92%14]) with mapi id 15.00.1263.000; Tue, 4 Jul 2017 16:01:45 +1200 From: Peter Gutmann To: "Salz, Rich" , "openpgp.dirk@o.banes.ch" , "openpgp@ietf.org" Thread-Topic: [openpgp] Expiration impending: Thread-Index: AQHS8sWFHqU4dlQfBk+AeHmoJilhxqJAOpqAgAAruwCAAU95AIAAANWAgAABvwCAAAGrAIAAAZCAgAFS0DM= Date: Tue, 4 Jul 2017 04:01:45 +0000 Message-ID: <1499140902730.13818@cs.auckland.ac.nz> References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch>, In-Reply-To: Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jul 2017 04:01:51 -0000 Salz, Rich writes:=0A= =0A= >The WG has been stalled for a very long time and it's not clear this "last= =0A= >minute" flurry of interest would fundamentally change that.=0A= =0A= A complaint I heard many years ago about PGP 2 was that it wasn't obviously= =0A= flawed. What I'd say is that it was too good enough. There were problems,= =0A= but none of them were sufficiently fatal (at the time) to motivate any kind= of=0A= expedited move to a new version. OpenPGP is still too good enough, there's= =0A= lots of things there that you can nitpick but nothing really fatal, or even= =0A= close to fatal. For example the MDC is a rather a kludge compared to an HM= AC,=0A= but it's good enough. The weird CFB mode is kind of a mess, but it's good= =0A= enough. The whole thing is just too good enough.=0A= =0A= If you wanted to update OpenPGP now, you'd be breaking compatibility with v= ast=0A= amounts of data stored in the current format, and lots of deployed PGP=0A= implementations that aren't GPG and that can't readily be updated. In=0A= addition, since what we've got now is too good enough, there are no obvious= =0A= bits that need to be replaced, just a huge pile of everyone's favourite tre= ndy=0A= things to add that no two people can agree over.=0A= =0A= Or you could throw everything out and start again, get rid of the hand-=0A= Huffman-code of lengths, replace the kludgy KDF with Argon2, replace the MD= C=0A= with HMAC, and so on, and suddenly you've got a totally new protocol. Sort= of=0A= what the HTTP WG did with HTTP 2.0, or the TLS WG did with TLS "1.3". The= =0A= HTTP WG essentially forked HTTP, it's too early to tell what the TLS WG wil= l=0A= achieve but it's probably the same thing.=0A= =0A= So, I'd say leave it as it is. It's already too good enough, and having tw= o=0A= incompatible versions floating around will do the exact opposite of helping= =0A= with PGP adoption.=0A= =0A= Peter.=0A= From nobody Tue Jul 4 00:29:50 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAF69131A2A for ; Tue, 4 Jul 2017 00:29:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.935 X-Spam-Level: X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sumptuouscapital-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KDYMIRmjtiEi for ; Tue, 4 Jul 2017 00:29:42 -0700 (PDT) Received: from mail-lf0-x22a.google.com (mail-lf0-x22a.google.com [IPv6:2a00:1450:4010:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FCAE131A18 for ; Tue, 4 Jul 2017 00:29:20 -0700 (PDT) Received: by mail-lf0-x22a.google.com with SMTP id h22so113786161lfk.3 for ; Tue, 04 Jul 2017 00:29:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sumptuouscapital-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=uu9E8TXdyQnrPEkr7mY100n+X9nMZ7gbmP6V8nLv9iE=; b=W4/L7dkdx1dXrLmW5BUnYHvCRT+lh6X47klknfKb3rX7wfFFkZAQNxeFdleqtdVDkS GH9SJVBQf4rSXu/8fyu0H1m2myzvyF3H94JE813a+q3KTn/4SxExNmQ720enqumEU8Dq 7AThIrI+ktq+EFCROGJJuDemTYxt6svuL18mOBkjLz+YHDuE28v7vzXuT7Ecynxq6g3T efPpwns5xJwIrnJlJGy+Q948uZPn9+DjVjZy4e9RVww28hhLk6DRGeGobatw/BAvAERo i5QCKOake/LcNm6ez1VpHWdJ++/jkfjCCUoswF7tEcYnEcmUU4HV0iLgJYlRkTfnXqBc V+nA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=uu9E8TXdyQnrPEkr7mY100n+X9nMZ7gbmP6V8nLv9iE=; b=HARjYHAIq65KAb04qc7AXnNni1VI3We15bLTfPNxUfZ8j4lOp5DOVdSB141R8f3RCh CdGBQaqNNaWUvt2uCrQRdPZknuJHpgB8HcSWpOVN9+eI07paNphUEGiAEl1OVIjXEN3C ao82KuqAcoggvj4EDC+8KulVtOBY25NVEjkeGU9/+yPc9nfybA8ts3cKRudyuZuh0IlE bIPgLdgaZo9lbDmqlkV82XaeEVTk/8cNxiS9QcGJQhvazdt9/uYciRFVnHtmEwjWgXqC T1VnEEht9XimXgu/FXAwYpj63mr7SVRSEXg25KMTS2sBdPEQ0M6xmAe6cW7Q3jwDO0Ww vpLw== X-Gm-Message-State: AKS2vOwJfX9yNw7XQxAHTzTiLxjqGMC7rR1ob5o4eVNRwInoT0BUYXEt Hgo0prgTN0tXYhYQFQ+fRQ== X-Received: by 10.46.87.16 with SMTP id l16mr12324638ljb.100.1499153358331; Tue, 04 Jul 2017 00:29:18 -0700 (PDT) Received: from [10.201.206.55] ([88.151.161.13]) by smtp.googlemail.com with ESMTPSA id g4sm3144968ljb.14.2017.07.04.00.29.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Jul 2017 00:29:17 -0700 (PDT) To: Peter Gutmann References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> <1499140902730.13818@cs.auckland.ac.nz> Cc: "openpgp@ietf.org" From: Kristian Fiskerstrand Message-ID: Date: Tue, 4 Jul 2017 09:29:10 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <1499140902730.13818@cs.auckland.ac.nz> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7M1PFtdPTwEslpJCu4WbHENJ4S5R27Sqm" Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jul 2017 07:29:49 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --7M1PFtdPTwEslpJCu4WbHENJ4S5R27Sqm Content-Type: multipart/mixed; boundary="n4TEKFEomSTXj1nXKaPNSuckL8tdMqR6w"; protected-headers="v1" From: Kristian Fiskerstrand To: Peter Gutmann Cc: "openpgp@ietf.org" Message-ID: Subject: Re: [openpgp] Expiration impending: References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> <1499140902730.13818@cs.auckland.ac.nz> In-Reply-To: <1499140902730.13818@cs.auckland.ac.nz> --n4TEKFEomSTXj1nXKaPNSuckL8tdMqR6w Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 07/04/2017 06:01 AM, Peter Gutmann wrote: > OpenPGP is still too good enough, there's > lots of things there that you can nitpick but nothing really fatal, or = even > close to fatal.=20 This sentiment seems similar to my own considerations with regards for need to change. If we are to change, lets do it right, not just some small nitpick, in particular with regards to removing some complexity since it is breaking backwards compatibility anyways (I'd propose e.g getting rid of trust signatures for V5). The most common complaint I'm hearing about OpenPGP is that it is too complex, as such I'm beginning to change my mind as to whether protocol agility is only a good thing, maybe we should work more on getting to consensus and reduce implementation complexity in order to make it possible for better auditing of implementations etc. --=20 ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Nil satis nisi optimum Nothing but the best is good enough --n4TEKFEomSTXj1nXKaPNSuckL8tdMqR6w-- --7M1PFtdPTwEslpJCu4WbHENJ4S5R27Sqm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEtOrRIMf4mkrqRycHJQt6/tY3nYUFAllbQ8cACgkQJQt6/tY3 nYWqAgf/QwF6p0PJJ4QSMkPpWHmyTIIwo3GFMvkgdkQAgGsb/nxn1Uu/Yi54I6Jm F/SkKiLKgl0VCFZLb/MLVh6GfKPIQbWSwTDFqcj/J6dI1QUL4KrcrE2yM7zawiBu 5OKJFViwJKSPS49/Pqo0pRP3X2fQDMAQhHjsVdRcHaeMI1aWAmaLbvgwS0d85hKw Mt9gnmQPK53AMwzhaUFgwE8SmvpC0Fe2r8oqS2XsTxAA2Ore5CJEe9AIGWRiNC0R 7SUcM2ttPzMsOX/E/1jED4OxaWPcjqI704Z7AnS9avQtBKsmuHvNSDvG30/+l29k IvyEnYOJP0lhwB/RfTYpTujLpBVAaQ== =hpqB -----END PGP SIGNATURE----- --7M1PFtdPTwEslpJCu4WbHENJ4S5R27Sqm-- From nobody Tue Jul 4 01:39:37 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6745131B1F for ; Tue, 4 Jul 2017 01:39:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8CVTJG-zS8YR for ; Tue, 4 Jul 2017 01:39:32 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98241131B2D for ; Tue, 4 Jul 2017 01:39:32 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1dSJMo-0003mp-PP for ; Tue, 04 Jul 2017 10:39:30 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1dSJGe-0000Wr-K8; Tue, 04 Jul 2017 10:33:08 +0200 From: Werner Koch To: "Robert J. Hansen" Cc: openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "Robert J. Hansen" , openpgp@ietf.org Date: Tue, 04 Jul 2017 10:33:03 +0200 In-Reply-To: (Robert J. Hansen's message of "Mon, 3 Jul 2017 15:51:05 -0400") Message-ID: <87o9t0sitc.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=Adriatic_counter_intelligence_InfoSec_USCODE_asset_Etacs_gamma_Dick="; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jul 2017 08:39:36 -0000 --=Adriatic_counter_intelligence_InfoSec_USCODE_asset_Etacs_gamma_Dick= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 3 Jul 2017 21:51, rjh@sixdemonbag.org said: > The latest draft minimizes (but does not eliminate) SHA-1. 3DES is > still a MUST-implement algorithm, and will likely be so for the ongoing The problem with TripleDES is that it is the only implicit symmetric algorithm preference. This makes it hard to remove. However there is a way to do that: We should define a new key flag requesting the use of the to-be-specified new Symmetrically Encrypted Data Packet. That new data packet will require the use of a 128 bit block length algorithm and can also require that AESnnn is the new implicit symmetric algorithm preference. