Re: [openpgp] AEAD Chunk Size

Benjamin Kaduk <kaduk@mit.edu> Sun, 28 April 2019 03:32 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8080A1200B1 for <openpgp@ietfa.amsl.com>; Sat, 27 Apr 2019 20:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8r-9aaHUjhWc for <openpgp@ietfa.amsl.com>; Sat, 27 Apr 2019 20:32:12 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAD1F120048 for <openpgp@ietf.org>; Sat, 27 Apr 2019 20:32:11 -0700 (PDT)
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x3S3W7aj019634 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <openpgp@ietf.org>; Sat, 27 Apr 2019 23:32:09 -0400
Date: Sat, 27 Apr 2019 22:32:07 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: "openpgp@ietf.org" <openpgp@ietf.org>
Message-ID: <20190428033206.GA60332@kduck.mit.edu>
References: <E65F6E9D-8B0B-466D-936B-E8852F26E1FF@icloud.com> <87d0m9hl62.wl-neal@walfield.org> <FEE9711C-3C64-493C-8125-89696B882E0A@icloud.com> <2di2bK8m-7HtDeoUEH9oPqs-bL-IKSE0CjkgFShPMLOlUyeDBVkVGApdjnIpS6YRAeKU3ibGCZCtwLden-N6zK5W4fqIghRGDa5dU720nEs=@protonmail.com> <73739F8A-5E9F-4277-B053-FDD2E8D81B17@icloud.com> <cc75QwJwTIffqLK7fzZ3A2Pw1Vb3_lkhSHfYRPyASZcxceG2c0Cpbld529WsXosP7X9x4agikpGD4dVTXK8iaRkblS9Jokv1tD2TceQBbyE=@protonmail.com> <18FF6D9C-B285-406E-A344-E6362646DE68@icloud.com> <YMBMgZGGCSQb4Bnp9xRFkBfOn-I97FrycqHK4NvuHUkgtmL6_UaumtHJwJc-4nbmACSHrA4CWqEeLMDUuoVFMq0Vc6M0fwO8G40Mq1heEgI=@protonmail.com> <uIkPmRBGfmyVi5QPuVeXkm02_Y_zfPUWPWCsZtDHyjFaFbNOY8mJyUK42pm80AJ-_-jf-ut1xPK_SMkjGDgrL4cT4BcAbeaBQvSYhqFoD7U=@protonmail.com> <875zr5ywd7.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <875zr5ywd7.fsf@wheatstone.g10code.de>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/wc-AVuIMwazy8rcNJ7y9dzqo85c>
Subject: Re: [openpgp] AEAD Chunk Size
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Apr 2019 03:32:13 -0000

Hi Werner,

On Tue, Apr 23, 2019 at 10:11:16AM +0200, Werner Koch wrote:
> On Thu, 18 Apr 2019 17:28, bartbutler=40protonmail.com@dmarc.ietf.org
> said:
> 
> > hope Werner likes this because GnuPG is already doing 8KiB chunks, so
> 
> I am not sure about the context.  Are you talking about the partial
> length encoding or about the AEAD chunk size, a modification of AEAD to
> allow detection of transmission errors before the end of the data?
> 
> GnuPG 2.3 creates AEAD chunks not larger than 128 MiB.  This can be
> changed with an option down to 64 bytes.  However such a values is only
> useful for regression testing as it slows down the performance.  I may
> consider to change the default to 1 MiB but not lower.
> 
> Let me repeat that the whole discussion on the size of the AEAD chunks
> is mostly off topic because the chunks are _only_ here to allow

I'm willing to believe that the reason you state is why it was originally
added.  But the volume of discussion we've had already makes me pretty
skeptical that it remains the only reason people might want to have AEAD
chunks, so your argument would be much stronger if you made some reference
to the technical subjects that have been raised and why you believe they
are not relevant.

Thanks,

Ben

> detection of transmission errors before Gigabytes of data have been
> processes.  This was the reason why I suggested to Brian the addition of
> a chunking mode for AEAD.
> 
> Whether the received data is authentic can only be asserted by checking
> the signature and that can obviously only be done after all AEAD chunks
> have been decrypted.
> 
> Those implementations wanting to show a preview can do so regardless of
> any AEAD validation etc.  They should just make clear to the user that
> this is an unauthenticated and possible corrupted preview of the data.
> 
> For all other purposes I propose to use a different protocol on top of
> OpenPGP a (e.g MIME) and not to overload OpenPGP with unneeded stuff.
> Or well, start from scratch and use a different name for it.
> 
> 
> Salam-Shalom,
> 
>    Werner
> 
> -- 
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp