Beyond Curve25519

lists-gnupgdev at lists-gnupgdev at
Tue Jan 20 00:15:33 CET 2015

Am Mon, 19 Jan 2015 11:02:07 +0100
schrieb Werner Koch <wk at>:

> On Sun, 18 Jan 2015 23:38, rjh at said:
> > OCB is free for FOSS use, so it's no trouble for our community.
> > What's the problem with keeping the current CFB/MDC setup as a
> > MUST, add OCB as a MAY, and add a flag to prefs showing whether
> > you're capable of handling OCB traffic?
> That works for the meantime and is how we need to implement it anyway.
> But at some point we need to stop creating old data and the IETF may
> not like to make a semi-patented algorithm a MUST.  On the other hand
> migration to a new format will anyway take years and the known patents
> may have expired by then.

It would be good if we had an authenticated encryption which worked on
segments so we can actually release only authenticated data to

And while we are there, everybody seems to be happy with GCM or
CTR+HMAC modes. They might not be the most efficient, but does that
really matter for the symmetric encryption? At least it is not the next
license and patent drama (those we all love in PGP land).


More information about the Gnupg-devel mailing list