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=Adriatic_counter_intelligence_InfoSec_USCODE_asset_Etacs_gamma_Dick= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWVtSvwAKCRD/gK6dHew1 jXmnAP9JCzoTMu5vwzAJdX+MW456xZj7lkdH2tfdI515t7tauQEAxeGoqbDmajcV 8yVNnHgGLm2Laai2rOmUfx/6wRavdg8= =kFnO -----END PGP SIGNATURE----- --=Adriatic_counter_intelligence_InfoSec_USCODE_asset_Etacs_gamma_Dick=-- From nobody Tue Jul 4 02:06:17 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A360131C36 for ; Tue, 4 Jul 2017 02:06:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TNOknnh7GMDs for ; Tue, 4 Jul 2017 02:06:13 -0700 (PDT) Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B170E131C33 for ; Tue, 4 Jul 2017 02:06:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1499159172; x=1530695172; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=XG3aOOvb1yPskRVbZsMF/OnMjFDcipZlQWEmak5ifOk=; b=aJVnu3alrKFAAljHNb2MRwWQl/47NfO4OzNfE9z+1naGsqm9+GgIydVY tWEtDDGewEsx4O8kane9r6j91BwdOyRnn9K6VOKp0/S33EU99orHrnafG 8RJEmS1fwlWogQ8Wt9U/88uwpHeZ6lQKmukeuBCAWohm20fXFvRkrBnLf UwmvkuI3Y9vk5xe5wUlFXyJ6AJ7lrR+enifUcxDVTxs0cB2+fyjBy6LFH CN/senF507MGaH82H8j5FqfaWWwPLiodYnrUl10DqQwuBzyB3f5UfCWYS okHtCwbGR/Ubq+nPk5AI5kEQICu8LrueWU/EaS5DNiunB2oLvHc3ODDdu A==; X-IronPort-AV: E=Sophos;i="5.40,307,1496059200"; d="scan'208";a="163163475" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.2.2 - Outgoing - Outgoing Received: from smtp.uoa.auckland.ac.nz (HELO uxcn13-ogg-a.UoA.auckland.ac.nz) ([10.6.2.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 04 Jul 2017 21:06:10 +1200 Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-ogg-a.UoA.auckland.ac.nz (10.6.2.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 4 Jul 2017 21:06:10 +1200 Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::6929:c5b:e4d6:fd92]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::6929:c5b:e4d6:fd92%14]) with mapi id 15.00.1263.000; Tue, 4 Jul 2017 21:06:10 +1200 From: Peter Gutmann To: Kristian Fiskerstrand CC: "openpgp@ietf.org" Thread-Topic: [FORGED] Re: [openpgp] Expiration impending: Thread-Index: AQHS8sWFHqU4dlQfBk+AeHmoJilhxqJAOpqAgAAruwCAAU95AIAAANWAgAABvwCAAAGrAIAAAZCAgAFS0DP//3FRAIAA5ATV Date: Tue, 4 Jul 2017 09:06:09 +0000 Message-ID: <1499159166033.35059@cs.auckland.ac.nz> References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> <1499140902730.13818@cs.auckland.ac.nz>, In-Reply-To: Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [openpgp] [FORGED] Re: Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jul 2017 09:06:15 -0000 Kristian Fiskerstrand writes:= =0A= =0A= >The most common complaint I'm hearing about OpenPGP is that it is too=0A= >complex, as such I'm beginning to change my mind as to whether protocol=0A= >agility is only a good thing, maybe we should work more on getting to=0A= >consensus and reduce implementation complexity in order to make it possibl= e=0A= >for better auditing of implementations etc.=0A= =0A= The easiest way to do that would be through a profile of 4880. So instead = of=0A= opening up giant can of worms and trying to redo 4880 itself, where everyon= e=0A= will want their own favourite change applied, publish a profile of 4880 wit= h a=0A= standard feature set for file encryption, email encryption, signed data, an= d=0A= maybe one or two other things. =0A= =0A= For example for file encryption you might have MUST AES, MUST MDC, MUST=0A= Iterated and Salted S2K (why do the other options even exist?), MUST either= =0A= five-octet or partial lengths... I think that's about it. Then you can do = PGP=0A= file encryption in a pretty minimal amount of code rather than having to=0A= include an entire protocol suite to deal with every obscure option in the= =0A= spec.=0A= =0A= The profile option, rather than rewrite-the-RFC, is fully compatible with= =0A= existing implementations while allowing us to move forward on best-practice= =0A= mechanisms and ciphers and, above all, simplify implementation and testing.= =0A= =0A= Peter.= From nobody Tue Jul 4 02:06:38 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D139E131C33 for ; Tue, 4 Jul 2017 02:06:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.935 X-Spam-Level: X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sumptuouscapital-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rsli8nEBK7ok for ; Tue, 4 Jul 2017 02:06:35 -0700 (PDT) Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FEED131B3A for ; Tue, 4 Jul 2017 02:06:35 -0700 (PDT) Received: by mail-lf0-x234.google.com with SMTP id b207so115150709lfg.2 for ; Tue, 04 Jul 2017 02:06:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sumptuouscapital-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=wRnaLPIdJuIwEKQvnilcLpxZs/02Qu7dSAjHSEcmsSs=; b=zuRFcSfH1/0dXVd+kY9FDJlDB9oXBhH/knwy60WuF5WyawHxpx8lR4s3f4TF0D075q cXisqaRxJX+NE91X8hkv/vZ6tzihoAhiA/TK7lDy5hDhWMNwscCXkO0SnGIthAqfUi8G VORMp/M4NmYEQinERLWkpstJ13oz7XhkZ2BU1UqYpqTakLuxezVSo/9WBnriEiBiy5BM ATRTv1Zo3B2hqL9ddefSaRXSHDfeaw2qLqslEtZHuCxp2jb1mgRReY/+4xPAhjKq2gCX /CbR3NH3RCn3cUth57uLF5Fo9DT/B0HM7H/7TVj0FnFRVqGQVkNhoC5tZQbwsIZwRiRO CltA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=wRnaLPIdJuIwEKQvnilcLpxZs/02Qu7dSAjHSEcmsSs=; b=H+DAwMyv2xR1DcOK56RlrnQshtWt4raW6L1+iEpH3UlvjN7ynedDXan+0mYeEVSyiG cjnCP44Ba68dphGHJwkQkMF1Z1hB6zMaE/iTLuFon1bdkBJkTSlO56e5yhAIWFaR0p2/ GHE2Koxy3XIVRIg0unt0hJ0HTF4fmjXf1yO2f7Dn2cFDP8S6iXbWFnoY+4muumY8eh6k cRmNwXUeIkR9asGCsicnn1kvzjhLM5usR31Ynvg2OqX7qba/r8gjI3BbQKMpx/wKFwjG pRxMdQc/o98IxlDf5et2bf8KdTDy0m4aNiG/i6VfRy+khFHt081KQ1kpWVK3KgXLLUPH c4AA== X-Gm-Message-State: AKS2vOyg8Pdb8znuaMsFdA5VsIjyxq6wG6PUROPO0pQZA2Vx75uS9Rqr Lxic4tTI2BQ30A7GorbVZw== X-Received: by 10.46.82.23 with SMTP id g23mr10278930ljb.32.1499159192979; Tue, 04 Jul 2017 02:06:32 -0700 (PDT) Received: from [10.201.206.55] ([88.151.161.13]) by smtp.googlemail.com with ESMTPSA id h88sm3785583ljh.57.2017.07.04.02.06.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Jul 2017 02:06:31 -0700 (PDT) To: "Robert J. Hansen" , openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> <87o9t0sitc.fsf@wheatstone.g10code.de> From: Kristian Fiskerstrand Message-ID: <458264d0-9774-c07f-85fd-90725aa55c65@sumptuouscapital.com> Date: Tue, 4 Jul 2017 11:06:25 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <87o9t0sitc.fsf@wheatstone.g10code.de> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="bULpsAQvoqidaP5J4WfFDjwTmpwAtJ1p2" Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jul 2017 09:06:38 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --bULpsAQvoqidaP5J4WfFDjwTmpwAtJ1p2 Content-Type: multipart/mixed; boundary="m9OpPRk6sdbr4MGsRttmi1MJ1vkt6f5t9"; protected-headers="v1" From: Kristian Fiskerstrand To: "Robert J. Hansen" , openpgp@ietf.org Message-ID: <458264d0-9774-c07f-85fd-90725aa55c65@sumptuouscapital.com> Subject: Re: [openpgp] Expiration impending: References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> <87o9t0sitc.fsf@wheatstone.g10code.de> In-Reply-To: <87o9t0sitc.fsf@wheatstone.g10code.de> --m9OpPRk6sdbr4MGsRttmi1MJ1vkt6f5t9 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 07/04/2017 10:33 AM, Werner Koch wrote: > On Mon, 3 Jul 2017 21:51, rjh@sixdemonbag.org said: >=20 >> The latest draft minimizes (but does not eliminate) SHA-1. 3DES is >> still a MUST-implement algorithm, and will likely be so for the ongoin= g >=20 > The problem with TripleDES is that it is the only implicit symmetric > algorithm preference. This makes it hard to remove. However there is = a > way to do that: We should define a new key flag requesting the use of > the to-be-specified new Symmetrically Encrypted Data Packet. That new > data packet will require the use of a 128 bit block length algorithm an= d > can also require that AESnnn is the new implicit symmetric algorithm > preference. Given that we're introducing a new keyblock version anyways, can't this just be the default for v5 keys, which anyways requires updating on implementations to support? iirc something similar is done in RFC6637 for ECC keys already --=20 ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "History is a gallery of pictures in which there are few originals and many copies." (Alexis de Tocqueville) --m9OpPRk6sdbr4MGsRttmi1MJ1vkt6f5t9-- --bULpsAQvoqidaP5J4WfFDjwTmpwAtJ1p2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEtOrRIMf4mkrqRycHJQt6/tY3nYUFAllbWpIACgkQJQt6/tY3 nYWlHAgArnJkcy5F+EELWfxgPO050IRD5UuL0nQuGGFc5tcd3Dl5Fb3UY+DtiMeH 7Q9Ybe4brT0KULabNa4h7vsTGHDofJnokuJHHvCjAsislmEaK+9chCP2dBvJkN3a PNmxs02ygBWd/Pf1Jnj+ZN0Sm4wwLzABq7sMeqmeXmggQEiKidEFboPdvtM1nl1Z n7RWv6UVOquMRmxqH4w7WmlNOgAOdwnhIlXpMHezaJ/Z4HWsr69T6ugTaef249DF N7FEeoOzl0y++3lQe4S8qtPIToA4j6TXP6BHIYIbL62X+d5w0ywDtv/21uZ97Uzf 8UFxSDvxEmGxwar4/4M8zgVDKr4Juw== =rqpC -----END PGP SIGNATURE----- --bULpsAQvoqidaP5J4WfFDjwTmpwAtJ1p2-- From nobody Tue Jul 4 02:29:35 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38D04131C9A for ; Tue, 4 Jul 2017 02:29:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2avMVQH0yAVA for ; Tue, 4 Jul 2017 02:29:33 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0019131C90 for ; Tue, 4 Jul 2017 02:29:32 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1dSK9D-00047T-0v for ; Tue, 04 Jul 2017 11:29:31 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1dSK4t-0000uS-3y; Tue, 04 Jul 2017 11:25:03 +0200 From: Werner Koch To: Kristian Fiskerstrand Cc: "Robert J. Hansen" , openpgp@ietf.org References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> <87o9t0sitc.fsf@wheatstone.g10code.de> <458264d0-9774-c07f-85fd-90725aa55c65@sumptuouscapital.com> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Kristian Fiskerstrand , "Robert J. Hansen" , openpgp@ietf.org Date: Tue, 04 Jul 2017 11:25:02 +0200 In-Reply-To: <458264d0-9774-c07f-85fd-90725aa55c65@sumptuouscapital.com> (Kristian Fiskerstrand's message of "Tue, 4 Jul 2017 11:06:25 +0200") Message-ID: <87bmp0sgep.