Re: [openpgp] AEAD Chunk Size
Ronald Tse <tse@ribose.com> Thu, 28 February 2019 00:35 UTC
Return-Path: <tse@ribose.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E8B4131200 for <openpgp@ietfa.amsl.com>; Wed, 27 Feb 2019 16:35:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ribose.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rEGGjFbd9pz2 for <openpgp@ietfa.amsl.com>; Wed, 27 Feb 2019 16:35:23 -0800 (PST)
Received: from APC01-HK2-obe.outbound.protection.outlook.com (mail-eopbgr1300089.outbound.protection.outlook.com [40.107.130.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CF571311FF for <openpgp@ietf.org>; Wed, 27 Feb 2019 16:35:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ribose.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zp0Jo4Iz1RRbWVZtxzB16/VFadn7eluznHUdwn6debI=; b=u3h7vwz6p6zgFtHIUe5jm/gbaeNMUlQwQ0nbgAEoiyzG2QFKrnzNAke4ZLemxRlg+M5Gw0uDixfh7VbaAbE2WfL/8yZ7B3ddBlZi8zuGDTGprGOSVuE0RArr1QOIxcUxFRyDpnL0wqFgNQs+gLgv5M6D+akoT3gI0Dd67tGWrhM=
Received: from SG2PR01MB2776.apcprd01.prod.exchangelabs.com (20.177.169.82) by SG2PR01MB2743.apcprd01.prod.exchangelabs.com (20.177.170.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.16; Thu, 28 Feb 2019 00:35:20 +0000
Received: from SG2PR01MB2776.apcprd01.prod.exchangelabs.com ([fe80::79b5:927d:1203:98cc]) by SG2PR01MB2776.apcprd01.prod.exchangelabs.com ([fe80::79b5:927d:1203:98cc%4]) with mapi id 15.20.1665.015; Thu, 28 Feb 2019 00:35:19 +0000
From: Ronald Tse <tse@ribose.com>
To: "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] AEAD Chunk Size
Thread-Index: AQHUzop/kFDDrLByAk23BDwcx/qYg6XzgT4AgACqBYCAABGnAIAABmWAgAARlgCAAAj9Yg==
Date: Thu, 28 Feb 2019 00:35:19 +0000
Message-ID: <6A3FD8B9-7957-42CA-A704-A2C983A52BB3@ribose.com>
References: <87mumh33nc.wl-neal@walfield.org> <F9VLV9HZWH.3RYL3UM3BN873@my.amazin.horse> <3WZ7-hy9V7TOy53p1gP5EXELzHJIqjouV9x0YTN3PWsBZedKkqvVCRm-2XzGZy-FYAYdTqP1-7YV4wbTWMWAYhSujQA6NmrnIuXfZLRHkdQ=@protonmail.com> <CAB941EE-6961-4CAB-9632-DFF738980467@icloud.com> <HBifY5kv2OqoajWurbHh_-NyZaBUZGabUpbxfhLlw8lTEuJVAiaHr-hhL_v5jKI-uqfeTIKD2S8VbEKvImC2sxhSlxD3GsT8LBzXKaOeHLI=@protonmail.com>, <431339C1-8DDA-47D0-B233-9B7F49F0692A@icloud.com>
In-Reply-To: <431339C1-8DDA-47D0-B233-9B7F49F0692A@icloud.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tse@ribose.com;
x-originating-ip: [124.217.189.165]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ec666a87-03ed-4336-7e88-08d69d149e48
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(7168020)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:SG2PR01MB2743;
x-ms-traffictypediagnostic: SG2PR01MB2743:
x-ms-exchange-purlcount: 1
x-microsoft-exchange-diagnostics: 1;SG2PR01MB2743;23:Wx0jIAfFg9NSGa4HH0W68ZJTUZMK+OGvqV9c3FtaKJ06fbLLMhRp6I999NzaUISVeYkDADWuidYRfYcm+fNmP41cmNa9o0le3HQ//9JsuclSkQtxFmMIH47izvqh5O0XcmSz6VayAVW8vlboCnxghQCKyfm2iECy9xnyuypsoNtEAVBkSJpZT6G2J3gLL/Qhc5ulYCbod29fuaGGBPmkaaDBcAGla8EqfBEFWmZnM4/yc5Rd+r8CgUqcBotluE2uZuyvnzGA5IGtMpRQjOdOkWWkyFxaXHkzCxU0nV59NLHPMwZ0xs0NJufHjCCiyEY61ncIM7loXVbpC6eDHrGoQg+83db5Pb//LRJsoTmZlsCTLWEAm3K2phdp7rvFPHtte44kj5LBSSQcy732gPtirDrpkpLlL4laZlqHpMQsyKPSHNjhK1leYbqWa0qKmo4QgrhuC0Q52JML6hstGTjJ5ViGHKSH/y/uSxtzSVPDrBG4qS4dUSbKc0uvjLnsKrK+yyOJ76zLIGI3YnACqb7Wdy3CJelxu9WC9BkxezhZXyOv/MPqtvkahyE1+IMYVukfyMses0eInZ64aGFZBvMe/jq7AUSMcRKaZiiPmd9eNFKzxYf1cySYXrwL0Ws9pzDM8vOFdY9OJcEmgD4AEd6XfznT/g7ssujTp7nppTOH0TPRR4ycp0taRumFMTJm+myJxHImciD4MJZP0NN00FyeMi4fLEFM53oXOk5MkW4XC4xUy3oetzLQdqbuHoFjTP8jzkmori03wFbcLKRu8J6sVuFoHqu3rcVT1YpiXBL+oeNNUiFPrRWDs1f1q1ZeJekQh/FG/yvTGrPRrEy9FpM99UN3HK6All93ju9tgb2hfmQJ0e51tT2VueaAP8vQUGDrZDR2n+7lJBL3SbQK8KRzC2o/LK+nUQHeKRWvzQB29HXvk+OOrysAOFrb+ECbpmYSvKj0UUed4YH8shyft4X+oB2l06Ze203KjZm+l9gaq3jyAwjMWNPruvRx+Mi9vIf+DtONf5J+KlwipuAIgq2oX+Ja2wrRdD7+Hvmu5PiM5aC/2AuLbYi61Ne3Yy+5IuXdcex4qWBrnOgDX7Cca+/+W683ykC1gfUspjDaLx5KSvQjKIV2y8P5nd2g3+zIguY+cuesRFjZ+pG09G0IaZzaWmVlaLQ0irb7NBTmW2vhtXk2GYQLaBeJ6swn31U270ngLJ6rzKu6wh52rdbHRNcrJZrcTxDhP8wcz0hi7ylA6YvWrdWphsPwumnGusaGTcOnl2tjNznmQJtSN+Y2O9GSVDBuW8WzEGG53A5KFCn/EQ6tQ613zi8QuYTT7ELlAnS8QRix8IzEGejLKp2KB1N5/r4Fl3OHG2n/PioyG12pWL8n62e4nfj8GYw2oXUh5Sox
