Re: [openpgp] Backwards compatibility vs streaming verification of v6 clearsigned messages
Vincent Breitmoser <look@my.amazin.horse> Wed, 24 May 2023 13:40 UTC
Return-Path: <look@my.amazin.horse>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 974FAC13AE35 for <openpgp@ietfa.amsl.com>; Wed, 24 May 2023 06:40:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=my.amazin.horse
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gZHoWWsamfM for <openpgp@ietfa.amsl.com>; Wed, 24 May 2023 06:40:14 -0700 (PDT)
Received: from my.amazin.horse (my.amazin.horse [IPv6:2a03:4000:3f:29c::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0747C13AE40 for <openpgp@ietf.org>; Wed, 24 May 2023 06:40:14 -0700 (PDT)
Received: from [172.27.30.198] (unknown [87.130.56.210]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by my.amazin.horse (Postfix) with ESMTPSA id E1C2467318 for <openpgp@ietf.org>; Wed, 24 May 2023 15:40:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=my.amazin.horse; s=2020; t=1684935611; bh=Hm+cC94DN6KFlm9kmcNFVFxs+TK275Rh3coUZNbhX1E=; h=Date:To:References:From:Subject:In-Reply-To; b=Y9+XlpQR7zirkD4Ym0+0VX69PocCFJDdgbf8Qe0fN3J5yCMDVLrkGXa2VeDl75mf7 V9YLIdiIEvD5HCz7OAcPHB0cS0LWwcog79yOsx6y/5D6sRSucsgTKt/RodAiGjTWLL +Y317dapuE5HD1U125C9H5b5HTwiqf+cgvFvtKI8=
Message-ID: <7c9f97df-f06b-6f87-3776-8f351289cb31@my.amazin.horse>
Date: Wed, 24 May 2023 15:40:11 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0
To: openpgp@ietf.org
References: <LaSdaOASqnixctT3XuZHNIeldK2IPqJvHbqo_qkFjdrMBOQ4SKhiWl_76xq2P6l2Wts9rJ6MTTRLfpj9sqyG4_F4etjNcgEt6pmmtuyfsBY=@protonmail.com> <87h6s2hezc.fsf@fifthhorseman.net>
Content-Language: en-US
From: Vincent Breitmoser <look@my.amazin.horse>
In-Reply-To: <87h6s2hezc.fsf@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/vjBoQVRE-PFgmsqwMBTSdc2bDkA>
Subject: Re: [openpgp] Backwards compatibility vs streaming verification of v6 clearsigned messages
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2023 13:40:18 -0000
Hey list, > Does anyone want to propose a fifth option that the WG should consider? > Anyone want to voice a preference for any of the above four options? I got one: # Drop CSF headers altogether CSF headers are pointless to the user at best, confusing or misleading at worst. They are easily mangled along transports in ways that break the signed message. We are also now in a situation where implementations say "there must be exactly this one header, or we won't process the message altogether". That's three bits of being problematic, so we better have a justification for having it in the first place: That justification is efficient processing. Similar to one-pass signatures, we can hash the message right away and therefore verify the signature in a single pass. While that is for sure a nice technical property to have, I find it questionable that CSF signed messages need any kind of "efficient" processing by today's computing standards - they are meant to be easy for humans to inspect and pass around, so will typically be a few kilobytes in size or maybe a megabyte at most. It will routinely be loaded into RAM in its entirety to display to users. Getting rid of the whole header discussion altogether, at the expense of less efficient processing, sounds like a good deal to me. Maybe slap on a notice that implementations should warn the user not to use it for 500kb+ messages or so. That said, I'm not sure whether such a change is in scope for a crypto-refresh. But I thought I'd put it on the table, if just for completeness' sake. Cheers - V
- [openpgp] Backwards compatibility vs streaming ve… Daniel Huigens
- Re: [openpgp] Backwards compatibility vs streamin… Daniel Kahn Gillmor
- Re: [openpgp] Backwards compatibility vs streamin… Daniel Huigens
- Re: [openpgp] Backwards compatibility vs streamin… Justus Winter
- Re: [openpgp] Backwards compatibility vs streamin… Andrew Gallagher
- Re: [openpgp] Backwards compatibility vs streamin… Andrew Gallagher
- Re: [openpgp] Backwards compatibility vs streamin… Vincent Breitmoser
- Re: [openpgp] Backwards compatibility vs streamin… Andrew Gallagher
- Re: [openpgp] Backwards compatibility vs streamin… Daniel Kahn Gillmor
- Re: [openpgp] Backwards compatibility vs streamin… Andrew Gallagher
- Re: [openpgp] Backwards compatibility vs streamin… Paul Wouters
- Re: [openpgp] Backwards compatibility vs streamin… iang
- Re: [openpgp] Backwards compatibility vs streamin… vedaal
- Re: [openpgp] Backwards compatibility vs streamin… Justus Winter
- Re: [openpgp] Backwards compatibility vs streamin… Vincent Breitmoser
- Re: [openpgp] Backwards compatibility vs streamin… Paul Wouters
- Re: [openpgp] Backwards compatibility vs streamin… Daniel Huigens
- Re: [openpgp] Backwards compatibility vs streamin… Daniel Kahn Gillmor
- Re: [openpgp] Backwards compatibility vs streamin… Daniel Kahn Gillmor