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=freedom_Guantanamo_lock_picking_cryptanalysis_Fortezza_Commecen_AMEM"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jul 2017 09:29:34 -0000 --=freedom_Guantanamo_lock_picking_cryptanalysis_Fortezza_Commecen_AMEM Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 4 Jul 2017 11:06, kristian.fiskerstrand@sumptuouscapital.com said: > Given that we're introducing a new keyblock version anyways, can't this > just be the default for v5 keys, which anyways requires updating on Right, that would even be easier. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=freedom_Guantanamo_lock_picking_cryptanalysis_Fortezza_Commecen_AMEM Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWVte7gAKCRD/gK6dHew1 jVaBAQCaO5dcqy/SLbo209nr61aVmYofX3SZhy6+Rgw5Gzck2AD/VnaRzga57djU yrxZOAzwyQsNc2Z9nkVi9kfU4mMyaQ4= =e1I5 -----END PGP SIGNATURE----- --=freedom_Guantanamo_lock_picking_cryptanalysis_Fortezza_Commecen_AMEM-- From nobody Tue Jul 4 02:44:35 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB0B5131CCA for ; Tue, 4 Jul 2017 02:44:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rNZFwYxVJhJC for ; Tue, 4 Jul 2017 02:44:32 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31927131CC8 for ; Tue, 4 Jul 2017 02:44:32 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1dSKNi-0004Ce-KX for ; Tue, 04 Jul 2017 11:44:30 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1dSKFs-0000yZ-2K; Tue, 04 Jul 2017 11:36:24 +0200 From: Werner Koch To: Peter Gutmann Cc: Kristian Fiskerstrand , "openpgp\@ietf.org" References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> <1499140902730.13818@cs.auckland.ac.nz> <1499159166033.35059@cs.auckland.ac.nz> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: Peter Gutmann , Kristian Fiskerstrand , "openpgp\@ietf.org" Date: Tue, 04 Jul 2017 11:36:23 +0200 In-Reply-To: <1499159166033.35059@cs.auckland.ac.nz> (Peter Gutmann's message of "Tue, 4 Jul 2017 09:06:09 +0000") Message-ID: <877ezosfvs.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=virus_satellite_imagery_KGB_Medco_Comirex_Pine_Gap_Bletchley_Park=CN"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] [FORGED] Re: Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jul 2017 09:44:34 -0000 --=virus_satellite_imagery_KGB_Medco_Comirex_Pine_Gap_Bletchley_Park=CN Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 4 Jul 2017 11:06, pgut001@cs.auckland.ac.nz said: > For example for file encryption you might have MUST AES, MUST MDC, MUST > Iterated and Salted S2K (why do the other options even exist?), MUST eith= er Well we should actually have a dummy S2K for the case that you take a full entropy passphrase from a database. Lacking that the Simple S2K is the next best choice. > The profile option, rather than rewrite-the-RFC, is fully compatible with In fact there is already a profile for Suite B in the draft (from RFC6637). The German spooks want their Brainpool instead. Me and many others would prefer Chicago curves. Thus, do we need to chnage your well-know quote to You can't be a real country unless you have a beer and = an airline. It helps if you have some kind of a football team, or some nuclear weapons, but at the very least you need a beer. -- Frank Zappa And an OpenPGP profile. -- OpenPGP WG ? ;-) Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=virus_satellite_imagery_KGB_Medco_Comirex_Pine_Gap_Bletchley_Park=CN Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWVthlwAKCRD/gK6dHew1 jSmiAP4hdqX9VOC9FZM1vgy2ABMV5CGDy7goVjbWt3Tr28ymbQEAlEZJVjgVJvny d83Ygw25tGkLWa+ADUtdrWFBOPnxDwg= =0MbZ -----END PGP SIGNATURE----- --=virus_satellite_imagery_KGB_Medco_Comirex_Pine_Gap_Bletchley_Park=CN-- From nobody Tue Jul 4 03:15:06 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 076E7131DB8 for ; Tue, 4 Jul 2017 03:15:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uJKWTRlF59-r for ; Tue, 4 Jul 2017 03:15:00 -0700 (PDT) Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B444131D9E for ; Tue, 4 Jul 2017 03:15:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1499163300; x=1530699300; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=XUseZXz4fm+Z5ceYkUADPmOLMI1p7+GBdpH1fNW0e4U=; b=KYaLqkAAR+tm83EQIPNSC4aU8BOKa+QHfPa+h4By1vGS1QFRU6C8Hi2Q l6v8gu2NNXNI38d5g9r+IesJcGD24hsp177H/R9KVYz6eVDSYYx+2gpdw YxN8/GxHw30RptWFnePRIdX5oDqik8hpmlkgIU5X3la29c1RwUll00aH/ POvmSMRLIKxQNoKv+5quzNBSZLNj+Qf6Vu1FFbjVaf1esWPQ1UrN8uXg6 XEniKLrSRxjFhBYL7TXGRdHY3Qi8p6bzJ3IFNjTnpQd0DF5lEI759pA/T YUqfBlUKDvRrkWJZhGeBuKMTAsm8FusYk/TL3VSk3+YBNmvWQzXr7eO/+ w==; X-IronPort-AV: E=Sophos;i="5.40,307,1496059200"; d="scan'208";a="163171213" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.2.8 - Outgoing - Outgoing Received: from uxcn13-ogg-e.uoa.auckland.ac.nz ([10.6.2.8]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 04 Jul 2017 22:14:57 +1200 Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-ogg-e.UoA.auckland.ac.nz (10.6.2.28) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 4 Jul 2017 22:14:57 +1200 Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::6929:c5b:e4d6:fd92]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::6929:c5b:e4d6:fd92%14]) with mapi id 15.00.1263.000; Tue, 4 Jul 2017 22:14:57 +1200 From: Peter Gutmann To: Werner Koch CC: Kristian Fiskerstrand , "openpgp@ietf.org" Thread-Topic: [openpgp] [FORGED] Re: Expiration impending: Thread-Index: AQHS9Kj/eLt19W8bF067QJfpZi8XxaJDc2T0 Date: Tue, 4 Jul 2017 10:14:56 +0000 Message-ID: <1499163293852.3569@cs.auckland.ac.nz> References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> <1499140902730.13818@cs.auckland.ac.nz> <1499159166033.35059@cs.auckland.ac.nz>, <877ezosfvs.fsf@wheatstone.g10code.de> In-Reply-To: <877ezosfvs.fsf@wheatstone.g10code.de> Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [openpgp] [FORGED] Re: Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jul 2017 10:15:05 -0000 Werner Koch writes:=0A= =0A= >In fact there is already a profile for Suite B in the draft (from RFC6637)= .=0A= >The German spooks want their Brainpool instead. Me and many others would= =0A= >prefer Chicago curves.=0A= =0A= The idea isn't necessarily to come up with new or alternative algorithms bu= t=0A= to codify current practice, where it makes sense. So if 99% of the=0A= implementations out there do, say, AES + x + y, then make the profile "AES = + x=0A= + y", so that implementing just that one option is all that's required to g= ive=0A= you 99% coverage.=0A= =0A= > And an OpenPGP profile.=0A= > -- OpenPGP WG ?=0A= =0A= Ugh, the X.509 folks already did that badly enough :-).=0A= =0A= Peter.=0A= From nobody Tue Jul 4 06:02:07 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 414EB126DD9 for ; Tue, 4 Jul 2017 06:02:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.003 X-Spam-Level: X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=singpolyma.