From nobody Wed Nov 1 07:36:38 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF4BE13FC37 for ; Wed, 1 Nov 2017 07:36:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.989 X-Spam-Level: X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TxB-SFBZzvsy for ; Wed, 1 Nov 2017 07:36:34 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0420C13FC55 for ; Wed, 1 Nov 2017 07:36:34 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 99418E2065; Wed, 1 Nov 2017 10:36:02 -0400 (EDT) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 28258-09; Wed, 1 Nov 2017 10:36:00 -0400 (EDT) Received: from securerf.ihtfp.org (unknown [IPv6:fe80::530:248d:f760:bb62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 1BE65E2038; Wed, 1 Nov 2017 10:36:00 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1509546960; bh=LVsjDEi+AAgH8KRUKhi9eStMQZqIUWXpKHpgzCvlXW0=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=JrQFOCMqXYCNVCTlc/0qmrJe70vwcvM9WtOHcNLRBPwNj8GB9/9RBkwmHh3B9gwZq LfDACWAbPs3WYM85oam7I7M4whs68xkS0JNnFUgX+MZDGlJE648JkcLh3sJIhpjlGs FFhrjRLyHEeNr0RSgVui4PMdGpIeEGFBe3WgurA0= Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.15.2/Submit) id vA1EZxm5024807; Wed, 1 Nov 2017 10:35:59 -0400 From: Derek Atkins To: "brian m. carlson" Cc: Ronald Tse , "openpgp\@ietf.org" References: <1508981649515.71466@cs.auckland.ac.nz> <07C9EFDF-C8C2-4433-A9F9-DC3D7AFD5499@ribose.com> <6AC83857-62D9-45DF-9DAE-928CF0E45A96@nohats.ca> <87she556tv.fsf@wheatstone.g10code.de> <1509093954061.51049@cs.auckland.ac.nz> <36023233-856C-4A6D-BAF9-28037B4DA0F7@ribose.com> <20171028003345.6y5igwx5cuxfxlkm@genre.crustytoothpaste.net> <87o9onz5ig.fsf@wheatstone.g10code.de> <20171101002627.re4cgtirwoijyg53@genre.crustytoothpaste.net> Date: Wed, 01 Nov 2017 10:35:59 -0400 In-Reply-To: <20171101002627.re4cgtirwoijyg53@genre.crustytoothpaste.net> (brian m. carlson's message of "Wed, 1 Nov 2017 00:26:28 +0000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Nov 2017 14:36:37 -0000 "brian m. carlson" writes: > On Tue, Oct 31, 2017 at 04:44:23PM +0100, Werner Koch wrote: >> > I remain wholly opposed to including OCB in the OpenPGP specification, >> >> Do you prefer that we put a "2 - reserved for OCB" into the specs and >> have an I-D to specify the oue of OCB in OpenPGP? This would make the >> life for implementors and auditors harder. > > Yes, I would much prefer that we let OCB happen in a separate draft. > Then all the patent problems occur in a separate specification that > doesn't affect the core OpenPGP. I don't think you understand the relationship between the specification and IP. Specifically, whether OCB is in the main spec or a secondard spec does not affect any IP/patent "problems". Put another way, IP/patent "problems" occur for anyone who wants to implement OCB, regardless of where it is specified. However having it in the main draft makes it easier to implement and audit, as Werner suggested. The more places you have to reference, the more likely you'll make a mistake. Note that just because OCB is in the spec does not mean you must implement it -- it's not going in as a MUST. If you don't implement it, then there is no IP/patent worry on your part. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Wed Nov 1 17:00:59 2017 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EB4C13F816 for ; Wed, 1 Nov 2017 17:00:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6FQc_0luPEpD for ; Wed, 1 Nov 2017 17:00:54 -0700 (PDT) Received: from injection.crustytoothpaste.net (injection.crustytoothpaste.net [192.241.140.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CA7013942C for ; Wed, 1 Nov 2017 17:00:54 -0700 (PDT) Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by injection.crustytoothpaste.net (Postfix) with ESMTPSA id 0094560475; Thu, 2 Nov 2017 00:00:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crustytoothpaste.net; s=default; t=1509580821; bh=CttYPMXYsBnfnYGp9sY6likILZetH2erKagUQD6HxxM=; h=Date:From:To:Cc:Subject:References:Content-Type: Content-Disposition:In-Reply-To:From:Reply-To:Subject:Date:To:CC: Resent-Date:Resent-From:Resent-To:Resent-Cc:In-Reply-To:References: Content-Type:Content-Disposition; b=D4L3ch3OVJ3YVtY8mD/BjOA8/URLE2r7JwtFDCmx0QfZuSU/pH7Qv5sji+IKNDPp3 bcgScU29d3jDbRtxYPjpzK8CeIZlrU/UvhGkZ5bYg+18eeJLyaWzjoZ2F/lsxHBl8l aXTw27n2WgYL7joC1Y77ekiOjBROv/E7+RQNkqMn3hiTwpTblpgIlLFduNV77zZzlC ++P1oXL/xhH1fL8CFHA9SVKtmJYDp0wjgs4A2pTZNNuX1ofu059AVi0eJtM9B8Wc7g RwaXIngZWlDE3TCUJ7qiMyILQwEY/37m6j4drf3wjzoZx5R2+3Cp9NBTPG2fR8aaOI aklsr/e7QpcAIe6bOVFSqzK1zCUvsSWeFDAmzUKB3gtiiSgJZ3LjgrgfK7viP5zhwj E8+QI7BgvjBx+jxItGcc3PsrSrsInPc8irCpr537g/AAc2/Cm9XsYj/3AhR4+Vqvjh HZpyweniuwxfsuiKRBqB7MNME0YCiSr8cS7YXR7LNbdvRi1Ia2A Date: Thu, 2 Nov 2017 00:00:16 +0000 From: "brian m. carlson" To: Derek Atkins Cc: Ronald Tse , "openpgp@ietf.org" Message-ID: <20171102000015.ui5welxfxxzuhecz@genre.crustytoothpaste.net> References: <1508981649515.71466@cs.auckland.ac.nz> <07C9EFDF-C8C2-4433-A9F9-DC3D7AFD5499@ribose.com> <6AC83857-62D9-45DF-9DAE-928CF0E45A96@nohats.ca> <87she556tv.fsf@wheatstone.g10code.de> <1509093954061.51049@cs.auckland.ac.nz> <36023233-856C-4A6D-BAF9-28037B4DA0F7@ribose.com> <20171028003345.6y5igwx5cuxfxlkm@genre.crustytoothpaste.net> <87o9onz5ig.fsf@wheatstone.g10code.de> <20171101002627.re4cgtirwoijyg53@genre.crustytoothpaste.