IETF Logo Mail Archive

Re: [openpgp] Need to publish bis-05

Benjamin Kaduk <kaduk@mit.edu> Fri, 27 July 2018 20:42 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB666130E2F for <openpgp@ietfa.amsl.com>; Fri, 27 Jul 2018 13:42:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sTpkDsFDrxro for <openpgp@ietfa.amsl.com>; Fri, 27 Jul 2018 13:42:24 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5790C130E10 for <openpgp@ietf.org>; Fri, 27 Jul 2018 13:42:24 -0700 (PDT)
X-AuditID: 12074424-10dff70000004129-26-5b5b83add450
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 29.A2.16681.EA38B5B5; Fri, 27 Jul 2018 16:42:22 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w6RKgKxB007560; Fri, 27 Jul 2018 16:42:20 -0400
Received: from mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w6RKgGCm003556 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 27 Jul 2018 16:42:19 -0400
Date: Fri, 27 Jul 2018 15:42:16 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: openpgp@ietf.org
Message-ID: <20180727204216.GK12983@mit.edu>
References: <87va95f5q6.fsf@wheatstone.g10code.de> <8952ea67-4a6e-95ab-67c2-8d61c3dd2a1f@ruhr-uni-bochum.de> <20180727200033.GA376343@genre.crustytoothpaste.net> <20180727202032.GJ12983@mit.edu> <20180727203702.GB376343@genre.crustytoothpaste.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="fXStkuK2IQBfcDe+"
Content-Disposition: inline
In-Reply-To: <20180727203702.GB376343@genre.crustytoothpaste.net>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrEKsWRmVeSWpSXmKPExsUixCmqrbuuOTra4MRtNYuGfw/ZLdpm/mBy YPJYfvMvk8eSJT+ZApiiuGxSUnMyy1KL9O0SuDLmtq1iKpgmXPHl+kLmBsYZAl2MnBwSAiYS vxuWsXQxcnEICSxmkpj8czMzhLORUeLf0aVQmbNMErNfrWEFaWERUJV4fa2BEcRmE1CRaOi+ zAxiiwiYSix5v4+pi5GDg1lAROL4jlSQsLCArsSq1utgrbwCOhI77j5ghZj5n1Hizfe/UAlB iZMzn7CA2MwCZRJP729kh5gjLbH8HwdImFPAUeLqobVgq0QFlCX29h1in8AoMAtJ9ywk3bMQ uiHCWhI3/r1kwhDWlli28DUzhG0rsW7de5YFjOyrGGVTcqt0cxMzc4pTk3WLkxPz8lKLdM31 cjNL9FJTSjcxgqKA3UVlB2N3j/chRgEORiUe3gs20dFCrIllxZW5hxglOZiURHkvFACF+JLy UyozEosz4otKc1KLDzGqAO16tGH1BUYplrz8vFQlEV5hFaA63pTEyqrUonyYMmkOFiVx3rs1 4dFCAumJJanZqakFqUUwWRkODiUJ3rAmoEbBotT01Iq0zJwShDQTB+chRgkOHqDhHxtBhhcX JOYWZ6ZD5E8x6nL8eT91ErMQ2AVS4rw3QIoEQIoySvPg5oCSmkT2/ppXjOJALwrzhoOs4wEm RLhJr4CWMAEtOR4XCbKkJBEhJdXAuHaahty5O+aNEnnZV1ZX9mvEztFhjZ/e1lP2wDPpcIyd wlWvSUINn2YHLLrr6Xn9Eaf55WsnkvbeWH059KjDHZsPjK5fJsyWbRbkPC+Y9DxD6b6r5H5F 2QcH9LvXl3PEndV1fTV7/nxBVht9ndel06PXNK6XY+Fn3Oh+ocJGZqVlN9ejA43ySizFGYmG WsxFxYkAwnmWaEUDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/QKCeTp-tF8UV3j2lOjCAsS-lIBM>
Subject: Re: [openpgp] Need to publish bis-05
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 20:42:26 -0000

On Fri, Jul 27, 2018 at 08:37:02PM +0000, brian m. carlson wrote:
> On Fri, Jul 27, 2018 at 03:20:32PM -0500, Benjamin Kaduk wrote:
> > On Fri, Jul 27, 2018 at 08:00:33PM +0000, brian m. carlson wrote:
> > > 
> > > I agree that we should lower this.  I happen to think the overhead
> > > involved in 64 KiB chunks isn't that significant, but if that's a
> > > concern, we could raise it to 1 MiB.  I'd like to point out, though,
> > > that I suggested a smaller chunk size because that's what TLS has
> > > traditionally done: most TLS implementations don't allow the full 16 MiB
> > > chunk size for DoS reasons.
> > 
> > Can you expound on this more?  It does not match my understanding of the
> > TLS ecosystem.  (Also, isn't it 16K?)
> 
> Ah, I believe I was misremembering.  The chunk size for encryption is
> indeed 2^14 bytes; I think I was remembering the handshake messages,
> which are 2^24 bytes.  OpenSSL at least does limit the size of the
> handshake messages, although, as you pointed out, not encrypted
> messages.

Thanks for clarifying (and looking it up!).

> Regardless, my (mistaken) impression was the reason for the original
> decision.  I think we should pick values that are safe for all
> reasonable implementations, including smaller ones, and where possible,
> be willing to see what other protocol specifiers have done and learn
> from their wisdom and mistakes.

FWIW, I agree that we should have values safe for all reasonable
implementations.

-Ben

v2.23.0 | Report a Bug | By Email