x-microsoft-antispam-prvs: <SG2PR01MB2743EC17A3FBBFAE979D73D4D7750@SG2PR01MB2743.apcprd01.prod.exchangelabs.com>
x-forefront-prvs: 0962D394D2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39830400003)(376002)(346002)(136003)(396003)(189003)(199004)(86362001)(446003)(6116002)(66066001)(486006)(229853002)(14444005)(68736007)(2616005)(256004)(36756003)(71190400001)(11346002)(5640700003)(2351001)(3846002)(6916009)(83716004)(105586002)(8936002)(106356001)(476003)(25786009)(71200400001)(186003)(6486002)(6436002)(966005)(8676002)(5660300002)(53546011)(97736004)(81166006)(2906002)(33656002)(508600001)(81156014)(2501003)(6306002)(53936002)(6246003)(55236004)(6506007)(305945005)(99286004)(14454004)(76176011)(7736002)(82746002)(26005)(102836004)(316002)(1730700003)(6512007)(93886005); DIR:OUT; SFP:1101; SCL:1; SRVR:SG2PR01MB2743; H:SG2PR01MB2776.apcprd01.prod.exchangelabs.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ribose.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: nZMc1ljv23VJYI73V76O1xYos0gJ3SsoYUhYuMP5ti2jFNDR9b2ZSctKL/2AzAdukus33pt4G8tpnGzMztW5kPQHZ3XCPdZokUk/1Vd+h7PgBaGFXfFjetPUp5xAEDyYQuT0ufsVy3Hzzlp8PQG0Wj0VykPsmjNL7wZm4BhI3zmIlu978XQpaw785X7t6qC0P/Bjeo7OX0D3RJiBgzfBzOAZadkoBWD588UEwlEEfcg6TejIVxJ9Eb+sRx74/vUE2PDclk5cblby5aRJnUyM1zQswh7noIQo0Xhq6BKyO8p+5TfveZpyKem/uj1je+jzGJdOFkzmk9ob3uLnJI4lqFpn2X8PUGD3DpkY/MfBLygYg8xsZd/A6Yh4gaOAg2aw1QGEmgrmkWVZFwNA3UfQRAigzEjA24wv2WTGYe1KC14=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ribose.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ec666a87-03ed-4336-7e88-08d69d149e48
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2019 00:35:19.9561 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d98a04ff-ef98-489b-b33c-13c23a2e091a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR01MB2743
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Te9BLOUT6QCv3hUOCSXDTMJ_A6A>
Subject: Re: [openpgp] AEAD Chunk Size
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 00:35:25 -0000
And thanks Neal for the suggestion! _____________________________________ Ronald Tse Ribose Inc. > On Feb 28, 2019, at 8:03 AM, Jon Callas <joncallas=40icloud.com@dmarc.ietf.org> wrote: > > > >> On Feb 27, 2019, at 3:00 PM, Bart Butler <bartbutler@protonmail.com> wrote: >> >> Hi Jon, >> >> Do I understand correctly that you oppose shrinking the allowable range with MUST at all too? I think the argument for this is fairly convincing from a usage perspective to ensure that someone decrypting a large message is not obligated to download a huge amount of data before finding out that it is corrupted or otherwise has been tampered with. Likewise, we had to address unanticipated performance issues in OpenPGP.js with very small chunks which could have allowed a bad actor to essentially DoS the library with a strangely-constructed message. >> >> In other words, I'm not really swayed by the implementation simplification argument but I do think that very small or very large chunk size, in addition to *probably* being useless, pose a real threat in terms of abuse. >> >> So I think having a MUST for the range, maybe 16kiB to 256 kiB, or 16 kiB to 1024 kiB is a reasonable thing to do. And as long as we keep the size byte, we can always increase the upper limit of the range in the future if needed. > > My warning is against shooting someone else in the foot, or forcing them to use some other protocol. > > Thus, saying (e.g.) that the range MUST be between 1K and 16K is a bad idea; we even know now that 256K has in some cases an efficiency advantage. You can say, MUST support 1K to 16K, SHOULD support up to 256K and MAY support larger sizes. There can also be a couple of paragraphs to explain that there are good reasons neither to be very small nor very large. > > My concern is someone saying something like, “Gosh, I’d like to have OpenPGP AEAD encryption for S3 Objects, but I can’t ‘cause those go up to 5TB.” Anyone who’s going to use 5TB objects probably knows the headaches they inherit and yeah, you aren’t going to do that on a Cortex M0. > > Does this make sense? > > Jon > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp