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xwiu3tcbhytecxll" Content-Disposition: inline In-Reply-To: X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.13.0-1-amd64) User-Agent: NeoMutt/20170609 (1.8.3) X-Scanned-By: MIMEDefang 2.79 on 127.0.1.1 Archived-At: Subject: Re: [openpgp] Proposal to include AEAD OCB mode to 4880bis X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Nov 2017 00:00:57 -0000 --xwiu3tcbhytecxll Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 01, 2017 at 10:35:59AM -0400, Derek Atkins wrote: > "brian m. carlson" writes: > > Yes, I would much prefer that we let OCB happen in a separate draft. > > Then all the patent problems occur in a separate specification that > > doesn't affect the core OpenPGP. >=20 > I don't think you understand the relationship between the specification > and IP. Specifically, whether OCB is in the main spec or a secondard > spec does not affect any IP/patent "problems". Put another way, > IP/patent "problems" occur for anyone who wants to implement OCB, > regardless of where it is specified. However having it in the main > draft makes it easier to implement and audit, as Werner suggested. The > more places you have to reference, the more likely you'll make a > mistake. No, I completely understand it. I strongly feel that OCB doesn't belong in the main draft so we have a simple, complete, unencumbered spec. Then it's very easy to avoid all the uncertainty (and there is a lot) on OCB by simply not implementing the additional spec. People can implement the entire main RFC without having to even think about patents, and that's valuable. Otherwise, people have to end up explaining that yes, we implement the spec, but no, we don't implement the patented parts, and that the spec is implementable without the patented parts, and so on and so forth. I anticipate that this is a conversation that numerous people, not just me, are going to have with company lawyers. I strongly believe that our spec should be unencumbered. I am still strongly opposed to OCB because it's patented, but if it lives in a separate spec, it's easy enough to just say, "Don't implement that RFC." --=20 brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 --xwiu3tcbhytecxll Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.2.1 (GNU/Linux) iQIzBAABCgAdFiEEX8OngXdrJt+H9ww3v1NdgR9S9osFAln6YA8ACgkQv1NdgR9S 9ovQrBAAiZ/boOTvJrjGfI2Eq6k/j7qFUfa6WvO++wSLgYNmLw6vk/G4B8+dS8Pt Xe6ifu8wbjTseXla5GNiICTqiC3YoluRWtyPAu9y3XNq6iNlLDUjIJPRXsVg2Bea Dvp8q4OQnMeUHe43eFohxjZcACeTob1Ls5PSpvJwEiq7l1Pkt1dBkpFyK+OrJTF8 biG5MYi2OqNX7aJGmKcFWQdi5R0OOGgTNr8H3x1YUIhlEcImMVAGLgRG7t6JI/1X cWyulmlIu58TElnp6wh2AqQCr6rAe89yNh1BF0TvbTpCKuJOP9/ax1FC9iywCCbI z/rN8cMoccF7zLaHAuKsS8KQeuvKQjOQRql/IYpX75Jny9Bc0S6hAlBApIwhSPut HmDfZKXJYfq7HGdDyU912HuWRF5xgZusGiM3ciKpi5MICQzG/N6ScAQ4Kl3kIuKA m2hMbHNCc92AScaU3TQPlGIDj9MagwKZDezHH+tMHVBj9LlwvUeTfVJx1uEUQ7OI 91xSnXA91+FpzpzU5Z7BLgeRErD8lK/5dilAex/8PyPTNWoV6Uok5GeK8OnGGjvL TDcYmRcvP57x9+5w0IciJLvXiv9eg94IUvuyhBQFc/yy5I+3JYgdwKz9NaKtKTO0 XsIyKPGkGVm9O/BqeTTKWTFGsR53YJ6tKGMtw1AcVHwBylyt0j4= =PMFI -----END PGP SIGNATURE----- --xwiu3tcbhytecxll-- From nobody Sat Nov 11 18:28:04 2017 Return-Path: X-Original-To: openpgp@ietf.org Delivered-To: openpgp@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D75B1124BFA; Sat, 11 Nov 2017 18:27:55 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IESG Secretary To: "IETF Announcement List" Cc: barryleiba@computer.org, dkg@fifthhorseman.net, openpgp@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.65.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: ietf@ietf.org Message-ID: <151045367583.30902.9991656904942203431.idtracker@ietfa.amsl.com> Date: Sat, 11 Nov 2017 18:27:55 -0800 Archived-At: Subject: [openpgp] WG Action: Conclusion of Open Specification for Pretty Good Privacy (openpgp) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.22 List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 02:27:56 -0000 The Open Specification for Pretty Good Privacy (openpgp) WG in the Security Area has concluded. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. The Chairs and the AD have concluded that there is not sufficient interest to successfully complete the work of the working group. The mailing list will remain open.