Hi,
On Tue, 24 Jul 2018 09:33:21 +0200
Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
** Limit the chunk size of AEAD packets:
An implementation MUST support chunk size octets with values from 0
to 56. Chunk size octets with other values are reserved for future
+ extensions. Implementations SHOULD NOT create data with a chunk
size
+ octet value larger than 21 (128 MiB chunks) to facilitate buffering
of
+ not yet authenticated plaintext.
This does not seem to reflect the lessons to be learned from efail.
I think it is very important to hard-restrict the chunk size to a
manageable size, also manageable for small devices (i.e. even 128 mb is
far too much), so that authenticating before any output is produced is
always feasible.
I.e. I propose to change it to a MUST NOT and to have a smaller
maximum chunk size (I think something in the kilobyte range is a good
choice).
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno(_at_)hboeck(_dot_)de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
pgpJ8XhuKNCDj.pgp
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp