Re: [openpgp] AEAD Chunk Size

Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> Fri, 29 March 2019 09:52 UTC

Return-Path: <marcus.brinkmann@ruhr-uni-bochum.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B624A1200FB for <openpgp@ietfa.amsl.com>; Fri, 29 Mar 2019 02:52:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ruhr-uni-bochum.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bpi87SVh59FI for <openpgp@ietfa.amsl.com>; Fri, 29 Mar 2019 02:52:52 -0700 (PDT)
Received: from out3.mail.ruhr-uni-bochum.de (out3.mail.ruhr-uni-bochum.de [134.147.53.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FEFD120074 for <openpgp@ietf.org>; Fri, 29 Mar 2019 02:52:52 -0700 (PDT)
Received: from mx3.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by out3.mail.ruhr-uni-bochum.de (Postfix mo-ext) with ESMTP id 44Vxqh0JRFz8SXX for <openpgp@ietf.org>; Fri, 29 Mar 2019 10:52:48 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ruhr-uni-bochum.de; s=mail-2017; t=1553853168; bh=zkClrZF4xYhzotee4PHrEBU8mYwtu97p8n52UjOxC6Y=; h=Subject:To:References:From:Date:In-Reply-To:From; b=SxwHHYB4xnmrYBjeHm9PzGw1p4Rvh7LcCNTdqGh4PLarNMG7nhLJXgPjs5Fe6u3rO R/QVD+pIlE7Onm4jAfWEn2Yep4iFOtJUYXk9tFoLo7x9yfoWb1zwQ80w/mUwelZ2BA UxibW1QcBLsxFBlMOi9iHW+QRxH5H5pxG+h0AILY=
Received: from out3.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by mx3.mail.ruhr-uni-bochum.de (Postfix idis) with ESMTP id 44Vxqg57Lrz8SRP for <openpgp@ietf.org>; Fri, 29 Mar 2019 10:52:47 +0100 (CET)
X-Envelope-Sender: <marcus.brinkmann@ruhr-uni-bochum.de>
X-RUB-Notes: Internal origin=134.147.42.227
Received: from mail1.mail.ruhr-uni-bochum.de (mail1.mail.ruhr-uni-bochum.de [134.147.42.227]) by out3.mail.ruhr-uni-bochum.de (Postfix mi-int) with ESMTP id 44Vxqg3Ndpz8Scq for <openpgp@ietf.org>; Fri, 29 Mar 2019 10:52:47 +0100 (CET)
Received: from [192.168.142.139] (p5B0498DC.dip0.t-ipconnect.de [91.4.152.220]) by mail1.mail.ruhr-uni-bochum.de (Postfix) with ESMTPSA id 44Vxqg0g8Zzyty for <openpgp@ietf.org>; Fri, 29 Mar 2019 10:52:47 +0100 (CET)
To: openpgp@ietf.org
References: <87mumh33nc.wl-neal@walfield.org> <878swzp4fb.fsf@europa.jade-hamburg.de> <E65F6E9D-8B0B-466D-936B-E8852F26E1FF@icloud.com> <8736n63bav.wl-neal@walfield.org> <DD6BD098-A048-4513-BAAC-913BF52CDB1D@icloud.com>
From: Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
Openpgp: preference=signencrypt
Message-ID: <fa9de3b0-7270-c6b0-6643-8692bc1a432e@ruhr-uni-bochum.de>
Date: Fri, 29 Mar 2019 10:52:27 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <DD6BD098-A048-4513-BAAC-913BF52CDB1D@icloud.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.4 at mail1.mail.ruhr-uni-bochum.de
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/_IXaPMqYCcQfF0nClTswhQFZ-LY>
Subject: Re: [openpgp] AEAD Chunk Size
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2019 09:52:56 -0000

Hi,

Just to set the record straight: I made two very specific actionable
proposal on this very list 9 months ago.

* Limit the maximum chunk size to a small value:


https://mhonarc.domainunion.de/archive/html/ietf-openpgp/2018-06/msg00029.html

* Forbid outputting unauthenticated plaintext:


https://mhonarc.domainunion.de/archive/html/ietf-openpgp/2018-06/msg00030.html

Also, I think it is instructive to look at the history of the chunk size
and how we got here in the first place. This is the original proposed
text by Brian M. Carlson:

> An implementation MUST support chunk size octets with values from 0 to
10.  An implementation MAY support other chunk sizes.  Chunk size
octets with values larger than 127 are reserved for future extensions.

https://gitlab.com/bk2204/rfc4880bis/commit/353520abd5be34d9980a0f1ea77a07ba1837d03a

This is what the editor put into the draft standard without discussion:

> An implementation MUST support chunk size octets with values from 0 to
56.  Chunk size octets with other values are reserved for future
extensions.

https://mhonarc.domainunion.de/archive/html/ietf-openpgp/2017-07/msg00010.html

His reasoning was this: "Given that larger values are optional,
implementations will need limit C to 10.  I consider this too low for
practical purposes.  We should require all implementations to support
the same range. Given that we have a 64 bit counter the maximum value
for C should be 57 - I would even say 56 so that we avoid signed and
signed problems in the number of octets."

So, here is an actionable item: Go back to the original proposal by
Brian M. Carlson. It gives implementations a reasonable limit to stick
to, while it allows for larger chunks for special use cases.

Thanks,
Marcus