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c3iH-kVuIyqv for ; Tue, 4 Jul 2017 06:02:03 -0700 (PDT) Received: from singpolyma.net (singpolyma.net [192.99.233.116]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7BA5126B6D for ; Tue, 4 Jul 2017 06:02:03 -0700 (PDT) Received: from [127.0.0.1] (dhcp-108-168-20-134.cable.user.start.ca [108.168.20.134]) by singpolyma.net (Postfix) with ESMTPSA id 8202A48609EC; Tue, 4 Jul 2017 13:02:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=singpolyma.net; s=iweb; t=1499173322; bh=EMnFZopdTxaZJQNlsh/OrVKMtVs8yE1WmmECIj4YY3M=; h=Date:Subject:From:In-Reply-To:References:To:Cc:From; b=tvHNRx8L+gpkiZhAlyT6kvAkvoUkiz1Hb9zj9C4TCv4Y7bjtlocaMhEZN1QN1SGfb 60nEspI4WHPd9NSNsAo1h7v7rO+0iWhFSt01X6thqxCweh0B1QvSj2XgiUES/8DnOV h5pOslz1T/T8jutSyTqgR6shGLP+Xm3ZfNG2HaoA= Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Mailer: BlackBerry Email (10.3.3.2205) Message-ID: <20170704130202.6111317.1128.66495@singpolyma.net> Date: Tue, 04 Jul 2017 08:02:02 -0500 From: Stephen Paul Weber In-Reply-To: <1499159166033.35059@cs.auckland.ac.nz> References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> <20170702232541.t25v6mf36qnrxkex@genre.crustytoothpaste.net> <1b5da7bf-d43b-fde5-f6b6-28d9c6fd6edb@gmx.net> <94a05934-4b5c-4fb6-d127-beb0eacb47cf@sixdemonbag.org> <679411c5b2de4c308cbfbb3733c4fe54@usma1ex-dag1mb1.msg.corp.akamai.com> <9fbed93a-e4a7-3d00-1c53-ee587c2dface@o.banes.ch> <1499140902730.13818@cs.auckland.ac.nz>, <1499159166033.35059@cs.auckland.ac.nz> To: Peter Gutmann , Kristian Fiskerstrand Cc: openpgp@ietf.org Archived-At: Subject: Re: [openpgp] [FORGED] Re: Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jul 2017 13:02:05 -0000 =E2=80=8E> The easiest way to do that would be through a profile of 4880.= =C2=A0 I started work on such a thing once: https://github.com/singpolyma/openpgp-spec From nobody Wed Jul 12 05:59:52 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25B3113169C for ; Wed, 12 Jul 2017 05:59:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.4 X-Spam-Level: X-Spam-Status: No, score=-0.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SORBS_WEB=1.5] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2vZ3sxivm6Yk for ; Wed, 12 Jul 2017 05:59:49 -0700 (PDT) Received: from mail.mugenguild.com (mugenguild.com [5.135.189.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92CCA12EC0F for ; Wed, 12 Jul 2017 05:59:48 -0700 (PDT) Received: from localhost (office.xing.com [82.112.107.65]) by mail.mugenguild.com (Postfix) with ESMTPSA id 81CB45FAE8; Wed, 12 Jul 2017 14:59:46 +0200 (CEST) Date: Wed, 12 Jul 2017 14:59:43 +0200 From: Vincent Breitmoser To: Barry Leiba Cc: IETF OpenPGP , Eric Rescorla Message-ID: <20170712125943.rpgbrox6uuwzuf6x@calamity> References: <149847732613.7086.8580563657011849337.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170609 (1.8.3) Archived-At: Subject: Re: [openpgp] Expiration impending: X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2017 12:59:51 -0000 Barry Leiba(barryleiba@computer.org)@Sun, Jul 02, 2017 at 01:55:18AM +0200: > I've CCed EKR on this by way of asking him to take action unless > there's some immediate discussion that convinces us that what I say > above is wrong, that there is interest, and that there will be > progress very soon (in which case we would set an aggressive and > firm schedule). So... - V From nobody Wed Jul 12 15:39:07 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7374D1317D7 for ; Wed, 12 Jul 2017 15:39:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31aLEUvyU1Oi for ; Wed, 12 Jul 2017 15:39:04 -0700 (PDT) Received: from castro.crustytoothpaste.net (sandals-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3f1::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABA0612EB8C for ; Wed, 12 Jul 2017 15:38:57 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 6CDC4280AD for ; Wed, 12 Jul 2017 22:38:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1499899136; bh=RVKgsfBulSxYwQ5nWuRnMWLNwqpDqB0gjOO2c9ayM6o=; h=Date:From:To:Subject:From; b=PKx90SZSzbZ2n7xyCAAbiC+uoSVu0OVHMC3Uhs7W9p9G855whyHULPYnxJOfMqB6t hsvFf/70YfMe6mezIPfaLtuIXZFzMoIlo1bTl/8HaHNR0F0UIXKJn6E+I8SZMa1zqJ d3WvgD2xN6v3bykeUlQDFg7uxqaYX6qTQgu8Io5ziQDWC2weLWvLSLtce6Ah5uyu6J g3GOVB7x0+3+AOyOaEHy+K7CZ6jRqfBnQ3ePgIrylMZLPxn6WvKXT0I61uthM9AmbH 1XMD3F0VyGL1mE7u7RUrPfPgRebhi7cew3Ge0BA7+tTWmtMqnoX6dO3IL9JIB9TCJ5 7QA6AFh+Jtb12g1NnL/yf+kLefXNeUIHi6QdCQ/7Q4ATkkGqIiIjMUQaoJnQxdeLDF gQCO0GMN5fn3NUmypiPgLnN3cEgteE35HZ8TmqKRq9WqHAQV/9I07kx/M5Ki/NkS3t PoVfQZKbuu+BnetFsfKe9xE7jdGkbGdG16U+sC5n9uq2iA1Mz8w Date: Wed, 12 Jul 2017 22:38:52 +0000 From: "brian m. carlson" To: openpgp@ietf.org Message-ID: <20170712223852.zmnvw4iwvziqsynq@genre.crustytoothpaste.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="aw5jby5nfdmzersy" Content-Disposition: inline X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.9.0-3-amd64) User-Agent: NeoMutt/20170609 (1.8.3) Archived-At: Subject: [openpgp] Summary of WG status X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2017 22:39:06 -0000 --aw5jby5nfdmzersy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Our charter includes several goals that we should accomplish. I'm going to summarize where we are with each of them so we can see where we need to make progress. If you're going to respond to one or more of these, please respond to each one in a separate thread so that we can have a logical set of discussions. CFRG Curves ----------- We've included EdDSA with Curve25519. I'd suggest including Curve448 as an additional option for EdDSA. That might necessitate including SHAKE256 limited to this purpose only. Curve25519 is defined for ECDH. We probably also want to consider Curve448. The work needed for this purpose is probably limited to including OIDs for the curve. AEAD Algorithms --------------- I've submitted a proposal to use EAX for data packets, and I'll be sending out a new draft incorporating Werner's suggestions soon. I'd like additional feedback on if participants think this is a useful direction. We probably also want to consider SKESK and secret key packets. Must-Implement Algorithms ------------------------- We've specified SHA2-256 as the MTI hash algorithm. This seems uncontroversial. 3DES is still the must-implement encryption algorithm. AES128 seems like the logical choice here, since it's already MTI because of ECDH. I suggest that we make the AEAD mode, whatever we pick, mandatory as well. Remember here that these are the obligatory options. Most implementations will (and already do) implement far more algorithms, so this is just a baseline for interoperability. Fingerprint Mechanism --------------------- This seems to be the most controversial. Werner has a proposal which garnered a lot of discussion. While it's not everything I want, I'm happy enough with it to accept it and move forward as a goal of getting us to done. If there are concrete counterproposals, I suggest including sufficient wording that can be discussed and potentially included into the document. --=20 brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 --aw5jby5nfdmzersy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (GNU/Linux) iQIzBAABCgAdFiEEX8OngXdrJt+H9ww3v1NdgR9S9osFAllmpPsACgkQv1NdgR9S 9os0cxAApzZFGhkpsilMRf5SENpKrKvMN7/6EeLqLwB5gOYcG8p/21g6RfL/IuS6 hZduX7tgRtfJZxt3t7KoMOS76zUBS13v9fDORvGdAQS88H9lP26bGh6zg/DmKwY8 YdXXdiqhBho1kM3WPuc3t04Mz+vTddTvfsvtOyBPJYmRnmwFhuTGFuXatBWIJmh4 PIfyLa0psqYXwIkagsFcD06ui/7+zEy0PZKlH3r7t3Z/DDSU6iaQinqL+0otpShV 1eNPfv8DpuQ5tPMB8gj3RtOj6YL0Dxz5sDkF3tzChzPBbDuL75R07dc4NV0AyHYw kV61NYx8OBWa/8sSF3syq0p9+cSV1GKxSgOIsin9TDyd+RkFPfBKYM99iFJzdvkB V0ZTB99I75Zc1+PwtNiQ/zjK0OOq7tB4dAfOfQxpRyP7JKitw6kCSvKdkw/ZoYK5 TSXFCYqQ6TkOgDAQQr4NjRrZ/S5Mos8Y8bhSyNPRSWEy35u8s8XjsRrl9YESj19Z 3pfc9PfVXaSBDXx1vLATjZ63OI/jLFDC6/PB8XsMbEzjTl8vfqfULoqV3tE01P+y 1xjKX6rw2NGiTyapBZV2zj/3euaTH2X7DPIp3ByF3rN6sF9rCKdzvJ8n8RhcJrNj JLn08M6yjq4kPchu4Tmm0Bwc5jW6+6MHLc/hKmdZFQXeSElLh9M= =vudp -----END PGP SIGNATURE----- --aw5jby5nfdmzersy-- From nobody Thu Jul 13 00:49:50 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90EEE12EC34 for ; Thu, 13 Jul 2017 00:49:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x7NR1GLXfqdt for ; Thu, 13 Jul 2017 00:49:46 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91997126C83 for ; Thu, 13 Jul 2017 00:49:46 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1dVYsa-0006ej-5v for ; Thu, 13 Jul 2017 09:49:44 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1dVYkX-00013V-C7; Thu, 13 Jul 2017 09:41:25 +0200 From: Werner Koch To: "brian m. carlson" Cc: openpgp@ietf.org References: <20170712223852.zmnvw4iwvziqsynq@genre.crustytoothpaste.net> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "brian m. carlson" , openpgp@ietf.org Date: Thu, 13 Jul 2017 09:41:25 +0200 In-Reply-To: <20170712223852.zmnvw4iwvziqsynq@genre.crustytoothpaste.net> (brian m. carlson's message of "Wed, 12 Jul 2017 22:38:52 +0000") Message-ID: <877ezckcm2.