Hi, On Sun, Apr 11, 2021 at 10:07:08PM +0200, karel-v_g--- via Gnupg-users wrote:
Another question: why donˋt you use GCM as a possible mode for AEAD?
This kind of questions should rather go to the IETF OpenPGP mailing list [1], where the OpenPGP format iself (not its implementations) is discussed.
The option of using GCM in particular *has* been discussed, but there was no consensus for it. If anything, there was almost a consensus *against* GCM [2,3].
It seems to be the most common nowadays
My understanding (from following the discussion in the WG at the time) was that people have been using GCM mostly because they could not or did not want to use OCB. Now that OCB is no longer encumbered by patents, there may not be an interest in GCM anymore.
- Damien [1] https://www.ietf.org/mailman/listinfo/openpgp[2] https://mailarchive.ietf.org/arch/msg/openpgp/V4ND7Dcx8MG6oNnYbUntaX8cbzM/ [3] https://mailarchive.ietf.org/arch/msg/openpgp/fsxXaDD3SkZuktQ7yl22jHioDKw/
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
