Re: [openpgp] AEAD Chunk Size

"Neal H. Walfield" <neal@walfield.org> Wed, 27 March 2019 20:11 UTC

Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D7B7120307 for <openpgp@ietfa.amsl.com>; Wed, 27 Mar 2019 13:11:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ifxvOjCIBauQ for <openpgp@ietfa.amsl.com>; Wed, 27 Mar 2019 13:11:15 -0700 (PDT)
Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30BA21202C1 for <openpgp@ietf.org>; Wed, 27 Mar 2019 13:11:15 -0700 (PDT)
Received: from p57b22663.dip0.t-ipconnect.de ([87.178.38.99] helo=grit.huenfield.org.walfield.org) by mail.dasr.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from <neal@walfield.org>) id 1h9EtE-0008ME-Rt; Wed, 27 Mar 2019 20:11:12 +0000
Date: Wed, 27 Mar 2019 21:11:12 +0100
Message-ID: <87imw4gjrz.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: Derek Atkins <derek@ihtfp.com>
Cc: openpgp@ietf.org, Vincent Breitmoser <look@my.amazin.horse>
In-Reply-To: <sjm4l7xr855.fsf@securerf.ihtfp.org>
References: <87d0n174w6.fsf@wheatstone.g10code.de> <87mumh33nc.wl-neal@walfield.org> <3GFS71V7BTJNZ.29C5TO8OY0O44@my.amazin.horse> <sjmy35isypu.fsf@securerf.ihtfp.org> <87r2bax5u2.wl-neal@walfield.org> <sjmlg1hskdq.fsf@securerf.ihtfp.org> <87pnqtwot9.wl-neal@walfield.org> <87y35hy2i0.fsf@wheatstone.g10code.de> <87k1h0we7w.wl-neal@walfield.org> <87va0g65ht.fsf@wheatstone.g10code.de> <87va0gioae.wl-neal@walfield.org> <431ea8fdaca6b3d20e19cfe2a14f6c96.squirrel@mail2.ihtfp.org> <87mulsi7ms.wl-neal@walfield.org> <sjmpnqmrg1b.fsf@securerf.ihtfp.org> <87lg1a3fcl.wl-neal@walfield.org> <sjm4l7xr855.fsf@securerf.ihtfp.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/m9hd4FwdvIUWKt1MWQfzBq3JahY>
Subject: Re: [openpgp] AEAD Chunk Size
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2019 20:11:18 -0000

Hi Derek,

On Wed, 20 Mar 2019 14:24:22 +0100,
Derek Atkins wrote:
> I still don't think we need a fixed chunk size.  Different use cases may
> dictate different ideas.  It's a tradeoff, of course.  The hope would be
> the receiver can signal to the sender what it should do.

I've spent some time thinking about use cases for different chunk
sizes, and I can't come up with any modulo some, IMHO, insignificant
performance tweaks.  Can you please give some examples of use cases
that would profit from different chunk sizes?

> I DO believe that recommended chunk sizes should be smaller than, say
> 4TB (let alone exabytes).  I am happy to have the range be anywhere from
> 1KB to 128MB (give or take), but I still don't think we should outright
> prohibit smaller or larger.  Considering the chunk size should be part
> of the protected data, I don't see how an attacker could modify it, only
> a sender that doesn't pay attention.

If I understand you correctly, you would support a SHOULD restriction
on the the range, but not a MUST restriction.

What should / would you recommend an implementation do if it
encounters a chunk that it can't buffer?  I see two choices: report an
error, or release unauthenticated plaintext.



Please don't misunderstand my questions: I sincerely am interested in
your answers to these questions.

Thanks!

:) Neal