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=mindwar_diwn_Abbas_Syria_Ortega_M-14_USCODE_enforcers_Chobetsu=beanp"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: Re: [openpgp] Summary of WG status X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2017 07:49:49 -0000 --=mindwar_diwn_Abbas_Syria_Ortega_M-14_USCODE_enforcers_Chobetsu=beanp Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 13 Jul 2017 00:38, sandals@crustytoothpaste.net said: > Our charter includes several goals that we should accomplish. I'm going > to summarize where we are with each of them so we can see where we need Thanks. In addition there are some smaller things we need to address but these are mostly editorial and non-controversial. Shalom-Salam, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=mindwar_diwn_Abbas_Syria_Ortega_M-14_USCODE_enforcers_Chobetsu=beanp Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWWckJQAKCRD/gK6dHew1 jS5yAQCjRZ4V17Db+Dd6yNoKScadqe90J2AXSRGRmsDc+o9zBAEA4p+CXpP7yj3Y o33/74yMxcr5t3Jg9NFNncGTszbgHwk= =AjQC -----END PGP SIGNATURE----- --=mindwar_diwn_Abbas_Syria_Ortega_M-14_USCODE_enforcers_Chobetsu=beanp-- From nobody Thu Jul 13 00:54:50 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5926E12EC34 for ; Thu, 13 Jul 2017 00:54:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tHrpNWhVVSS7 for ; Thu, 13 Jul 2017 00:54:46 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CC87131456 for ; Thu, 13 Jul 2017 00:54:46 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1dVYxQ-0006gi-H8 for ; Thu, 13 Jul 2017 09:54:44 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1dVYpw-00015a-Ns; Thu, 13 Jul 2017 09:47:00 +0200 From: Werner Koch To: "brian m. carlson" Cc: openpgp@ietf.org References: <20170712223852.zmnvw4iwvziqsynq@genre.crustytoothpaste.net> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "brian m. carlson" , openpgp@ietf.org Date: Thu, 13 Jul 2017 09:47:00 +0200 In-Reply-To: <20170712223852.zmnvw4iwvziqsynq@genre.crustytoothpaste.net> (brian m. carlson's message of "Wed, 12 Jul 2017 22:38:52 +0000") Message-ID: <8737a0kccr.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=brigand_security_Semtex_electronic_surveillance_quarter_terrorist=Kh"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: Subject: [openpgp] Must-Implement Algorithms (was:Summary of WG status) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2017 07:54:47 -0000 --=brigand_security_Semtex_electronic_surveillance_quarter_terrorist=Kh Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 13 Jul 2017 00:38, sandals@crustytoothpaste.net said: > 3DES is still the must-implement encryption algorithm. AES128 seems > like the logical choice here, since it's already MTI because of ECDH. I am fine with that choice. There is also the suggestion to make AES-nnn mandatory and 3DES optional when used with v5 keys. I would be in favor of that; I don't care on whether this is AES-128 or AES-256. > I suggest that we make the AEAD mode, whatever we pick, mandatory as > well. We can only do that when used with v5 keys. We can't do that in general. Salam-Shalom, Werner =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=brigand_security_Semtex_electronic_surveillance_quarter_terrorist=Kh Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWWcldAAKCRD/gK6dHew1 jaXzAQDurJLuQ64GTc168QuS9QKQ81MMOXsbYSUJwyzay3PzRQD/f8DGyJ3H24Ng vfQx8MYMA44dK2IjbVYyykUzB2Nc4Ag= =Y92P -----END PGP SIGNATURE----- --=brigand_security_Semtex_electronic_surveillance_quarter_terrorist=Kh-- From nobody Thu Jul 13 17:21:04 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C74B11317B2 for ; Thu, 13 Jul 2017 17:21:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zVVBy0pD4iqX for ; Thu, 13 Jul 2017 17:21:02 -0700 (PDT) Received: from castro.crustytoothpaste.net (castro.crustytoothpaste.net [75.10.60.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17DD512ECB3 for ; Thu, 13 Jul 2017 17:21:02 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 3A60C280AD for ; Fri, 14 Jul 2017 00:21:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1499991660; bh=BS7LvrOV/SSfHWxIOEErbuY7foTF43h2CO6pX1Ya1Us=; h=Date:From:To:Subject:References:In-Reply-To:From; b=eewR1XQqQVY0zSVGQHUrDQj0QVAdD69sBKRIq5Nvm8ZsOWQnkLitq3RXqxw5K4yzB IbCQLFHKTYIXBZ8ETq9c+KHbMxIihc/yokWvyoMA1elfkY0Kl9RtvDBD1ypONaSsuX Cjn+uFM+l49c/5mv8iXLmleONsokeROg476AaX+a9M0Ztco8FGX0SF8KBrHl3b+aWY wvpjfleP2Quii7h6WTNFXA/E8F7wJWflYhLFRTbJKkwzgqLhpzKtVvt/U3S/wc9mVr YVoK1YwFOwXyIsENQO7keLxuLdmwk2V3CkOqPFw++I4cJgq3o3a4LFQ6kLCFMNRY4K ebyNOdm93eAzVuc+jUebKr5zu4VW7vwAoduPsyvDcqTB7FEfCA8WAIAvhaUbgdKnzH kYgf/bhaaptweRFZfT3xK4eJ2wgdQQAG5mRtNYDsTS5RffM8USymXg2887MU8hu+VP 8snRV2AG9yEYIZaci9hmiha0h3RLY7Yigy0smFZdsrURIT1ISiJ Date: Fri, 14 Jul 2017 00:20:56 +0000 From: "brian m. carlson" To: openpgp@ietf.org Message-ID: <20170714002055.ek6h2d42k3jht2zz@genre.crustytoothpaste.net> References: <20170712223852.zmnvw4iwvziqsynq@genre.crustytoothpaste.net> <8737a0kccr.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="rmsuvtzybi2vcynb" Content-Disposition: inline In-Reply-To: <8737a0kccr.fsf@wheatstone.g10code.de> X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.11.0-1-amd64) User-Agent: NeoMutt/20170609 (1.8.3) Archived-At: Subject: Re: [openpgp] Must-Implement Algorithms (was:Summary of WG status) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2017 00:21:04 -0000 --rmsuvtzybi2vcynb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 13, 2017 at 09:47:00AM +0200, Werner Koch wrote: > On Thu, 13 Jul 2017 00:38, sandals@crustytoothpaste.net said: >=20 > > 3DES is still the must-implement encryption algorithm. AES128 seems > > like the logical choice here, since it's already MTI because of ECDH. >=20 > I am fine with that choice. >=20 > There is also the suggestion to make AES-nnn mandatory and 3DES optional > when used with v5 keys. I would be in favor of that; I don't care on > whether this is AES-128 or AES-256. I think that's a good idea. AES-128 seems like the obvious choice to make MTI because of ECDH, and I anticipate almost all implementations will support AES-256 as well. > > I suggest that we make the AEAD mode, whatever we pick, mandatory as > > well. >=20 > We can only do that when used with v5 keys. We can't do that in > general. Mandatory to implement, yes. Mandatory to use, no. We also have to consider that someone might encrypt data to both v4 and v5 keys, in which case they might have to fall back down to MDC. We probably need a feature flag for AEAD packets like we have with MDC. --=20 brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 --rmsuvtzybi2vcynb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (GNU/Linux) iQIzBAABCgAdFiEEX8OngXdrJt+H9ww3v1NdgR9S9osFAlloDmcACgkQv1NdgR9S 9otnkRAAkp11GZH0ADD029HJIflDh7imf+gsHPGIUJmAY+2/YOAIS8pAf+95lmTk 8s4A08ZQ65rhR9+A1FJQxPWNPgS7MlQ0fJp+ayxm2khLCOvQZRdvFFEEt9MvGPTm 8svCqoJe2wON2LGbzYYZkh21zaRHS7azFPGeVPbX6xC0UVNe4tcDCFOhZXf+KkpC gV6ueJtWoMZpvZaGwHZr04vEQ6/YC2STVO2li8+D6kFgGVXQYXjkV1viSs9IZIYy xxCtQ76XcIsJTcZJQc6j0aS2JLQXystIkUB8VzzrjNw+mfIMKcCh+Mb+Z/RiatZZ Ej3jjiQvCl/aR9cro2iPmOnd5jQEPe90Q2jTUVlqNUOenV31ix2vTAzVvLxh3L+M 6u7QU44E4csj+y0OKgZp6PteCENtAZx0m+oTXtvyR7PZrnXJemjCtEC5tjfZiDIS Iuyx+HFqrg7C7C4ml+ABBSMiEPaSL2uHoGhzwNzch+2sfxcqDfv+ZkxLpPWJBbA6 IulVSVTDEh0Gw/nQUL8X9IrwiAAwopWmLPzOw9apxUFOolMfn1tWdh0ROsriJQmE fuLcrq/a2e7PyX9DAiZbtz5EhVk06rUpLDeU8TidF8X92eVE1DQjchBYfVdcB9r3 DzwMJe6C0LoIDN4w4sSSVbizPIzDIoja2Iu92Nq5k8OW4ncYwIU= =cAtb -----END PGP SIGNATURE----- --rmsuvtzybi2vcynb-- From nobody Fri Jul 21 15:22:01 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BF79131559 for ; Fri, 21 Jul 2017 15:21:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aN1RjN2urBkp for ; Fri, 21 Jul 2017 15:21:57 -0700 (PDT) Received: from castro.crustytoothpaste.net (castro.crustytoothpaste.net [75.10.60.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2553D131671 for ; Fri, 21 Jul 2017 15:21:57 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id A4803280AD for ; Fri, 21 Jul 2017 22:21:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1500675715; bh=CC6IRSCmL4bDUIwjbJgx7NPmPm1CJMeDd0Rl5eTZA2Y=; h=Date:From:To:Subject:References:In-Reply-To:From; b=DgRUw+XjJfqNNiz0cz7h6w8j+CY/nI9oZmv3de3ez4kx+CD8VAZTDJSYvSWCMLJBk Mhpmd74wt7b8+g5gIRc08ooWAR+Dut4w2Qvor23MqH6R5HughHFQ6BCbD/gSuo+MME 20Nbizwnv8V765GAM/6e3enNbfmEhxwQWfiV1afFfYzEjc7iI7MW9mlzsVnl/Pff3n TmY2b5hD/D5j+yak7K/YmN8nLLHtYk/hE6xjkLiRE2yMsQoshMo/p/ZLC/Ul30n4yI QY1ngkO1sR8ZdQYuZuL6oEJ9eIi9IqfYiuGW6lOEnS6ktYFgbqNeXA1+dEjXSgrPuw KhP03umzBjl1hhwTNZTcZRai1UrlzKHQ5ogDtNWDfS0DpKO3A1szd5vs+/0rnIJuN4 2cRdnC4tti46ackB0NWBPd4TPN795Hwx8akvGlK5Nf0wEnLjBzy64TA9yYBPXAM3LK a5REPSNPOlnxOqx3BXY37LjyVLX+ecfs14GHbyQr2OYy6KQl2YJ Date: Fri, 21 Jul 2017 22:21:50 +0000 From: "brian m. carlson" To: openpgp@ietf.org Message-ID: <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net> References: <20170521234302.gb3qc66zwwchr24j@genre.crustytoothpaste.