Beyond Curve25519

Robert J. Hansen rjh at
Sun Jan 18 23:38:26 CET 2015

> (Phil Rogaway has offered to make OCB mode freely usable for TLS, if
> he would allow it for PGP as well that would kill two birds with one
> stone since we could get rid of the MDC hack as well).

I don't see the problem.  Historically, the spec has supported software
patents by including such as MAY/SHOULD: see, e.g., RSA in RFC2440.

OCB is free for FOSS use, so it's no trouble for our community.  What's
the problem with keeping the current CFB/MDC setup as a MUST, add OCB as
a MAY, and add a flag to prefs showing whether you're capable of
handling OCB traffic?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20150118/040fa08e/attachment.bin>

More information about the Gnupg-devel mailing list