Re: [openpgp] Need to publish bis-05
"brian m. carlson" <sandals@crustytoothpaste.net> Fri, 27 July 2018 20:37 UTC
Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E25C0130E10 for <openpgp@ietfa.amsl.com>; Fri, 27 Jul 2018 13:37:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fAYTnv0nv92K for <openpgp@ietfa.amsl.com>; Fri, 27 Jul 2018 13:37:09 -0700 (PDT)
Received: from injection.crustytoothpaste.net (injection.crustytoothpaste.net [192.241.140.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21EE8129385 for <openpgp@ietf.org>; Fri, 27 Jul 2018 13:37:09 -0700 (PDT)
Received: from genre.crustytoothpaste.net (unknown [IPv6:2001:470:b978:101:f1fc:eee3:60de:bdd8]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by injection.crustytoothpaste.net (Postfix) with ESMTPSA id 71CDB6046C for <openpgp@ietf.org>; Fri, 27 Jul 2018 20:37:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crustytoothpaste.net; s=default; t=1532723827; bh=xDBjxz8NuJtbrPQuH7xhKhW/R/GJIGRHHrH0jN+TB5w=; h=Date:From:To:Subject:References:Content-Type:Content-Disposition: In-Reply-To:From:Reply-To:Subject:Date:To:CC:Resent-Date: Resent-From:Resent-To:Resent-Cc:In-Reply-To:References: Content-Type:Content-Disposition; b=lvJB9XLCRQv0YOoNYTC/XsXWKHZzLsBunTT3p4iE57yWCRCjuvzJ3F8PfH2j7gXJ6 pn/e6zjgDtOLrkBuRPHTJAXQ13MaFm2g2PSDZG4bqS+XB2Uy+S60r3j6PJA2sd3+Uj wWU5N123E7fT8RZnVxzzYSc3g6oczByJTEgk0x9Gl+WRRhDyReQesAEgDSTLa4tPMk ZKl4FCTtNbu4peBEWIwIIxVhGolLFRVbZCKNaOEcHSHFCcZtolEYVrdfuMpxDXAf/K tfWqmvPDKLrRnLTRzy76dofI0bOeDkIreNqF39ackmbZHC9ya598M7T6gV+DgkY3iL bWyg0dxrU0BR4hsO8YRbjwJJ130Z7n+gvXKqWEpLz3Qrsm9Os42fNbVyOwjTld+ZuA So8QfQ3MNePbMPzmyqTvYcOfMkVglFOwDh/QLKv34ArqFlaQAZ+gCFKqGXZME504JW J84elsJtJUDUrwTj+nJf5GFvviOeB0T8D5gwsMfCfq3QeVr3g+r
Date: Fri, 27 Jul 2018 20:37:02 +0000
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: openpgp@ietf.org
Message-ID: <20180727203702.GB376343@genre.crustytoothpaste.net>
References: <87va95f5q6.fsf@wheatstone.g10code.de> <8952ea67-4a6e-95ab-67c2-8d61c3dd2a1f@ruhr-uni-bochum.de> <20180727200033.GA376343@genre.crustytoothpaste.net> <20180727202032.GJ12983@mit.edu>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="3uo+9/B/ebqu+fSQ"
Content-Disposition: inline
In-Reply-To: <20180727202032.GJ12983@mit.edu>
X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.17.0-1-amd64)
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Scanned-By: MIMEDefang 2.79 on 127.0.1.1
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/BED5XxkMmkVkOeCFb7AfbI-Zeg4>
Subject: Re: [openpgp] Need to publish bis-05
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 20:37:11 -0000
On Fri, Jul 27, 2018 at 03:20:32PM -0500, Benjamin Kaduk wrote: > On Fri, Jul 27, 2018 at 08:00:33PM +0000, brian m. carlson wrote: > > > > I agree that we should lower this. I happen to think the overhead > > involved in 64 KiB chunks isn't that significant, but if that's a > > concern, we could raise it to 1 MiB. I'd like to point out, though, > > that I suggested a smaller chunk size because that's what TLS has > > traditionally done: most TLS implementations don't allow the full 16 MiB > > chunk size for DoS reasons. > > Can you expound on this more? It does not match my understanding of the > TLS ecosystem. (Also, isn't it 16K?) Ah, I believe I was misremembering. The chunk size for encryption is indeed 2^14 bytes; I think I was remembering the handshake messages, which are 2^24 bytes. OpenSSL at least does limit the size of the handshake messages, although, as you pointed out, not encrypted messages. Regardless, my (mistaken) impression was the reason for the original decision. I think we should pick values that are safe for all reasonable implementations, including smaller ones, and where possible, be willing to see what other protocol specifiers have done and learn from their wisdom and mistakes. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204
- [openpgp] Need to publish bis-05 Werner Koch
- Re: [openpgp] Need to publish bis-05 Hanno Böck
- Re: [openpgp] Need to publish bis-05 Werner Koch
- Re: [openpgp] Need to publish bis-05 Marcus Brinkmann
- Re: [openpgp] Need to publish bis-05 brian m. carlson
- Re: [openpgp] Need to publish bis-05 Benjamin Kaduk
- Re: [openpgp] Need to publish bis-05 brian m. carlson
- Re: [openpgp] Need to publish bis-05 Benjamin Kaduk