Mailing List Archive

GnuPG 2.3.0: AEAD - no GCM-Mode?
Hello!
Another question: why don?t you use GCM as a possible mode for AEAD? It seems to be the most common nowadays and was also implemented in S/MIME v4 to overcome efail.Cheers
Karel

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.3.0: AEAD - no GCM-Mode? [ In reply to ]
Hi,

On Sun, Apr 11, 2021 at 10:07:08PM +0200, karel-v_g--- via Gnupg-users wrote:
>Another question: why don?t you use GCM as a possible mode for AEAD?

This kind of questions should rather go to the IETF OpenPGP mailing list
[1], where the OpenPGP format iself (not its implementations) is
discussed.

The option of using GCM in particular *has* been discussed, but there
was no consensus for it. If anything, there was almost a consensus
*against* GCM [2,3].


>It seems to be the most common nowadays

My understanding (from following the discussion in the WG at the time)
was that people have been using GCM mostly because they could not or did
not want to use OCB. Now that OCB is no longer encumbered by patents,
there may not be an interest in GCM anymore.

- Damien


[1] https://www.ietf.org/mailman/listinfo/openpgp
[2]
https://mailarchive.ietf.org/arch/msg/openpgp/V4ND7Dcx8MG6oNnYbUntaX8cbzM/
[3]
https://mailarchive.ietf.org/arch/msg/openpgp/fsxXaDD3SkZuktQ7yl22jHioDKw/