Re: [openpgp] AEAD Chunk Size

Jon Callas <joncallas@icloud.com> Thu, 28 March 2019 19:33 UTC

Return-Path: <joncallas@icloud.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EABCD12032E for <openpgp@ietfa.amsl.com>; Thu, 28 Mar 2019 12:33:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.849
X-Spam-Level:
X-Spam-Status: No, score=-1.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, KHOP_DYNAMIC=0.85, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rTGskooPmFuo for <openpgp@ietfa.amsl.com>; Thu, 28 Mar 2019 12:33:42 -0700 (PDT)
Received: from mr85p00im-zteg06021901.me.com (mr85p00im-zteg06021901.me.com [17.58.23.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F111A120282 for <openpgp@ietf.org>; Thu, 28 Mar 2019 12:33:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=04042017; t=1553801621; bh=tdEZRuGlVe0kH1HfknFqp3a69PquUapQqfg+Db42Bq0=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=ar3bIEVGBNOOLbspuxVdcNKr9ou0Zk7y3Uh9wst5/8002LtiBM24iSkWT7gtJ8919 gEDIoFTscjhn0gu1SfljOM2ORKSBXOvrKOKJlXyqBFUw438+evFSH0G3/3hwPs2asL wnQx6KEVwhzeCFqwg/rgAzkguwNLpVovLEkYLwkVPl4UI9uOluPJKiPwslQqweG5Yd lpHqrSUv0py8v3HKxGuO7EIEyyY0fARiLIPKBrQWD1zIVPWJcqUynI8WzlOkQxYBHR Ki09vi1Ra3rIrwzWQIVq/ItjnC4CeolcyQQgLWKFBWoaUzIgGlGDlmaCgmYM8HNXlr 5tS5y1HKKbT+g==
Received: from [10.125.12.152] (67-207-120-150.static.wiline.com [67.207.120.150]) by mr85p00im-zteg06021901.me.com (Postfix) with ESMTPSA id 056747201AA; Thu, 28 Mar 2019 19:33:40 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Jon Callas <joncallas@icloud.com>
In-Reply-To: <sjmva04mi47.fsf@securerf.ihtfp.org>
Date: Thu, 28 Mar 2019 12:33:39 -0700
Cc: Jon Callas <joncallas@icloud.com>, Tobias Mueller <muelli@cryptobitch.de>, Werner Koch <wk@gnupg.org>, "openpgp@ietf.org OpenPGP" <openpgp@ietf.org>, "Neal H. Walfield" <neal@walfield.org>, Vincent Breitmoser <look@my.amazin.horse>
Content-Transfer-Encoding: quoted-printable
Message-Id: <BCB52929-85FA-4A80-AE23-A65E9EE49B93@icloud.com>
References: <87d0n174w6.fsf@wheatstone.g10code.de> <87mumh33nc.wl-neal@walfield.org> <3GFS71V7BTJNZ.29C5TO8OY0O44@my.amazin.horse> <sjmy35isypu.fsf@securerf.ihtfp.org> <87r2bax5u2.wl-neal@walfield.org> <sjmlg1hskdq.fsf@securerf.ihtfp.org> <87pnqtwot9.wl-neal@walfield.org> <0f7f492bf18145f96e70886ba19ba290.squirrel@mail2.ihtfp.org> <87lg1gwelf.wl-neal@walfield.org> <61e3fb9d194d0b47f21be8e176daa0b9b6c5d0a5.camel@cryptobitch.de> <87sgvkihd1.wl-neal@walfield.org> <241225ce914a1843b48dab304c760151fe05b764.camel@cryptobitch.de> <87imwfj3oq.wl-neal@walfield.org> <65e588255c689d329546c3908dac112896d029ca.camel@cryptobitch.de> <sjmva04mi47.fsf@securerf.ihtfp.org>
To: Derek Atkins <derek@ihtfp.com>
X-Mailer: Apple Mail (2.3445.102.3)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-28_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 mlxscore=0 mlxlogscore=773 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1812120000 definitions=main-1903280126
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/uSMIc3ofThOSo8UW-wUNvjDSKM0>
Subject: Re: [openpgp] AEAD Chunk Size
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 19:33:44 -0000


> On Mar 27, 2019, at 8:50 AM, Derek Atkins <derek@ihtfp.com> wrote:
> 
> In my mind, each chunk is its own AEAD ciphertext.  So the chunking is
> happening *during* AEAD encryption, and not after encryption.  I.e., the
> chunking and AEAD encryption should be tied together such that the chunk
> header is part of the AEAD protection and the chunk data is the AEAD
> encrypted data.
> 
> This approach does, IMHO, map directly into the RFC definition.

This is exactly what I presumed would be done — each chunk is an AEAD segment. I presumed that one would probably put a chunk number as Additional Data, and that the nonce context would carry over from one chunk to the next in some reasonable way.

That’s directly analogous to the present chunking mechanism, which uses CFB as a stream.

	Jon