Paul,
On Mon, October 30, 2017 3:22 pm, Paul Wouters wrote:
It was an example of how some people having IDEA and other not having it
causes interop issues to the point that I need to manually hack my
implementation to talk to those people.
Yes, and IMHO, IDEA should get added back in. In this day and age there
is zero reason to prohibit it.
That's something you want to
avoid more then giving people a list of 6 sexy algorithms to choose
from.
Note that it's not "PEOPLE" who are choosing them, per se. It's the
implementers, who one would think would have a better idea of what to
implement and why.
But the real point is that there are so few methods that people want to
support *IN THE PROTOCOL* that there is little reason, IMNSHO, to
prevent
them from doing so in a standard way.
I don't understand that sentence.
Okay, let me try again.
How many public key methods are there? Not many.
How many ciphers are there? Again, not many.
Similarly, how many AEAD methods are there? Again... not many.
Even moreso, there are even fewer methods people are proposing to include
in the OpenPGP protocol than the limited number of methods that are out
there.
There are SO FEW methods that, indeed, if even one implementer wants to do
it in a standard way we should let them.
Maybe that implementer is doing something privately, but still wants to do
it in a standard way. We should let them.
Maybe they feel that it'll be years before someone else is interested, but
they want to ensure their code written today will work down the road. We
should let them.
In other words, we should be accepting in relinquishing protocol numbers.
Remember, just because the protocol supports a method does not mean
implementations will.
If you add things to the protocol that the vast majority will not
implement, you have lost already and that added thing becomes useless.
You've clearly never worked on (or in) a private enclave. The IETF should
not be in the position to say that private enclaves MAY NOT exist. But
you seem to be implying that by your stance.
Maybe the implementer who wants to add OCB doesn't care if your
implementation can read it, because your implementation is very unlikely
to ever see an OCB message. Why do you want to say that they may not do
that (which is what you're saying by implying that your implementation
must support every feature and that the protocol may not support features
that your implementation does not support).
But if the protocol does NOT support some methods
it might prevent some users from using the protocol.
Which is a good thing?
No. It's not. We should encourage people to use OpenPGP. It's a great
protocol, and anything we do that prohibits adoption is a bad thing.
Do you think most users can make a meaningful
decision about which algorithms to trust or not and for how long?
That's irrelevant to this discussion.
The reason for a lot variance with TLS or IKE/IPsec with protocols is
that performance does matter. For openpgp, performance hardly matters.
You're not doing 1Gbps or running on an IoT device with 32kb RAM or
require less then 25ms latency.
I'm afraid you're wrong here. I *AM* running OpenPGP on an IoT device,
and in fact that IoT device has less than 32kB RAM. (I'm assuming you
meant 32kB, and not 32kb == 4KB, which is exactly how much RAM my device
has).
I'm running OpenPGP specifically because the data formats are smaller and
easier to generate/parse than X.509, so I *CAN* actually run it in an IoT
device. Of course I'm extremely limited in what methods I support, but I
happen to control both ends of the communication so I can work in an
enclave and control the implementation.
This is exactly why we should be open in what we accept. In my case, I
don't care if your implementation does not support my methods, but I want
to ensure that I can implement my methods in a standard way such that it
wont interfere with you (and you wont interfere with me). Moreso, in a
few years, my messages might escape my enclave, which is yet another
reason I'd like to do it in a standard way.
(And yes, I've moved well beyond OCB in this discussion).
Paul
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp