[openpgp] Re: session key length with SEIPDv2
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 04 October 2024 17:24 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DD48C14EB1E for <openpgp@ietfa.amsl.com>; Fri, 4 Oct 2024 10:24:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.312
X-Spam-Level:
X-Spam-Status: No, score=-1.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="iZy2inaF"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="fWhLY0zM"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q4lXByFZUihJ for <openpgp@ietfa.amsl.com>; Fri, 4 Oct 2024 10:24:34 -0700 (PDT)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FDACC14F60A for <openpgp@ietf.org>; Fri, 4 Oct 2024 10:24:33 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1728062672; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=gHPwWgWafZBkaCYcurYpN7hLGtde381XXuMxM9UeFTk=; b=iZy2inaFHqtLHW0gEh9MzhhH7i5p3PzyralT67BwQo1V9Rp/mq9TDT1sscAsto7mj2eEI 80Qix+3o9c90LjlAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1728062672; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=gHPwWgWafZBkaCYcurYpN7hLGtde381XXuMxM9UeFTk=; b=fWhLY0zM9yHTLuMvRP1FBfXIPabgwZpqO7z4+if+Wg9bL5Bdb2QbJyinwid0qrP2mj1+k hJAhEaMpm4sgOu3XRkkYhqZ+Yg66NAxHNXXprB0GvG6vQ5C3M+COZjZigmicS68WjrgZk93 yKnsBFKZ4DqyKyU2g0tzoMpnsex8xM2vDN3dP+kP7hAzP2976MwqaGKpuudG4FTGLj0twHM 82kU+pXUCk4tAsbXGAxGopTK5kHz5IF/OHALLLEDJO6KumiLl71a3b2DLmSywraX6jogNi/ nd3VeWkJ4zzZtcymbXTVXeoPLjkdEfV5CbSkkGsIweNi2HxU8XZqK6IuJTfQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id A54C5F9B1 for <openpgp@ietf.org>; Fri, 4 Oct 2024 13:24:32 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 4A4B113F688; Fri, 04 Oct 2024 13:12:46 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
In-Reply-To: <HvPoeoRKHGaIbIcV2cwKvnY8uVH6UqJ2PUAlBu1AFmyr6plq6RNUGqQNKZE9RllDHSdDsmuPmTJeP-BX93cALBiNITsIg40HMFPPcy3Z_dQ=@protonmail.com>
References: <93b25cce-e9f7-40a7-881f-b81e3033e7b7@posteo.de> <HvPoeoRKHGaIbIcV2cwKvnY8uVH6UqJ2PUAlBu1AFmyr6plq6RNUGqQNKZE9RllDHSdDsmuPmTJeP-BX93cALBiNITsIg40HMFPPcy3Z_dQ=@protonmail.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HCi QQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/ cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jCsnnp9FdYhaSSUW/vZ8kBAJByWlj A9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20NzRc8ZGtnQGZpZnRoaG9yc2VtYW4ubmV0PsLA EQQTFgoAeQMLCQdHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEu/CS CeyWwC6j4ihJr2u/z6delsF1pvYW3ufgf1L538DFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu3 6RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUlea/cjVwD+ONjdHM74rAa6EEiiqaPjlptiaZx CVqFYXnib6EbZARkBAPnnR8pW8vCBnDXHKu65jNqwF3aH761NaOqqMFfppg8GzjMEZXEJyxYJ KwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOedFliuEiCIUzJsENDCwMUEGBYKAS1HF AAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnwqKWsw56uoWVLIFcs7ZecJ gwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0WHjXNS4FHFAAAAAAAHgAgc2F sdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5M3BLpN0JYjODZpXiEVFu 1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7pSkXCD+jfTSP+CqM58 iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlrAxYhBNR3BAxwwh VqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2Jm/7iUrg/2C5 ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yycAw9CDc44 BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14DgMBC AfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazAWX tEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wU CZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQss x1n5kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
Date: Fri, 04 Oct 2024 13:12:45 -0400
Message-ID: <87o73z7pwy.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Message-ID-Hash: RT5SXKIB2VPL7OBBKF3ZH2AGX6QGGJQ3
X-Message-ID-Hash: RT5SXKIB2VPL7OBBKF3ZH2AGX6QGGJQ3
X-MailFrom: dkg@fifthhorseman.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [openpgp] Re: session key length with SEIPDv2
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/90sfPynqOskB1kTslUeK7lmcTZA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
Thanks Heiko for raising this, and thanks Daniel for commenting on it. I agree it is a disappointing oversight that we didn't explicitly specify the length of the session key for SEIPD v2. I also think that no one implementing this is likely to just pick an arbitrary size. On Mon 2024-09-23 23:14:24 +0000, Daniel Huigens wrote: > If others (e.g. the chairs) agree that we should file an erratum for this, > I would tend to keep it simple and just say in Section 5.1 and 5.3 that: > > The length of the session key MUST be the key size of the > symmetric algorithm used in the encryption container. Sure, this covers the producer guidance neatly. But I don't think the consumer guidance is trivially inferrable from the above statement. Should it fail to decrypt if it doesn't match? What if it's *larger* than the key size of the symmetric algorithm? what if it's half the size? This might be resolvable with another single sentence (i'd love to hear proposals), but leaving consumer guidance implicit seems like it is the core of the original omission. If we're going to fix this (and i think we should), we should fix it fully. I don't know whether such a normative fix is doable in errata, or whether we need some additional machinery. --dkg
- [openpgp] session key length with SEIPDv2 Heiko Schäfer
- [openpgp] Re: session key length with SEIPDv2 Daniel Huigens
- [openpgp] Re: session key length with SEIPDv2 Daniel Kahn Gillmor
- [openpgp] Re: session key length with SEIPDv2 Daniel Huigens
- [openpgp] Re: session key length with SEIPDv2 Daniel Kahn Gillmor
- [openpgp] Re: session key length with SEIPDv2 Falko Strenzke
- [openpgp] Re: session key length with SEIPDv2 Daniel Kahn Gillmor
- [openpgp] Re: session key length with SEIPDv2 Falko Strenzke
- [openpgp] Re: session key length with SEIPDv2 Justus Winter
- [openpgp] Re: session key length with SEIPDv2 Daniel Kahn Gillmor
- [openpgp] Re: session key length with SEIPDv2 Daniel Kahn Gillmor