Re: [openpgp] Need to publish bis-05
"brian m. carlson" <sandals@crustytoothpaste.net> Fri, 27 July 2018 20:01 UTC
Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B57B130DF5 for <openpgp@ietfa.amsl.com>; Fri, 27 Jul 2018 13:01:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bx08de3Rl2KP for <openpgp@ietfa.amsl.com>; Fri, 27 Jul 2018 13:01:10 -0700 (PDT)
Received: from injection.crustytoothpaste.net (injection.crustytoothpaste.net [192.241.140.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6CDE130DD1 for <openpgp@ietf.org>; Fri, 27 Jul 2018 13:01:10 -0700 (PDT)
Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:f1fc:eee3:60de:bdd8]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by injection.crustytoothpaste.net (Postfix) with ESMTPSA id EA6506046C; Fri, 27 Jul 2018 20:00:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crustytoothpaste.net; s=default; t=1532721638; bh=l5f9EYnCThzYm6W6pY3qFNlWGv/vtEZA8v/bcOz5F8M=; h=Date:From:To:Cc:Subject:References:Content-Type: Content-Disposition:In-Reply-To:From:Reply-To:Subject:Date:To:CC: Resent-Date:Resent-From:Resent-To:Resent-Cc:In-Reply-To:References: Content-Type:Content-Disposition; b=PyQTAIMh7RWblpoYKPYqrMXnAn4lrWFx9RnSF+nBUaREz62BUmwJverzyHCk99K98 t1DKrBlnKpvmev+kKLAYq93o2GFRBh80HhCpXx8YQB2tseiZuC6RhP7MjxbiHJctnG TmmRVHSsTjW7cHIn3uS0d/M8uO4Ig+9g2fH2/E9H4fgAT9FkvylHF3jHE53NJI0Ruk bHQ3lMUiA2m/uzXIReJxY2FI9FjThhjLHBc9jClIRPyMjuRGzi4SAhpewkXYr+TDj+ RkiGU1Dh4tvIYcd/MWObemmhuACeCxOqUroUYQJhO/ayYkp82ABLCkPYCWbQ4pv1YK 4u8xeW0PVWAt8YuKtOT1PJg/Y9jql8CBlScahpusCWbyLIlPe2R1Xmq3K1/yrFC6H5 WiNlRz6ONl0ZHtj/RE9W+UuA+MUTzW7S5pReqdrSPpWGKuQwnDt7nxmQI+XLvT9NHp niGFvUBb0lSSd3IUDZ3wHyowEXmXwgCjjD7HE6rrC9rlSmxwcY5
Date: Fri, 27 Jul 2018 20:00:33 +0000
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Marcus Brinkmann <marcus.brinkmann=40ruhr-uni-bochum.de@dmarc.ietf.org>
Cc: openpgp@ietf.org
Message-ID: <20180727200033.GA376343@genre.crustytoothpaste.net>
References: <87va95f5q6.fsf@wheatstone.g10code.de> <8952ea67-4a6e-95ab-67c2-8d61c3dd2a1f@ruhr-uni-bochum.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="BOKacYhQ+x31HxR3"
Content-Disposition: inline
In-Reply-To: <8952ea67-4a6e-95ab-67c2-8d61c3dd2a1f@ruhr-uni-bochum.de>
X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.17.0-1-amd64)
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Scanned-By: MIMEDefang 2.79 on 127.0.1.1
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/-8Y15-lFF6_HRWhr9JA0ns-_WaY>
Subject: Re: [openpgp] Need to publish bis-05
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 20:01:12 -0000
On Thu, Jul 26, 2018 at 11:00:21AM +0200, Marcus Brinkmann wrote:
> The new wording for the AEAD chunk size makes it logically impossible to
> write a conforming implementation that guarantees to never output or
> process unauthenticated plaintext. This is a serious security concern,
> which is addressed by state of the art standards like TLS 1.3, and for
> which there was rough consensus on this list.
>
> Here is the reason that it is impossible for conforming implementations
> to always be secure:
>
> * The draft requires implementations to support chunks up to 4 Exibyte
> ("An implementation MUST support chunk size octets with values from 0 to
> 56").
> * It is impossible to buffer 4 Exbyte on any device or system that is
> not planet-scale.
>
> Thus, any conforming implementation must have a chunk size that must be
> supported for which it can not buffer the whole chunk. For that chunk
> size, the implementation must either abort (resulting in non-conforming
> behaviour) or output unauthenticated data (resulting in non-secure
> behaviour).
>
> This is in stark contrast to the original proposal, which had valid
> chunk sizes between 64 Byte and 64 KiB, all of which can be supported
> securely on a wide range of devices. Multiple people expressed support
> for that approach.
I agree that we should lower this. I happen to think the overhead
involved in 64 KiB chunks isn't that significant, but if that's a
concern, we could raise it to 1 MiB. I'd like to point out, though,
that I suggested a smaller chunk size because that's what TLS has
traditionally done: most TLS implementations don't allow the full 16 MiB
chunk size for DoS reasons.
Even if we do allow large chunk sizes, I expect most implementations
will limit them for security and DoS reasons, in which case we'll end up
with the same effective behavior, but poorer interoperability.
On almost any reasonable system with AES acceleration, encryption
throughput is faster than disk or gigabit network, so I hardly think the
encryption overhead is painful here, even for smaller ARM systems.
--
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204
- [openpgp] Need to publish bis-05 Werner Koch
- Re: [openpgp] Need to publish bis-05 Hanno Böck
- Re: [openpgp] Need to publish bis-05 Werner Koch
- Re: [openpgp] Need to publish bis-05 Marcus Brinkmann
- Re: [openpgp] Need to publish bis-05 brian m. carlson
- Re: [openpgp] Need to publish bis-05 Benjamin Kaduk
- Re: [openpgp] Need to publish bis-05 brian m. carlson
- Re: [openpgp] Need to publish bis-05 Benjamin Kaduk