Re: [openpgp] Need to publish bis-05
Hanno Böck <hanno@hboeck.de> Tue, 24 July 2018 11:57 UTC
Return-Path: <hanno@hboeck.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39163130E63 for <openpgp@ietfa.amsl.com>; Tue, 24 Jul 2018 04:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.621
X-Spam-Level:
X-Spam-Status: No, score=-1.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6p0GR3BaShEc for <openpgp@ietfa.amsl.com>; Tue, 24 Jul 2018 04:57:43 -0700 (PDT)
Received: from zucker2.schokokeks.org (zucker2.schokokeks.org [178.63.68.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29C281292AD for <openpgp@ietf.org>; Tue, 24 Jul 2018 04:57:42 -0700 (PDT)
Received: from computer ([2001:2012:127:3e00:ff5e:3a82:43d7:a6d6]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 256bits, ECDHE-RSA-AES256-GCM-SHA384) by zucker.schokokeks.org with ESMTPSA; Tue, 24 Jul 2018 13:57:40 +0200 id 000000000000012C.000000005B571434.000027BA
Date: Tue, 24 Jul 2018 13:57:44 +0200
From: Hanno Böck <hanno@hboeck.de>
To: openpgp@ietf.org
Message-ID: <20180724135744.6972c8d3@computer>
In-Reply-To: <87va95f5q6.fsf@wheatstone.g10code.de>
References: <87va95f5q6.fsf@wheatstone.g10code.de>
X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-10170-1532433460-0001-2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/KXM9nqbhkn3ELTznP6YBQhEipC0>
Subject: Re: [openpgp] Need to publish bis-05
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jul 2018 11:57:47 -0000
Hi, On Tue, 24 Jul 2018 09:33:21 +0200 Werner Koch <wk@gnupg.org> wrote: > ** Limit the chunk size of AEAD packets: > > An implementation MUST support chunk size octets with values from 0 > to 56. Chunk size octets with other values are reserved for future > + extensions. Implementations SHOULD NOT create data with a chunk > size > + octet value larger than 21 (128 MiB chunks) to facilitate buffering > of > + not yet authenticated plaintext. This does not seem to reflect the lessons to be learned from efail. I think it is very important to hard-restrict the chunk size to a manageable size, also manageable for small devices (i.e. even 128 mb is far too much), so that authenticating before any output is produced is always feasible. I.e. I propose to change it to a MUST NOT and to have a smaller maximum chunk size (I think something in the kilobyte range is a good choice). -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
- [openpgp] Need to publish bis-05 Werner Koch
- Re: [openpgp] Need to publish bis-05 Hanno Böck
- Re: [openpgp] Need to publish bis-05 Werner Koch
- Re: [openpgp] Need to publish bis-05 Marcus Brinkmann
- Re: [openpgp] Need to publish bis-05 brian m. carlson
- Re: [openpgp] Need to publish bis-05 Benjamin Kaduk
- Re: [openpgp] Need to publish bis-05 brian m. carlson
- Re: [openpgp] Need to publish bis-05 Benjamin Kaduk