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="oq56xcqpsg4h7xxw" Content-Disposition: inline In-Reply-To: <20170521234302.gb3qc66zwwchr24j@genre.crustytoothpaste.net> X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.11.0-1-amd64) User-Agent: NeoMutt/20170609 (1.8.3) Archived-At: Subject: Re: [openpgp] AEAD encrypted data packet with EAX X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jul 2017 22:21:59 -0000 --oq56xcqpsg4h7xxw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, May 21, 2017 at 11:43:02PM +0000, brian m. carlson wrote: > I have a proposed pull request for a streaming AEAD encrypted data > packet using EAX mode[0]. I will send a patch shortly. >=20 > EAX is a block cipher mode combining CTR mode and OMAC. It is similar > to CCM and is considered secure. It can be easily implemented securely > in a variety of languages using the CBC and CTR modes available in most > cryptographic libraries. I've updated my proposal and will be sending out a series of three patches shortly. As Werner suggested, I've moved the IV requirements to the mode specification and I've expanded the possible values of the cipher type octet. New in this proposal are patches for proposed text for a v5 SKESK packet with AEAD and a secret key packet with AEAD. These packets use a fixed value of 10 for the chunk size octet (a chunk of 65536 bytes), which essentially means that the entire encrypted data will be in one chunk, even if we adopt post-quantum algorithms in the future. This simplifies implementation with a unified code path. I welcome comments on this proposal with the goal of trying to get consensus. --=20 brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 --oq56xcqpsg4h7xxw Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (GNU/Linux) iQIzBAABCgAdFiEEX8OngXdrJt+H9ww3v1NdgR9S9osFAllyfn0ACgkQv1NdgR9S 9ovC1xAAu6PWonX07upgqkWBtkD4dh7HH//QdQiCvrYdvG+9XJqnSNsddBZoyHnW JWmIcG4ajIPOBsgeG9Rw9EqHpilCC3POjCiEMtS9Uq6BICwww9ZrpgbFqZkmHZzk jBOFT1SP9tfOCR3j1bFrRLu8RJpct/BAbCFTJQfWTL8soU7w8yHIrMd6wdDIEa7f +5lHD937bllpurw7s8dRtUMQXdT9wy5KKHdrm3vfHQxRtPo3/bfijIOt0fORPYop khirFHSuq26l4fxjdkrm6muY9wmp4p8uNM0kSGrAU5ZxazJ928E5b/HVi889M+2s K/7j3PM1KdwZK1Fx8I5a2IsZK732eJshMMw0fv5KJJ5DH3ku/K4totk/lgWHTeYZ mKuNkcUpMuXaDMaQhn2iraclONaW8WEyiweCshCZ6gw4BVFseiTVvOI6ub24fBJ7 WVVY0jbg6Vppox7luP25uDkRXJKEnMe378XTj/nryR0URlDnp0ZW7GCnIuqn9TOi Ciuc17o20ZwMAjkWB3KPXggbgKH9kMpoffz79xWabzLhCItIBUqXYW2LMRVYysjP bgterXf6GGEEeb3OFbHKs7TJZ9/89YDS4KNcuVtCSMNyNuuTQKM2Wsky8hh5pwaH Bfw9akNx37YBjNq3uBa8RM3OE5ks1Wfy2hGRsgk/88OpBK9nOvo= =odIp -----END PGP SIGNATURE----- --oq56xcqpsg4h7xxw-- From nobody Fri Jul 21 15:27:36 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B5A512F3D0 for ; Fri, 21 Jul 2017 15:27:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aa2No8Qso4NQ for ; Fri, 21 Jul 2017 15:27:33 -0700 (PDT) Received: from castro.crustytoothpaste.net (sandals-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3f1::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91034126DC2 for ; Fri, 21 Jul 2017 15:27:33 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 9B985280AD for ; Fri, 21 Jul 2017 22:27:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1500676052; bh=lkAO6yKNTqq1zXiGkSCyTRlexTsARVVieiV8hac2REU=; h=From:To:Subject:Date:In-Reply-To:References:From; b=qgZxdfL939KRBv24L+CTZU6UCDefsPZVGDeZb5gd6x1CIxnc6y59IK6WLcefi2lCf LSOq8K8ovQ/uvenC3MhGOdRbkv1pZlQ9sikFgKJ1lp316HqIk566SG4l0IPJFLUIf8 f+aR9As3YGfAHnbFYWizgFTUdU962isjaKkCfYpmnuYir/H5NVi3EVKQGXK9UzVGm5 pQ+KHTdjUAMK8cad2QFBBDavSzghVuwg3AyeDn8oTurZw55rDGWgVuEyhCeLBShiNm eGk63h/lWH5QkbDfsO2mONRyDlioJshA/pXGdnuVlKaj1JNdGv58YosZk934Af6LPh j9v+t+342LBIMgSvoAOUd1Gyt9Ym+xqpbjR9xawmupEymxhAz3wjKCza+Igu3yZwWV Ad87HzUGk6UpncN8rGeO/aevKBQPEsvwF/nvArLuSnJWqHjCczlItQrdf5KnHkleln 5xdlkD189XVVw/b5reDJzlIsZalMeSNkgQghr/cpc0sHpyfKmRJ From: "brian m. carlson" To: openpgp@ietf.org Date: Fri, 21 Jul 2017 22:27:16 +0000 Message-Id: <20170721222718.382455-1-sandals@crustytoothpaste.net> X-Mailer: git-send-email 2.14.0.rc0.284.gd933b75aa4 In-Reply-To: <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net> References: <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net> Archived-At: Subject: [openpgp] [PATCH 1/3] Add AEAD Encrypted Data Packet with EAX X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jul 2017 22:27:35 -0000 --- middle.mkd | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ template.xml | 11 ++++++++ 2 files changed, 96 insertions(+) diff --git a/middle.mkd b/middle.mkd index c2447d5..166b575 100644 --- a/middle.mkd +++ b/middle.mkd @@ -2550,6 +2550,81 @@ packet length. The reason for this is that the hashing rules for modification detection include a one-octet tag and one-octet length in the data hash. While this is a bit restrictive, it reduces complexity. +## {5.14} AEAD Encrypted Data Packet (Tag 18) + +This packet contains data encrypted with an authenticated encryption and +additional data (AEAD) construction. When it has been decrypted, it +will typically contain other packets (often a Literal Data packet or +Compressed Data packet). + +The body of this packet consists of: + + * A one-octet version number. The only currently defined value + is 1. + + * A one-octet cipher algorithm. + + * A one-octet AEAD algorithm. + + * A one-octet chunk size. + + * A starting initialization vector of size specified by the AEAD + algorithm. + + * Encrypted data, the output of the selected symmetric-key cipher + operating in the given AEAD mode. + + * A final, summary authentication tag for the AEAD mode. + +An AEAD encrypted data packet consists of one or more chunks of data. +The plaintext of each chunk is of a size specified using the chunk size +octet using the method specified below. + +The encrypted data consists of the encryption of each chunk of +plaintext, followed immediately by the relevant authentication tag. If +the last chunk of plaintext is smaller than the chunk size, the +ciphertext for that data may be shorter; it is nevertheless followed by +a full authentication tag. + +For each chunk, the AEAD construction is given the packet header, +version number, cipher algorithm octet, AEAD algorithm octet, chunk size +octet, and an eight-octet, big-endian chunk index as additional +data. The index of the first chunk is zero. + +After the final chunk, the AEAD algorithm is used to produce a final +authentication tag encrypting the empty string. This AEAD instance is +given the additional data specified above, plus an eight-octet, +big-endian values specifying the total number of plaintext octets +encrypted. This allows detection of a truncated ciphertext. + +The chunk size octet specifies the size of chunks using the following +formula (in C), where c is the chunk size octet: + + chunk_size = ((uint64_t)1 << (c + 6)) + +An implementation MUST support chunk size octets with values from 0 +to 56. An implementation MAY support other chunk sizes. Chunk size +octets with other values are reserved for future extensions. + +A new random initialization vector MUST be used for each message. + +### {5.14.1} EAX Mode + +The only currently defined AEAD algorithm is EAX Mode +[](#EAX). This algorithm can only use block ciphers with 16-octet +blocks. The starting initialization vector and authentication tag are +both 16 octets long. + +The starting initialization vector for this mode MUST be unique and +unpredictable. + +The nonce for EAX mode is computed by treating the starting +initialization vector as a 16-octet, big-endian value and +exclusive-oring the low eight octets of it with the chunk index. + +The security of EAX requires that the nonce is never reused, hence the +requirement that the starting initialization vector be unique. + # {6} Radix-64 Conversions As stated in the introduction, OpenPGP's underlying native @@ -3087,6 +3162,16 @@ require the use of SHA-1 with the exception of computing version 4 key fingerprints and for purposes of the MDC packet. Implementations SHOULD NOT use MD5 or RIPE-MD/160. +## {9.5} AEAD Algorithms + + ID Algorithm + -------- --------- + 1 EAX [](#EAX) + 100--110 Private/Experimental algorithm + +Implementations MUST implement EAX. Implementations MAY implement +other algorithms. + # {10} IANA Considerations OpenPGP is highly parameterized, and consequently there are a number diff --git a/template.xml b/template.xml index 68651ba..85782ce 100644 --- a/template.xml +++ b/template.xml @@ -91,6 +91,17 @@ + + + + A Conventional Authenticated-Encryption Mode + + + + + + + A Public-Key Cryptosystem and a -- 2.14.0.rc0.284.gd933b75aa4 From nobody Fri Jul 21 15:27:43 2017 Return-Path: <sandals@crustytoothpaste.net> X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F5F1126DC2 for <openpgp@ietfa.amsl.com>; Fri, 21 Jul 2017 15:27:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L_Wm-tbzP_id for <openpgp@ietfa.amsl.com>; Fri, 21 Jul 2017 15:27:35 -0700 (PDT) Received: from castro.crustytoothpaste.net (castro.crustytoothpaste.net [75.10.60.