Re: [openpgp] [PATCH 1/3] Add AEAD Encrypted Data Packet with EAX

"brian m. carlson" <sandals@crustytoothpaste.net> Tue, 25 July 2017 01:02 UTC

Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 583FB128A32 for <openpgp@ietfa.amsl.com>; Mon, 24 Jul 2017 18:02:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r9F99ieci-xm for <openpgp@ietfa.amsl.com>; Mon, 24 Jul 2017 18:02:48 -0700 (PDT)
Received: from castro.crustytoothpaste.net (castro.crustytoothpaste.net [75.10.60.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4DDB12702E for <openpgp@ietf.org>; Mon, 24 Jul 2017 18:02:48 -0700 (PDT)
Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:254c:7dd1:74c7:cde0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by castro.crustytoothpaste.net (Postfix) with ESMTPSA id 811CC280AD for <openpgp@ietf.org>; Tue, 25 Jul 2017 01:02:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=crustytoothpaste.net; s=default; t=1500944567; bh=GTNTYBsUeNXy/yM2Kn53J0FWm8MRykjuo1s+THG9IHI=; h=Date:From:To:Subject:References:In-Reply-To:From; b=AqR21YlHvHW+IJc9cmZlGFuYyxAWW/jAZxmDyOV1xy/aqIFNN9BBNmP+4O0uV1+Zk WBVXSI0ocGvw4cnsLJvhq9++GhG+ztIrwBCVgS7XWRISJbXH+HWfn5CvLujvMnvFnY UT48ScaEUt61GtrRO3EijCIO/jtBmxzM6hjXHwD1oF4XqZXISNogyKcGKcv4X8HH+U SmUY8CxRAy5U4CS2MTtPLXhg9rOcitpL9pVmbhbCy2zOc7HH0mlZvjk1rgjWaRNONY IBg9Of5b6EKLxITbaGovklVr6/NVD01ksrG0Ri2RRe1QBxmkcUQ8jfSJfKj3sXmpZr 7u74UdXkRnefMgVAlh1FL+Z2S0D8Y88TLLnWpuLrasPuODyQrQmEj9j+hYS1t3zxeg ssLyoY8Y/6om9ZRnvEyAEpOMIa5d0rtbeJ8rJ90iA0KRFou7X4SR67O3P1XHpZCt5T YCbng1851tYRh4OC9QSE/feHlVZHv3TLAr+iIS9zBtXYv3dMWF1
Date: Tue, 25 Jul 2017 01:02:43 +0000
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: openpgp@ietf.org
Message-ID: <20170725010243.i2xlfgbbanmjr6g6@genre.crustytoothpaste.net>
References: <20170721222149.po4xohnzzdhlegcb@genre.crustytoothpaste.net> <20170721222718.382455-1-sandals@crustytoothpaste.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lucwmxb5s77zvgwg"
Content-Disposition: inline
In-Reply-To: <20170721222718.382455-1-sandals@crustytoothpaste.net>
X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.11.0-1-amd64)
User-Agent: NeoMutt/20170609 (1.8.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/0Ja0p8IpCqLSb73rLZs3L9MtPN4>
Subject: Re: [openpgp] [PATCH 1/3] Add AEAD Encrypted Data Packet with EAX
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2017 01:02:50 -0000

On Fri, Jul 21, 2017 at 10:27:16PM +0000, brian m. carlson wrote:
> +### {5.14.1} EAX Mode
> +
> +The only currently defined AEAD algorithm is EAX Mode
> +[](#EAX).  This algorithm can only use block ciphers with 16-octet
> +blocks.  The starting initialization vector and authentication tag are
> +both 16 octets long.
> +

I received an inquiry off-list about the limitation on 16-byte block
ciphers here.  While EAX mode does indeed support 8-byte block ciphers,
the authentication tag is limited to 64 bits.  Combined with the fact
that many implementations will use a large number of chunks for large
messages, I felt the risk of forgery was too high.

However, should the working group disagree, we can remove this language,
or it can be modified to reflect that we require it but the underlying
standard does not.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204