[Openpgp-dt] Design Team Meeting minutes 2021-08-20
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 20 August 2021 17:04 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp-dt@ietfa.amsl.com
Delivered-To: openpgp-dt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60D1A3A1654 for <openpgp-dt@ietfa.amsl.com>; Fri, 20 Aug 2021 10:04:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.306
X-Spam-Level:
X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=aZpo9cdF; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=LDA5i5YC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id naIAVYQ3fgDx for <openpgp-dt@ietfa.amsl.com>; Fri, 20 Aug 2021 10:04:49 -0700 (PDT)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 975633A164F for <openpgp-dt@ietf.org>; Fri, 20 Aug 2021 10:04:49 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1629479087; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=Gf5AYmOY8Lb2alXq9uYOJkixbaqUPy8V3cOZSqhcQRU=; b=aZpo9cdFEODPuGRGsn8AxvNrgNQ6g7GfFzErXOY6CKrDEisOfoTZ2Te0dtk8TIPq1XxGQ kffRLO96q/ueuO/CA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1629479087; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=Gf5AYmOY8Lb2alXq9uYOJkixbaqUPy8V3cOZSqhcQRU=; b=LDA5i5YCSZ1K83ntepnjYCf+F2XoCYHOzv6EprXVoOGjdBYOGhnohq7EDY2SSK82qe/fz ZQhkcpKmpJcQPWGMiwVPMqhWDrRPf3xU+JoHMSLhfhuZ3vwlMm3XczcA7bm42ZLE1hf1hqL PTJE+S0loAN7ls20bsnq3TZnjPUUNKQsjWIWEwiTXOkhN4xxbRWnLMuUkdXl+tOGO1XM3aK 75DhKzGBNC8zCOmjJVO+0fszxUPr3/n9cBneHjl+AbYtcmZ7zYNB82itS6cDo/mnF4gF9H9 jMlNHE0QpllLIk/OXH3H2bP5tY/okX1/bEhgdWfkRailxqWOWYw2VVPBqeMg==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 65E80F9A5 for <openpgp-dt@ietf.org>; Fri, 20 Aug 2021 13:04:47 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 53F08203AB; Fri, 20 Aug 2021 13:04:43 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp-dt@ietf.org
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Fri, 20 Aug 2021 13:04:41 -0400
Message-ID: <878s0wm4ie.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp-dt/UFQCaxFlW4ga_KnDiGSJVsEYTW0>
Subject: [Openpgp-dt] Design Team Meeting minutes 2021-08-20
X-BeenThere: openpgp-dt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OpenPGP working group design team <openpgp-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp-dt>, <mailto:openpgp-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp-dt/>
List-Post: <mailto:openpgp-dt@ietf.org>
List-Help: <mailto:openpgp-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp-dt>, <mailto:openpgp-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Aug 2021 17:04:56 -0000
# Notes from OpenPGP Design Team Meeting 2021-08-20
Attending:
* dkg (taking notes)
* jeffrey lau
* daniel huigens
* paul wouters
* justus winter
!56 discussion rises again: chunk sizes for AEAD
The group on the call agrees with Werner's framing in MR 56, but
changing the final SHOULD NOT to a MUST NOT, in line with what Werner
proposed in the previous call. Paul will make a commit with that
change.
Given that decision, a final discussion remains about how
implementations should *process* an AEAD packet with a chunk size
octet > 16:
Options identified:
* chunk sizes > 16 are explicitly Reserved
* explicitly say MUST NOT process
* say nothing
* explicitly say SHOULD NOT process
* explicitly say MAY process
On the call, there was a rough consensus around either MUST NOT or
Reserved, with Paul being willing to stand aside.
Huigens pointed out that values above 56 are reserved right now. if we
change the leading text, that reservation might apply to things above 16
instead. So if the updated text implies that above 16 is reserved, we
may not need any other changes. That is, "say nothing" has the same
effect as "explicitly Reserved". If the revised text leaves it that
way, we may prefer the "say nothing" approach.
Concerns raised about permitting processing of larger chunk sizes:
* chunk size is attacker-controlled value that might implicate memory
allocation -- it is very difficult to reason about memory allocation
from the application's point of view (justus)
* combinatorial explosion between different parameters that need
testing (justus)
* implementations faced with chunk sizes larger than they can process
are pressured to release unauthenticated data (before they've
validated the authentication tag) (huigens)
* having more chunks in a ciphertext means you can parallelize the
processing better (huigens)
Concerns about limiting processing of larger chunk sizes (from Paul):
* making decisions based on future hardware assumptions without strong
need to place limit currently might negatively impact future
interoperability
* with IPSec, everything has to go through one CPU, because no one
thought about that as an issue -- we don't know what we'll encounter
in the future, better in general to leave more flexibility and less
constraint.
ways to fix problems that we run into in the future if we decide we want
to encourage production of larger chunk sizes:
* new AEAD version number (justus)
* come up with a new packet entirely (justus)
* signalling mechanism for support from readers (dkg)
# Next Week
Huigens wants to talk about curve448:
* format/structure: same as 25519 vs distinct
* please review MR 61 before next week as preparation
Justus wants to talk about v5 key format
* please review issue 43 as prep
- [Openpgp-dt] Design Team Meeting minutes 2021-08-… Daniel Kahn Gillmor