- Re: [openpgp] AEAD Chunk Size Justus Winter
- [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Vincent Breitmoser
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Ronald Tse
- Re: [openpgp] AEAD Chunk Size Ronald Tse
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size Hanno Böck
- Re: [openpgp] AEAD Chunk Size - Performance Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size - Performance Bart Butler
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size brian m. carlson
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size - Performance Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Sebastian Schinzel
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Werner Koch
- Re: [openpgp] AEAD Chunk Size Vincent Breitmoser
- Re: [openpgp] AEAD Chunk Size Sebastian Schinzel
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Werner Koch
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Werner Koch
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Vincent Breitmoser
- Re: [openpgp] AEAD Chunk Size Peter Pentchev
- Re: [openpgp] AEAD Chunk Size Vincent Breitmoser
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Vincent Breitmoser
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Vincent Breitmoser
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Bill Frantz
- [openpgp] WTF (Re: AEAD Chunk Size) Andre Heinecke
- Re: [openpgp] AEAD Chunk Size Werner Koch
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Werner Koch
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Marcus Brinkmann
- Re: [openpgp] AEAD Chunk Size Nickolay Olshevsky
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Tobias Mueller
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Bill Frantz
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size Marcus Brinkmann
- Re: [openpgp] AEAD Chunk Size Bill Frantz
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Peter Gutmann
- Re: [openpgp] AEAD Chunk Size Peter Gutmann
- Re: [openpgp] AEAD Chunk Size Peter Gutmann
- Re: [openpgp] AEAD Chunk Size Peter Gutmann
- Re: [openpgp] AEAD Chunk Size Bill Frantz
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Marcus Brinkmann
- Re: [openpgp] AEAD Chunk Size Marcus Brinkmann
- Re: [openpgp] AEAD Chunk Size Peter Gutmann
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Peter Gutmann
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Wyllys Ingersoll
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size brian m. carlson
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size Benjamin Kaduk
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size Benjamin Kaduk
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Peter Gutmann
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size Benjamin Kaduk
- Re: [openpgp] AEAD Chunk Size Conrado P. L. Gouvêa
- Re: [openpgp] AEAD Chunk Size Conrado P. L. Gouvêa
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Neal H. Walfield
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Jon Callas
- Re: [openpgp] AEAD Chunk Size Heiko Stamer
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size Bart Butler
- Re: [openpgp] AEAD Chunk Size Derek Atkins
- Re: [openpgp] AEAD Chunk Size Werner Koch
- Re: [openpgp] AEAD Chunk Size Benjamin Kaduk
- Re: [openpgp] [EXT] Re: AEAD Chunk Size Neil Hunsperger