‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, February 28, 2019 12:42 AM, Neal H. Walfield
<neal(_at_)walfield(_dot_)org> wrote:
On Wed, 27 Feb 2019 22:34:09 +0100,
Bart Butler wrote:
So ideally we’d prefer to keep the size byte, but to shrink its
range in both directions. For example, the RFC could state that the
chunk SHOULD be 16 kiB (or 256 kiB, hint hint), but decryption MUST
be available for `c` values between 8-12 inclusive. This would also
allow us to be backwards-compatible with messages that have already
been created following the current version of the draft, which do
exist given the benefit that AEAD provides and that OpenPGP.js has
supported the current draft in experimental mode for most of the
last year.
Could you please comment on the approximate number of messages that
have been sent with AEAD? Is protonmail doing AEAD exclusively these
days?
I can't because I do not know--it's an experimental feature in OpenPGP.js. I do
know that some users of the library are using it internally in closed systems,
and we'd prefer not to break decryption for their existing messages but also
prefer not to keep supporting an obsolete draft. You could argue that they
shouldn't have used an experimental feature for production but given how
overdue AEAD is for PGP I find it difficult to blame them myself.
ProtonMail doesn't use V5 keys yet at all, as we exist within the federated
email ecosystem and it would break compatibility. So this is not coming from us
personally, just on behalf of the OpenPGP.js community in general.
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp