And thanks Neal for the suggestion!
_____________________________________
Ronald Tse
Ribose Inc.
On Feb 28, 2019, at 8:03 AM, Jon Callas
<joncallas=40icloud(_dot_)com(_at_)dmarc(_dot_)ietf(_dot_)org> wrote:
On Feb 27, 2019, at 3:00 PM, Bart Butler
<bartbutler(_at_)protonmail(_dot_)com> wrote:
Hi Jon,
Do I understand correctly that you oppose shrinking the allowable range with
MUST at all too? I think the argument for this is fairly convincing from a
usage perspective to ensure that someone decrypting a large message is not
obligated to download a huge amount of data before finding out that it is
corrupted or otherwise has been tampered with. Likewise, we had to address
unanticipated performance issues in OpenPGP.js with very small chunks which
could have allowed a bad actor to essentially DoS the library with a
strangely-constructed message.
In other words, I'm not really swayed by the implementation simplification
argument but I do think that very small or very large chunk size, in
addition to *probably* being useless, pose a real threat in terms of abuse.
So I think having a MUST for the range, maybe 16kiB to 256 kiB, or 16 kiB to
1024 kiB is a reasonable thing to do. And as long as we keep the size byte,
we can always increase the upper limit of the range in the future if needed.
My warning is against shooting someone else in the foot, or forcing them to
use some other protocol.
Thus, saying (e.g.) that the range MUST be between 1K and 16K is a bad idea;
we even know now that 256K has in some cases an efficiency advantage. You can
say, MUST support 1K to 16K, SHOULD support up to 256K and MAY support larger
sizes. There can also be a couple of paragraphs to explain that there are
good reasons neither to be very small nor very large.
My concern is someone saying something like, “Gosh, I’d like to have OpenPGP
AEAD encryption for S3 Objects, but I can’t ‘cause those go up to 5TB.”
Anyone who’s going to use 5TB objects probably knows the headaches they
inherit and yeah, you aren’t going to do that on a Cortex M0.
Does this make sense?
Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp