ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] AEAD encrypted data packet with EAX

2017-07-03 13:24:38
from [Werner Koch] [Permanent Link] 
On Mon,  3 Jul 2017 19:06, sandals(_at_)crustytoothpaste(_dot_)net said:


Yes, I tend to agree.  Did you feel the existing extensibility mechanism
in my proposal (cipher algo, AEAD algo, chunk size) was insufficient or
did you have something else in mind?


Frankly, I answered out of my memory without reading your proposal
again.  Let's see:

  * A one-octet chunk size.

This is general enough for all algorithms.

  * A starting initialization vector of size specified by the AEAD
    algorithm.  This value MUST be unique and it MUST be unpredictable.

This seems to be specific for the selected AEAD mode.  Thus I would prefer
to put this into an algorithm specific section.  For ease of
describing it might be easier to put the next two items also into such
an AEAD specific section.


I think my proposal actually implements that.  Since my chunk proposal
contains the chunk index (basically, an incrementing counter), as long
as we have the key, we can immediately tell if any chunk is corrupt


Right.  I would prefer to have this algorithm specific, though.
Your description says:

  The chunk size octet specifies the size of chunks using the following
  formula (in C), where c is the chunk size octet:

        chunk_size = ((uint64_t)1 << (c + 6))

  An implementation MUST support chunk size octets with values from 0
  to 10.  An implementation MAY support other chunk sizes.  Chunk size
  octets with values larger than 127 are reserved for future extensions.

Thus this allowed for chunks from 64 to 65536 octets.  Given that larger
values are optional, implementations will need limit C to 10.  I
consider this too low for practical purposes.  We should require all
implementations to support the same range.

Given that we have a 64 bit counter the maximum value for C should be 57
- I would even say 56 so that we avoid signed and signed problems in the
number of octets.


If we want something simpler in addition, we could reuse the CRC24 as
most implementations will require it for the ASCII armor format.


Better not.  That requires to run a second algorithm over the data.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Attachment: pgpCnoVvPyOFK.pgp
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] AEAD encrypted data packet with EAX, brian m. carlson
Next by Date:  Re: [openpgp] Expiration impending: <draft-ietf-openpgp-rfc4880bis-01.txt>, Heiko Stamer
Previous by Thread:  Re: [openpgp] AEAD encrypted data packet with EAX, brian m. carlson
Next by Thread:  Re: [openpgp] AEAD encrypted data packet with EAX, brian m. carlson
Indexes:  [Date] [Thread] [Top] [All Lists]