[openpgp] Re: session key length with SEIPDv2

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 10 October 2024 17:25 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 388A8C151066 for <openpgp@ietfa.amsl.com>; Thu, 10 Oct 2024 10:25:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="3Eyrp0Wd"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="dWBljCDu"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ygzspAQzzqYN for <openpgp@ietfa.amsl.com>; Thu, 10 Oct 2024 10:25:34 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5D39C151547 for <openpgp@ietf.org>; Thu, 10 Oct 2024 10:25:34 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1728581133; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=X2LbML8+aXrZ2FuhxzPPbNGQr8oDXv8xr5YE1eKU8X4=; b=3Eyrp0Wd6zoNrgL3HnVnkwnh4txGDGBrCGcetYT/DrQ4d99t5C0IO3t7OoE1mg5tbrx/y ppodnxwthZYMwyZCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1728581133; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=X2LbML8+aXrZ2FuhxzPPbNGQr8oDXv8xr5YE1eKU8X4=; b=dWBljCDupqnw+qZwS69oMRvphCid0IrrVzISGDgBgPrlzM0biVy5LQpYgA8KUAbK9I6Hc P/RID5B31QCR9gJpn8jfRIHTSBw+Hfh6eHCt82/emyYoLBaCLRID/xkS9/4WiWUXGyUbjeU 3iUINBSUWZ1eRH7T2S0+Z4gxuA/PXhn2+s7RzWW8RgUeoYQHWy+RIrKI0AFRddqhlUGqn9h w4uwNtVWJe08/zx+UJ+ypeuCxSNxWnehG/cZFn57nQ4FHupheFzTMNdGFVVXKjM97HrHPhl ySGAMJTy4tyo+f8Gy3lGMQke2zQLec8MqqxgwJtb5yZz0o4kQT3s4uFgUMcQ==
Received: from fifthhorseman.net (AMERICAN-CI.ear2.NewYork6.Level3.net [4.59.214.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 03CBFF9B2 for <openpgp@ietf.org>; Thu, 10 Oct 2024 13:25:32 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 8CE8213F67F; Thu, 10 Oct 2024 13:16:05 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
In-Reply-To: <c575947e-f66c-47f4-9e4b-68ca326e5898@mtg.de>
References: <93b25cce-e9f7-40a7-881f-b81e3033e7b7@posteo.de> <HvPoeoRKHGaIbIcV2cwKvnY8uVH6UqJ2PUAlBu1AFmyr6plq6RNUGqQNKZE9RllDHSdDsmuPmTJeP-BX93cALBiNITsIg40HMFPPcy3Z_dQ=@protonmail.com> <87o73z7pwy.fsf@fifthhorseman.net> <WbuzsNz4I_wBvXGTTrh2mD0r5aAKVye2mZynPySokMkx3djh8a8Ad9GPbbFrAcc74REmwNmrH4trBmjJREDtfpVCdKOsI_PPz34hf2idEuM=@protonmail.com> <87ldyy7lwy.fsf@fifthhorseman.net> <cd727941-b547-4ef2-9e3c-609e93e1f3ab@mtg.de> <87ed4p76fe.fsf@fifthhorseman.net> <c575947e-f66c-47f4-9e4b-68ca326e5898@mtg.de>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HCi QQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/ cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jCsnnp9FdYhaSSUW/vZ8kBAJByWlj A9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20NzRc8ZGtnQGZpZnRoaG9yc2VtYW4ubmV0PsLA EQQTFgoAeQMLCQdHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEu/CS CeyWwC6j4ihJr2u/z6delsF1pvYW3ufgf1L538DFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu3 6RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUlea/cjVwD+ONjdHM74rAa6EEiiqaPjlptiaZx CVqFYXnib6EbZARkBAPnnR8pW8vCBnDXHKu65jNqwF3aH761NaOqqMFfppg8GzjMEZXEJyxYJ KwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOedFliuEiCIUzJsENDCwMUEGBYKAS1HF AAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnwqKWsw56uoWVLIFcs7ZecJ gwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0WHjXNS4FHFAAAAAAAHgAgc2F sdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5M3BLpN0JYjODZpXiEVFu 1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7pSkXCD+jfTSP+CqM58 iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlrAxYhBNR3BAxwwh VqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2Jm/7iUrg/2C5 ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yycAw9CDc44 BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14DgMBC AfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazAWX tEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wU CZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQss x1n5kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
Date: Thu, 10 Oct 2024 13:16:05 -0400
Message-ID: <878quv7uay.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Message-ID-Hash: 5BBMPPJPZJRCFB3DKBM7TIOZSTNR37OX
X-Message-ID-Hash: 5BBMPPJPZJRCFB3DKBM7TIOZSTNR37OX
X-MailFrom: dkg@fifthhorseman.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [openpgp] Re: session key length with SEIPDv2
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/yTLh7KKTDlzpCjxBo8oh1ueQy0E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

On Wed 2024-10-09 17:24:57 +0200, Falko Strenzke wrote:
> I think we agree already on the MUST for the producer. The question
> that remains is whether there should be an equivalent MUST for the
> consumer. I think the main question is how well readers of RFC 9580
> will be aware of the errata. I have no experience with that, but my
> guess would be that it might not have the same reach as RFC 9580. That
> is what my concerns about a strict rule for the consumer are based on.
> How do you see this?

The text that i proposed does not put a MUST on the consumer.  For the
record, i proposed:

    When producing a message using SEIPD v2 with corresponding PKESKs
    or SKESKs, The length of the session key MUST equal the key size of
    the symmetric algorithm used in the encryption container.

    When handling a message that uses SEIPD v2, if the session key size
    does not equal the key size of the symmetric algorithm used in the
    encryption container, the consuming implementation SHOULD warn that
    the message is malformed, and MAY decline to decrypt the message.

Regards,

        --dkg