Re: [openpgp] Encryption and signature context parameter (Was: OpenPGP encryption block modes)
Daniel Huigens <d.huigens@protonmail.com> Thu, 18 August 2022 18:48 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73DCBC14CF1C for <openpgp@ietfa.amsl.com>; Thu, 18 Aug 2022 11:48:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WE03HlAZRGbj for <openpgp@ietfa.amsl.com>; Thu, 18 Aug 2022 11:48:03 -0700 (PDT)
Received: from mail-40131.protonmail.ch (mail-40131.protonmail.ch [185.70.40.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49F19C14CF0B for <openpgp@ietf.org>; Thu, 18 Aug 2022 11:48:03 -0700 (PDT)
Date: Thu, 18 Aug 2022 18:47:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1660848480; x=1661107680; bh=SYSZue+/Yh/XtaqVsS+Xl6HWJvi029fQS/codjd5EU4=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=wmVLd87t2kUsKVmDd1j0q19kofpgx928pCIM6oYLnBpkwBhKS4vh18+b8eoQWzUHK uCyq3Aa09VwlCHbDT1yQXINzDgsJTHfXBttcTN1hqAEOneeet8fmd/r7mJYEfLIDOW HJ0/SQbqxBMRPInE1wsWeKJX+EBF39eZ/dKDJvMCiRlrbUN0+cQovHpcXKUyRFNDsr LXAWlcq2PPVKegiMiBCnZVUKmkucOJbmI3qnWNyiaHFoJ/rtWSQ9q/j4xhix8/N/MM bl+UtXa4swIuXTlsxWoK4xIMtb7iG0buRppzF6VE6HgDf30rUpbs2gXJzl7A3xZ0Ox UFnABOWtRArLA==
To: Marcus Brinkmann <marcus.brinkmann@rub.de>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: openpgp@ietf.org
Reply-To: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <foDBX2xUSvUd4BeEwZNyqSpI7BySuweSXZD7QFww4_sGWbCRdrwR_uqaQef5POcChWtRYAAYMs9_FB1uTvwTGRhqN9mOYsmfADPoWYv5PQw=@protonmail.com>
In-Reply-To: <53ECC178-1B3D-40AE-A684-6469BEBB1426@rub.de>
References: <TTJa-QE7jZWshZLtu4wDR8N6DRYsKWd1S6cV-ze8q9DVO8wzAm5T4fpIEXNsoEU2Psq2oG9HWnH_0bfbzBFVvk2ROMwPNXwlinPnnKw57pM=@protonmail.com> <53ECC178-1B3D-40AE-A684-6469BEBB1426@rub.de>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_HXGDTS7n3lXsGLJGFEHhS3MZQwF5P5u4Mydxrdc7kGE"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/SRFCHtjrYg11oGdiR1ld-vOHkKA>
Subject: Re: [openpgp] Encryption and signature context parameter (Was: OpenPGP encryption block modes)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2022 18:48:08 -0000
Hi Marcus, Thanks for the detailed response. I agree with most of what you wrote, I just have a very minor question: > Here I would suggest to add a variable length field to the AD of every chunk with a two-octet length followed by raw context parameter that would be provided upon encryption and decryption by the implementation. Is there a particular reason for the two-octet length? Can we not simply append the context to what we have now? Not that it would cost much to add a length, just checking if there's some security reason. Best, Daniel
- Re: [openpgp] Encryption and signature context pa… Daniel Huigens
- Re: [openpgp] Encryption and signature context pa… Marcus Brinkmann
- Re: [openpgp] Encryption and signature context pa… Daniel Huigens
- Re: [openpgp] Encryption and signature context pa… Marcus Brinkmann
- Re: [openpgp] Encryption and signature context pa… Daniel Huigens
- Re: [openpgp] Encryption and signature context pa… Marcus Brinkmann
- Re: [openpgp] Encryption and signature context pa… Ángel
- Re: [openpgp] Encryption and signature context pa… Daniel Kahn Gillmor
- Re: [openpgp] Encryption and signature context pa… Daniel Huigens
- Re: [openpgp] Encryption and signature context pa… Marcus Brinkmann
- Re: [openpgp] Encryption and signature context pa… Daniel Kahn Gillmor
- Re: [openpgp] Encryption and signature context pa… Michael Richardson
- Re: [openpgp] Encryption and signature context pa… Marcus Brinkmann