ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Need to publish bis-05

2018-07-27 15:42:42
On Fri, Jul 27, 2018 at 08:37:02PM +0000, brian m. carlson wrote:
On Fri, Jul 27, 2018 at 03:20:32PM -0500, Benjamin Kaduk wrote:
On Fri, Jul 27, 2018 at 08:00:33PM +0000, brian m. carlson wrote:

I agree that we should lower this.  I happen to think the overhead
involved in 64 KiB chunks isn't that significant, but if that's a
concern, we could raise it to 1 MiB.  I'd like to point out, though,
that I suggested a smaller chunk size because that's what TLS has
traditionally done: most TLS implementations don't allow the full 16 MiB
chunk size for DoS reasons.

Can you expound on this more?  It does not match my understanding of the
TLS ecosystem.  (Also, isn't it 16K?)

Ah, I believe I was misremembering.  The chunk size for encryption is
indeed 2^14 bytes; I think I was remembering the handshake messages,
which are 2^24 bytes.  OpenSSL at least does limit the size of the
handshake messages, although, as you pointed out, not encrypted
messages.

Thanks for clarifying (and looking it up!).

Regardless, my (mistaken) impression was the reason for the original
decision.  I think we should pick values that are safe for all
reasonable implementations, including smaller ones, and where possible,
be willing to see what other protocol specifiers have done and learn
from their wisdom and mistakes.

FWIW, I agree that we should have values safe for all reasonable
implementations.

-Ben

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
<Prev in Thread] Current Thread [Next in Thread>