IETF Logo Mail Archive

Re: [openpgp] The combinatorial complexity of OpenPGPv4

David Gil <dgil@yahoo-inc.com> Sat, 14 March 2015 03:57 UTC

Return-Path: <dgil@yahoo-inc.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDFCE1A89FB for <openpgp@ietfa.amsl.com>; Fri, 13 Mar 2015 20:57:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.001
X-Spam-Level:
X-Spam-Status: No, score=-17.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_DEF_WHITELIST=-15] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tLHQFBXd0jhJ for <openpgp@ietfa.amsl.com>; Fri, 13 Mar 2015 20:57:33 -0700 (PDT)
Received: from mrout5.yahoo.com (mrout5.yahoo.com [216.145.54.154]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 347491A88F8 for <openpgp@ietf.org>; Fri, 13 Mar 2015 20:57:33 -0700 (PDT)
Received: from omp1016.mail.ne1.yahoo.com (omp1016.mail.ne1.yahoo.com [98.138.89.160]) by mrout5.yahoo.com (8.14.9/8.14.9/y.out) with ESMTP id t2E3vJLO071898 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <openpgp@ietf.org>; Fri, 13 Mar 2015 20:57:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yahoo-inc.com; s=cobra; t=1426305440; bh=W6B3Pqn8RZtJfIjZK1ulYJSgZqhqgJKcKwr1+8COzpg=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject; b=QBimWtoEP0KJBT8OgQs4ANNpIGjvKTOqcbChno7Ij31L0Z/ST/n0F3/PtnyO24aLR G8UMtn3x5DP3QLmQU3j5vIkHLGJLLkxPinh0VB9c2qwUR04HUNTi7zsUgVrY5s+zg8 gOx7hF3ofk/G/Vl+7iPaXT36Dq9qqhFMfViku1hc=
Received: (qmail 61051 invoked by uid 1000); 14 Mar 2015 03:57:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1426305439; bh=TvA/gsyNiqje0F7o6iMGUo63NL/TCw3/9x69nXa4ABM=; h=Date:From:Reply-To:To:Message-ID:In-Reply-To:References:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding; b=FLHrB1juPkBw1FCU0vaWyZAyIMeyiiQabzMWtdkmDxr81CMQucDLiVIbOBOwcftvQ4XRS88AK/dwdJX/nm8nQUpMUM03HjyW6doCpWz3cI/kNGg32T5KfyTIYnuD9PzD9T3AqK7ILM7dLbZsuuex1w2LyN0r/dH7xrgKLmLxYHw=
X-YMail-OSG: o3UMNowVM1mShPxxYhImC_zNWtd3vL.RKhxUp7bRdSHs8u26CfG.INIS8Uksp8S 7z5AWOwPSWWq0uVDg1AOdWd2zI9hRuGxYBY7UxTmP3dyBbIp4tn93q2gH8653StV6oFzjH4OGUxX wi7TyPzlkdBawVnsz70896Iuu_bHDWPOUeudKqt47uvlvLHyPPs2u_XVIF9XhP2CgqdSvlfH3g.a ANr8KUAQW3EZbyZscB5EPFvUQsV6_hE5kjkb76n8WSX0CV9U-
Received: by 98.138.105.193; Sat, 14 Mar 2015 03:57:18 +0000
Date: Sat, 14 Mar 2015 03:57:17 +0000
From: David Gil <dgil@yahoo-inc.com>
To: Falcon Darkstar Momot <falcon@iridiumlinux.org>, "openpgp@ietf.org" <openpgp@ietf.org>, David Gil <coruus@gmail.com>
Message-ID: <1160541985.95679.1426305437936.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <55038CBE.7070608@iridiumlinux.org>
References: <55038CBE.7070608@iridiumlinux.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Milter-Version: master.31+4-gbc07cd5+
X-CLX-ID: 305439001
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/jxIMoBVPTT7wwuLpebP_LKuKRIE>
Subject: Re: [openpgp] The combinatorial complexity of OpenPGPv4
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: David Gil <dgil@yahoo-inc.com>
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Mar 2015 03:57:35 -0000

On Friday, March 13, 2015 6:20 PM, Falcon Darkstar Momot <falcon@iridiumlinux.org> wrote:

> I feel like perhaps this type of exhaustive testing is neither necessary
> nor expected, and that a few end-to-end tests designed to exercise edge
> cases could be combined with more exhaustive unit tests to achieve
> reasonable results. 


The difficulty, as always, is proving that an actual implementation is modular. In the case of OpenPGP, it really isn't: A lot of data has to get carried between each stage to ensure conformance with the high-level semantics.


In contrast, suppose that I wanted to exhaustively test the different ways of doing authenticated encryption with TweetNaCl. That's exactly 1 test, which I can then test for 2^32 different parameter values or so quite easily.

That type of exhaustive testing is routinely (though not routinely enough) done, and it is expected for critical software.

> Protocol modularity is not evil.

Modularity is neutral. "Agility", as folks like to call it, is evil.

The name-sake article of Google and Yahoo's End-to-End project has some good arguments for avoiding redundancy in systems design: 


http://web.mit.edu/saltzer/www/publications/endtoend/endtoend.pdf

(I'd note that I think the article argues for its position a bit too strongly. It's clear that transport-layer and message-level encryption are both necessary, for example, because they have fundamentally different semantics.)

v2.23.0 | Report a Bug | By Email