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4FC112F258 for <openpgp@ietf.org>; Fri, 21 Jul 2017 15:27:33 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 203FB280AF for <openpgp@ietf.org>; Fri, 21 Jul 2017 22:27:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1500676053; bh=HV51/MrkGulB09rQi19/vHkl7a9YXhAULL24+exxG/w=; h=From:To:Subject:Date:In-Reply-To:References:From; b=xTD4VU132WmypeEBpC+prQMVovFYpGdwSLzTTrJ8MbJlh3kHOpzXWNUHZ3+iyc3MF vt1YeF0upAMy4JwefXTB3jD+Uh3Kbgu+N3uUUgJUK0N7zug53K7UZzyxY9xiElGyZa q+QRBAAipCnCh8OGb3QKSzz+BDcX1iKBfZ4b6H0IZg3MBs/kW7wUITqiHS4SnFzatl Kua4JZR7aUA1p5x1AplnFIgsUvbWY4sMZXa5Z35vCSHv1Q9mNMiDSRsW0eqarTNgHi t7xKWE2lj7R8VjqSX3hlKes4Rm2pdHLlpgUU+xACCti2iU6i6bScBslG4CPMQQUFoc XMCfly8ebH9OWjLuKsWVCR4k72keMEiRPluYn4AnaSgfizdTRuch64bSGO2Pg5oC90 wbhGXKTWg+jddpBC05XnewuR3XhCQD4wSSS66wuf5i5BQlcwsCiWq5FHZX7JHtpaZh qSbTX1KBchQgMo4FfZXuficdhZQCbZvQLZM4qUL3DTdrPPthTu3 From: "brian m. carlson" <sandals@crustytoothpaste.net> To: openpgp@ietf.org Date: Fri, 21 Jul 2017 22:27:18 +0000 Message-Id: <20170721222718.382455-3-sandals@crustytoothpaste.net> X-Mailer: git-send-email 2.14.0.rc0.284.gd933b75aa4 In-Reply-To: <20170721222718.382455-1-sandals@crustytoothpaste.net> References: <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net> <20170721222718.382455-1-sandals@crustytoothpaste.net> Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/lgazHb3FS1_435JqCDG1DcSdeS0> Subject: [openpgp] [PATCH 3/3] Add AEAD mode for Secret Key Packets X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe> List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/> List-Post: <mailto:openpgp@ietf.org> List-Help: <mailto:openpgp-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe> X-List-Received-Date: Fri, 21 Jul 2017 22:27:36 -0000 --- middle.mkd | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/middle.mkd b/middle.mkd index 95ec44d..b1fecc1 100644 --- a/middle.mkd +++ b/middle.mkd @@ -356,7 +356,7 @@ unencrypted. The MD5 hash function was always used to convert the passphrase to a key for the specified cipher algorithm. For compatibility, when an S2K specifier is used, the special value -254 or 255 is stored in the position where the hash algorithm octet +253, 254, or 255 is stored in the position where the hash algorithm octet would have been in the old data structure. This is then followed immediately by a one-octet algorithm identifier, and then by the S2K specifier as encoded above. @@ -364,9 +364,9 @@ specifier as encoded above. Therefore, preceding the secret data there will be one of these possibilities: - 0: secret data is unencrypted (no passphrase) - 255 or 254: followed by algorithm octet and S2K specifier - Cipher alg: use Simple S2K algorithm using MD5 hash + 0: secret data is unencrypted (no passphrase) + 255, 254, or 253: followed by algorithm octet and S2K specifier + Cipher alg: use Simple S2K algorithm using MD5 hash This last possibility, the cipher algorithm number with an implicit use of MD5 and IDEA, is provided for backward compatibility; it MAY be @@ -1960,10 +1960,13 @@ The packet contains: * Only for a version 5 packet, a one-octet scalar octet count of the next 3 optional fields. - * [Optional] If string-to-key usage octet was 255 or 254, a one- + * [Optional] If string-to-key usage octet was 255, 254, or 253, a one- octet symmetric encryption algorithm. - * [Optional] If string-to-key usage octet was 255 or 254, a + * [Optional] If string-to-key usage octet was 253, a one-octet AEAD + algorithm. + + * [Optional] If string-to-key usage octet was 255, 254, or 253, a string-to-key specifier. The length of the string-to-key specifier is implied by its type, as described above. @@ -1984,8 +1987,10 @@ The packet contains: usage octet was 254, then a 20-octet SHA-1 hash of the plaintext of the algorithm-specific portion. This checksum or hash is encrypted together with the algorithm-specific fields - (if string-to-key usage octet is not zero). Note that for all - other values, a two-octet checksum is required. + (if string-to-key usage octet is not zero). If the string-to-key + usage octet was 253, then an AEAD authentication tag is included + here. Note that for all other values, a two-octet checksum is + required. Note that the version 5 packet format adds two count values to help parsing packets with unknown S2K or public key algorithms. @@ -2009,7 +2014,12 @@ at the beginning of each new MPI value, so that the CFB block boundary is aligned with the start of the MPI data. With V4 and V5 keys, a simpler method is used. All secret MPI values -are encrypted in CFB mode, including the MPI bitcount prefix. +are encrypted, including the MPI bitcount prefix. + +If the string-to-key usage octet is 253, the encrypted MPI values are +encrypted as one combined plaintext exactly as an AEAD Encrypted Data +packet with a chunk size octet of 10 would be. This implicit chunk size +octet is included in the normal calculations of additional data. The two-octet checksum that follows the algorithm-specific portion is the algebraic sum, mod 65536, of the plaintext of all the algorithm- -- 2.14.0.rc0.284.gd933b75aa4 From nobody Fri Jul 21 15:27:51 2017 Return-Path: <sandals@crustytoothpaste.net> X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D42C6131559 for <openpgp@ietfa.amsl.com>; Fri, 21 Jul 2017 15:27:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qjTy7i_2eLPf for <openpgp@ietfa.amsl.com>; Fri, 21 Jul 2017 15:27:33 -0700 (PDT) Received: from castro.crustytoothpaste.net (sandals-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3f1::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C011D129B30 for <openpgp@ietf.org>; Fri, 21 Jul 2017 15:27:33 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id E24E7280AE for <openpgp@ietf.org>; Fri, 21 Jul 2017 22:27:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1500676052; bh=lUA2scP16IEzvfzxKQI7NfDk2nubg8gGGmLWj609ebg=; h=From:To:Subject:Date:In-Reply-To:References:From; b=DvGLJ4sqrbPS/HUzMwmtcBameDhW2+DpH7ZUAlM6lBpC0NUuhov6PbZn81NWOCbR/ dwDCa3XGbbi6eEk18oaf3nayQVhBzbvHkETMgmH6k9GhMvaiClkSVHQSe95bKC4aqK ttIdkleV3C+nE6qe1uLbtI48HMd2nWdwWWGVJmikdfDjmfbKOjfjToqJRChHkxHa2D h8VFRMbndW3t+LMKkOztiWIAauDCMr+2PA4I50x4cf0xgeiVK4nbKyAlwxKBMtG1/C AZ85gtMwr+ajMHnNLQm7NdI8n7Y27wrTztK+XhZmjxTUM5yeCLLJfPrbn5/xJb0q83 IGFveM/+TzT+u+2Y2Cf0SVF0j4M61uFlg3OPahtpkolu8Qf0K2YUANyTWawAeep2Bu 3T+wSvQe9pkEXI5IwFlOXMVfQx0BHPNqKVt8q10grBm4i4Lqvf7+/BewtR9f4UM4Ix NrcljLDeIXXkM0UR0cVG/xPY7zc81IAbnH2viEw1grStydKE/HS From: "brian m. carlson" <sandals@crustytoothpaste.net> To: openpgp@ietf.org Date: Fri, 21 Jul 2017 22:27:17 +0000 Message-Id: <20170721222718.382455-2-sandals@crustytoothpaste.net> X-Mailer: git-send-email 2.14.0.rc0.284.gd933b75aa4 In-Reply-To: <20170721222718.382455-1-sandals@crustytoothpaste.net> References: <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net> <20170721222718.382455-1-sandals@crustytoothpaste.net> Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/IXq-zdBm3gEtFZpRIW5XGDL0g54> Subject: [openpgp] [PATCH 2/3] Define AEAD mode for SKESK Packets X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe> List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/> List-Post: <mailto:openpgp@ietf.org> List-Help: <mailto:openpgp-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe> X-List-Received-Date: Fri, 21 Jul 2017 22:27:37 -0000 --- middle.mkd | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/middle.mkd b/middle.mkd index 166b575..95ec44d 100644 --- a/middle.mkd +++ b/middle.mkd @@ -1735,10 +1735,9 @@ message to be encrypted to a number of public keys, and also to one or more passphrases. This packet type is new and is not generated by PGP 2.x or PGP 5.0. -The body of this packet consists of: +A version 4 Symmetric-Key Encrypted Session Key packet consists of: - * A one-octet version number. The only currently defined version - is 4. + * A one-octet version number with value 4. * A one-octet number describing the symmetric algorithm used. @@ -1766,6 +1765,28 @@ specifier MUST use a salt value, either a Salted S2K or an Iterated-Salted S2K. The salt value will ensure that the decryption key is not repeated even if the passphrase is reused. +A version 5 Symmetric-Key Encrypted Session Key packet consists of: + + * A one-octet version number with value 5. + + * A one-octet cipher algorithm. + + * A one-octet AEAD algorithm. + + * A string-to-key (S2K) specifier, length as defined above. + + * A starting initialization vector of size specified by the AEAD + algorithm. + + * The encrypted session key itself, which is decrypted with the + string-to-key object using the given cipher and AEAD mode. + + * A final, summary authentication tag for the AEAD mode. + +The encrypted session key is encrypted exactly as an AEAD Encrypted Data +packet with a chunk size octet of 10 would be. This implicit chunk size +octet is included in the normal calculations of additional data. + ## {5.4} One-Pass Signature Packets (Tag 4) The One-Pass Signature packet precedes the signed data and contains -- 2.14.0.rc0.284.gd933b75aa4 From nobody Mon Jul 24 18:02:51 2017 Return-Path: <sandals@crustytoothpaste.net> X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 583FB128A32 for <openpgp@ietfa.amsl.com>; Mon, 24 Jul 2017 18:02:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r9F99ieci-xm for <openpgp@ietfa.amsl.com>; Mon, 24 Jul 2017 18:02:48 -0700 (PDT) Received: from castro.crustytoothpaste.net (castro.crustytoothpaste.net [75.10.60.