next AE cipher COLM?

Uri Blumenthal uri at
Thu May 17 16:52:37 CEST 2018

Yes I prefer GCM or OCB - both well-studied.

There's an updated RFC draft on OCB. I haven't seen yet an RFC defining how to use OCB in CMS - but technically it would be no different from GCM (just need to figure what OID to assign to it ;-).

Sent from my test iPhone

> On May 17, 2018, at 10:48, Andrew Gallagher <andrewg at> wrote:
>> On 17/05/18 14:42, Bernhard Reiter wrote:
>> Would it make sense to consider
>> COLM for being the next authenticated encryption algorithm?
> Given the shortage of manpower in the OpenPGP community, is it not more
> advisable to stick to algorithms with a few miles on the clock, such as
> GCM, even if they may not be strictly ideal? There will never be an
> ideal encryption algorithm after all, just ones with known problems and
> ones with unknown problems... ;-)
> -- 
> Andrew Gallagher
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at

More information about the Gnupg-devel mailing list