Re: [openpgp] AEAD Chunk Size

"Neal H. Walfield" <> Wed, 27 March 2019 20:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9D7B7120307 for <>; Wed, 27 Mar 2019 13:11:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ifxvOjCIBauQ for <>; Wed, 27 Mar 2019 13:11:15 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 30BA21202C1 for <>; Wed, 27 Mar 2019 13:11:15 -0700 (PDT)
Received: from ([] by with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from <>) id 1h9EtE-0008ME-Rt; Wed, 27 Mar 2019 20:11:12 +0000
Date: Wed, 27 Mar 2019 21:11:12 +0100
Message-ID: <>
From: "Neal H. Walfield" <>
To: Derek Atkins <>
Cc:, Vincent Breitmoser <>
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Archived-At: <>
Subject: Re: [openpgp] AEAD Chunk Size
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Mar 2019 20:11:18 -0000

Hi Derek,

On Wed, 20 Mar 2019 14:24:22 +0100,
Derek Atkins wrote:
> I still don't think we need a fixed chunk size.  Different use cases may
> dictate different ideas.  It's a tradeoff, of course.  The hope would be
> the receiver can signal to the sender what it should do.

I've spent some time thinking about use cases for different chunk
sizes, and I can't come up with any modulo some, IMHO, insignificant
performance tweaks.  Can you please give some examples of use cases
that would profit from different chunk sizes?

> I DO believe that recommended chunk sizes should be smaller than, say
> 4TB (let alone exabytes).  I am happy to have the range be anywhere from
> 1KB to 128MB (give or take), but I still don't think we should outright
> prohibit smaller or larger.  Considering the chunk size should be part
> of the protected data, I don't see how an attacker could modify it, only
> a sender that doesn't pay attention.

If I understand you correctly, you would support a SHOULD restriction
on the the range, but not a MUST restriction.

What should / would you recommend an implementation do if it
encounters a chunk that it can't buffer?  I see two choices: report an
error, or release unauthenticated plaintext.

Please don't misunderstand my questions: I sincerely am interested in
your answers to these questions.


:) Neal