EFail mitigations for S/MIME

Werner Koch wk at gnupg.org
Thu May 17 10:20:33 CEST 2018

On Thu, 17 May 2018 02:40, rjh at sixdemonbag.org said:
> Tell it to the Working Group, please.  We don't get to write the RFC by
> ourselves.

No need to tell it the working group.  AuthEnvelopedData is specified
since 2007 along with at least 3 other RFCs with the detailed
specification of the algorithm:

  - RFC-5083 specifies the new content type
  - RFC-5084 specifies its use with AES-CCM and AES-GCM
  - RFC-6476 specifies its use with a MAC
  - RFC-8103 specifies its use with ChaCha20-Poly1305 

Because CMS has no reliable working preference system, the real
challenge is to get all major nendors to agree on one or two algorithms
and and implement them.  Due to the brittleness of all counter modes I
would go with a MAC.

Uri: Do you know an RFC specifying the use with OCB?



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180517/9af3da40/attachment.sig>

More information about the Gnupg-devel mailing list