Re: [openpgp] AEAD Chunk Size

Werner Koch <wk@gnupg.org> Thu, 14 March 2019 14:10 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13383130E6F for <openpgp@ietfa.amsl.com>; Thu, 14 Mar 2019 07:10:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CHoHfPo_Tps for <openpgp@ietfa.amsl.com>; Thu, 14 Mar 2019 07:10:11 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3800130E6D for <openpgp@ietf.org>; Thu, 14 Mar 2019 07:10:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Zh/s+p0cR/+YH3lF1TGTsy7+E4NM6KEPCHNt7JGcmSw=; b=KJbAMI5a0nvpK9PSc1t1XeDoyU YhP3XMQCb0Rwfqto7gdiyyM7QmzoTHy6vGRxylZktsONLeVhZIVm2YeKexWvBXVJtH28Kmk7dZ1pa /RBpKv8NonWZYnqbv31oESiymHLUSgF85+w9BWATa0TWDqwtvEhU9hOMdklwwUHRRJIA=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1h4R3h-0000xW-M0 for <openpgp@ietf.org>; Thu, 14 Mar 2019 15:10:09 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1h4Qzw-0007IE-3P; Thu, 14 Mar 2019 15:06:16 +0100
From: Werner Koch <wk@gnupg.org>
To: "Neal H. Walfield" <neal@walfield.org>
Cc: Derek Atkins <derek@ihtfp.com>, openpgp@ietf.org, Vincent Breitmoser <look@my.amazin.horse>
References: <87d0n174w6.fsf@wheatstone.g10code.de> <87mumh33nc.wl-neal@walfield.org> <3GFS71V7BTJNZ.29C5TO8OY0O44@my.amazin.horse> <sjmy35isypu.fsf@securerf.ihtfp.org> <87r2bax5u2.wl-neal@walfield.org> <sjmlg1hskdq.fsf@securerf.ihtfp.org> <87pnqtwot9.wl-neal@walfield.org>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: "Neal H. Walfield" <neal@walfield.org>, Derek Atkins <derek@ihtfp.com>, openpgp@ietf.org, Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 14 Mar 2019 15:06:15 +0100
In-Reply-To: <87pnqtwot9.wl-neal@walfield.org> (Neal H. Walfield's message of "Thu, 14 Mar 2019 14:47:14 +0100")
Message-ID: <87y35hy2i0.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Cyber_security_Human_to_Animal_Disaster_management_Radiation_Disaste"; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/NNYwO5Vz3mGGyIz4p3WS1kr1Xvg>
Subject: Re: [openpgp] AEAD Chunk Size
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 14:10:14 -0000

On Thu, 14 Mar 2019 14:47, neal@walfield.org said:

> Are you arguing like Werner that catching transmission errors is
> enough and that we shouldn't bother with ciphertext integrity?

I never said this.  My point was that you are discussing a certain
programming pattern on how to implement AEAD modes and I remarked that
the OpenPGP standard is about a protocol and not an implementation.

BTW, OpenPGP provides ciphertext integrity for more than 15 years.
Experience showed that transmission errors are the major cause for false
MDC triggered alarms.  We want to detect them earlier and not only at
the end of the transmission to support real world use cases.  The move
from CFB+SHA1 to OCB can also be seen in the light of required
performance improvements.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.