Hi,
On Fri, April 12, 2019 9:46 am, Neal H. Walfield wrote:
On Fri, 12 Apr 2019 15:36:58 +0200,
Derek Atkins wrote:
Marcus Brinkmann
<marcus.brinkmann=40ruhr-uni-bochum(_dot_)de(_at_)dmarc(_dot_)ietf(_dot_)org>
writes:
[snip]
In my mind, this sounds like the implementation is broken. If it
releases AEAD plaintext before the end of the AEAD chunk then it is
non-conforming and should be considered broken.
I fully agree with you.
Given this position, it seems to me that all implementations will
necessarily fail on very large chunks (e.g., 4 exabytes). So, why
even allow them [1]? It seems to me that these permissible options
just create a temptation to create broken implementations.
Not necessarily; it could buffer to disk (just like PGP2 did, and even
PGP3/5 in certain circumstances). In my mind, buffering to disk is not
the same as releasing the plaintext. So it COULD still be conformant,
even with 4 exabytes.
Thanks,
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp