[Cryptography] [openpgp] OpenPGP SEIP downgrade attack
Watson Ladd
watsonbladd at gmail.com
Thu Oct 8 12:23:52 EDT 2015
On Oct 8, 2015 12:21 PM, "Werner Koch" <wk at gnupg.org> wrote:
>
> On Thu, 8 Oct 2015 16:59, pgut001 at cs.auckland.ac.nz said:
>
> > (It's also not clear whether someone encrypting a 10k email message
with PGP
> > is going to notice it being processed at 100MB/s or 150MB/s).
>
> I heard of backups somewhat larger than that. For mail it is anyway not a
> problem - you sign and encrypt and you are done. Not even a need for an
> MDC.
Does this provide the right agreement semantics for both sender and
recipient? It certainly doesn't solve the security issues with CFB mode.
>
> > (I actually really like OCB and don't like GCM much, but the patent
situation
> > makes it pretty problematic).
>
> Well, for the majority of uses cases there is a gratis license grant
> from Phil Rogaway for his patents.
> Further daft-zauner-tls-aes-ocb-03.txt states:
>
> 6. Intellectual Propery Rights Issues
>
> Historically OCB Mode has seen difficulty with deployment and
> standardization because of pending patents and intellectual rights
> claims on OCB itself. In preparation of this document all interested
> parties have declared they will issue IPR statements exempting use of
> OCB Mode in TLS from these claims. Specifically - OCB Mode as
> described in this document for use in TLS - is based, and strongly
> influenced, by earlier work from Charanjit Jutla on [IAPM].
>
> At IETF-93 this case was mentioned and it was suggested to ask for a
> similar licenses exception [1,2] if we consider to use OCB for OpenPGP.
>
>
> Salam-Shalom,
>
> Werner
>
>
> [1] https://datatracker.ietf.org/ipr/2647/
> [1] https://datatracker.ietf.org/ipr/2640/
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
> _______________________________________________
> openpgp mailing list
> openpgp at ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151008/386078da/attachment.html>
More information about the cryptography
mailing list