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4DDB12702E for <openpgp@ietf.org>; Mon, 24 Jul 2017 18:02:48 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 811CC280AD for <openpgp@ietf.org>; Tue, 25 Jul 2017 01:02:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1500944567; bh=GTNTYBsUeNXy/yM2Kn53J0FWm8MRykjuo1s+THG9IHI=; h=Date:From:To:Subject:References:In-Reply-To:From; b=AqR21YlHvHW+IJc9cmZlGFuYyxAWW/jAZxmDyOV1xy/aqIFNN9BBNmP+4O0uV1+Zk WBVXSI0ocGvw4cnsLJvhq9++GhG+ztIrwBCVgS7XWRISJbXH+HWfn5CvLujvMnvFnY UT48ScaEUt61GtrRO3EijCIO/jtBmxzM6hjXHwD1oF4XqZXISNogyKcGKcv4X8HH+U SmUY8CxRAy5U4CS2MTtPLXhg9rOcitpL9pVmbhbCy2zOc7HH0mlZvjk1rgjWaRNONY IBg9Of5b6EKLxITbaGovklVr6/NVD01ksrG0Ri2RRe1QBxmkcUQ8jfSJfKj3sXmpZr 7u74UdXkRnefMgVAlh1FL+Z2S0D8Y88TLLnWpuLrasPuODyQrQmEj9j+hYS1t3zxeg ssLyoY8Y/6om9ZRnvEyAEpOMIa5d0rtbeJ8rJ90iA0KRFou7X4SR67O3P1XHpZCt5T YCbng1851tYRh4OC9QSE/feHlVZHv3TLAr+iIS9zBtXYv3dMWF1 Date: Tue, 25 Jul 2017 01:02:43 +0000 From: "brian m. carlson" <sandals@crustytoothpaste.net> To: openpgp@ietf.org Message-ID: <20170725010243.i2xlfgbbanmjr6g6@genre.crustytoothpaste.net> References: <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net> <20170721222718.382455-1-sandals@crustytoothpaste.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lucwmxb5s77zvgwg" Content-Disposition: inline In-Reply-To: <20170721222718.382455-1-sandals@crustytoothpaste.net> X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.11.0-1-amd64) User-Agent: NeoMutt/20170609 (1.8.3) Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/0Ja0p8IpCqLSb73rLZs3L9MtPN4> Subject: Re: [openpgp] [PATCH 1/3] Add AEAD Encrypted Data Packet with EAX X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe> List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/> List-Post: <mailto:openpgp@ietf.org> List-Help: <mailto:openpgp-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe> X-List-Received-Date: Tue, 25 Jul 2017 01:02:50 -0000 --lucwmxb5s77zvgwg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 21, 2017 at 10:27:16PM +0000, brian m. carlson wrote: > +### {5.14.1} EAX Mode > + > +The only currently defined AEAD algorithm is EAX Mode > +[](#EAX). This algorithm can only use block ciphers with 16-octet > +blocks. The starting initialization vector and authentication tag are > +both 16 octets long. > + I received an inquiry off-list about the limitation on 16-byte block ciphers here. While EAX mode does indeed support 8-byte block ciphers, the authentication tag is limited to 64 bits. Combined with the fact that many implementations will use a large number of chunks for large messages, I felt the risk of forgery was too high. However, should the working group disagree, we can remove this language, or it can be modified to reflect that we require it but the underlying standard does not. --=20 brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 --lucwmxb5s77zvgwg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (GNU/Linux) iQIzBAABCgAdFiEEX8OngXdrJt+H9ww3v1NdgR9S9osFAll2mLMACgkQv1NdgR9S 9os6YQ//TW/jpDbSE4cRizH4wOyESZMrrK+TfMBN6/2ExA0P5bgMDZ+ztuF6/eWs SnpPP3xv+Mnfcz0NEEG9juT6TWf3ZfW22e3Ib/PnVYheFf4pYvP/q0eoj/MwkNNu w3GerSCXj4qbX5JKPjLHai5jiqxl7/k1tWa/ToByTC4bO7SKtmODBLeLeulPGfPU HOPuUKckpOLj8El49x/8YgXJjoiAdwMei8iqjAHeoT25IG+ssiTH0YVkv4Jv1bCY JeUK9dXdWO06eL4wwIgqaPKch9n4O+IsmuAjAc8vwB1mgwRiyfenXaSpZizBur5B fd9zfGaPqZScxiriNQn6yl7kyQYAPqzMksPC9CcYw9cEVjMZZFcj+dluJeLxkgAb E1dxz0gobiAD1kTQHS+f1NtUItyrtQEVCKEBOXxeglNtib0BF13WH8vUl4NzvhML SM0H+53YoGo2TdTM9vt6FnUAI+huV38WGxNYGkLaCHyQQeC+bnZi+1QNNmivK9ft qG+3bEXtv2wD3HHcm217guE5A90H5WTlxlB5+zUztfZrT5hfglJAsA8APFIxC6yo qbT8GIGKuhesUNRcLnjO+CLKq3ZCmywZPsx14o3RxCu/rbPC0mDBxc+nFd3NvowG 5mUW8RGt2FjLgBOrbvwktV0ZbPWMzoRxhVmTp1mXiSaB6hPVxLo= =rM0G -----END PGP SIGNATURE----- --lucwmxb5s77zvgwg-- From nobody Tue Jul 25 12:10:12 2017 Return-Path: <wk@gnupg.org> X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01B40131714 for <openpgp@ietfa.amsl.com>; Tue, 25 Jul 2017 12:10:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opsfGlqhHUg5 for <openpgp@ietfa.amsl.com>; Tue, 25 Jul 2017 12:10:06 -0700 (PDT) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C692131E9D for <openpgp@ietf.org>; Tue, 25 Jul 2017 12:10:05 -0700 (PDT) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1da5DX-0000nP-4n for <openpgp@ietf.org>; Tue, 25 Jul 2017 21:10:03 +0200 Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1da57f-00086E-Fn; Tue, 25 Jul 2017 21:03:59 +0200 From: Werner Koch <wk@gnupg.org> To: "brian m. carlson" <sandals@crustytoothpaste.net> Cc: openpgp@ietf.org References: <20170521234302.gb3qc66zwwchr24j@genre.crustytoothpaste.net> <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net> Organisation: The GnuPG Project X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: url=https://k.gnupg.net/80615870F5BAD690333686D0F2AD85AC1E42B367 Mail-Followup-To: "brian m. carlson" <sandals@crustytoothpaste.net>, openpgp@ietf.org Date: Tue, 25 Jul 2017 21:03:53 +0200 In-Reply-To: <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net> (brian m. carlson's message of "Fri, 21 Jul 2017 22:21:50 +0000") Message-ID: <87inig5ofa.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=munitions_ANZUS_Telex_Lexis-Nexis_eternity_server_Mafia_embassy=crac"; micalg=pgp-sha256; protocol="application/pgp-signature" Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ci5OEKkxYPYHNBxv_iX272LCGxM> Subject: Re: [openpgp] AEAD encrypted data packet with EAX X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe> List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/> List-Post: <mailto:openpgp@ietf.org> List-Help: <mailto:openpgp-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe> X-List-Received-Date: Tue, 25 Jul 2017 19:10:11 -0000 --=munitions_ANZUS_Telex_Lexis-Nexis_eternity_server_Mafia_embassy=crac Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sat, 22 Jul 2017 00:21, sandals@crustytoothpaste.net said: > I've updated my proposal and will be sending out a series of three > patches shortly. As Werner suggested, I've moved the IV requirements to > the mode specification and I've expanded the possible values of the > cipher type octet. Thanks. I pushed your patches so that we can use this as a starting point. I made two changes: - Assigned tag 20 for the AEAD Encrypted data packet - Removed a probably left-over sentence: An implementation MUST support chunk size octets with values from 0 to 56. An implementation MAY support other chunk sizes. Chunk size ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ octets with other values are reserved for future extensions. and also pushed this to indicate the support for AEAD =2D-8<---------------cut here---------------start------------->8--- @@ -1594,6 +1594,9 @@ #### {5.2.3.24} Features =20 0x01 - Modification Detection (packets 18 and 19) =20 + 0x02 - AEAD Encrypted Data Packet (packet 20) and version 5 + Symmetric-Key Encrypted Session Key Packets (packet 3) + If an implementation implements any of the defined features, it SHOULD implement the Features subpacket, too. =2D-8<---------------cut here---------------end--------------->8--- > with AEAD and a secret key packet with AEAD. These packets use a fixed > value of 10 for the chunk size octet (a chunk of 65536 bytes), which I am fine with this. > I welcome comments on this proposal with the goal of trying to get > consensus. Do we have an RFC for EAX Mode? That would make a better reference. I think we should have a more verbose description of the AEAD chunk construction in particular related to the use of the IV/nonce in the chunks. Salam-Shalom, Werner p.s. I uploaded a rendered version to https://dev.gnupg.org/F167170 =2D-=20 Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. --=munitions_ANZUS_Telex_Lexis-Nexis_eternity_server_Mafia_embassy=crac Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTX/8BjtAoilLlm20f/gK6dHew1jQUCWXeWGgAKCRD/gK6dHew1 jT39AQDcatgkEjHgcl4+EWyAwuJ0Zal7ldV3NSi14IxqYi+MdQD9HWJ7rdLbO/zr KotDJ07jba9bWfChPjizrgK5D/DaLwE= =tbrf -----END PGP SIGNATURE----- --=munitions_ANZUS_Telex_Lexis-Nexis_eternity_server_Mafia_embassy=crac--