[Top] [All Lists]

Re: [openpgp] AEAD Chunk Size

2019-02-28 13:45:11
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, February 28, 2019 12:42 AM, Neal H. Walfield 
<neal(_at_)walfield(_dot_)org> wrote:

On Wed, 27 Feb 2019 22:34:09 +0100,
Bart Butler wrote:

So ideally we’d prefer to keep the size byte, but to shrink its
range in both directions. For example, the RFC could state that the
chunk SHOULD be 16 kiB (or 256 kiB, hint hint), but decryption MUST
be available for `c` values between 8-12 inclusive. This would also
allow us to be backwards-compatible with messages that have already
been created following the current version of the draft, which do
exist given the benefit that AEAD provides and that OpenPGP.js has
supported the current draft in experimental mode for most of the
last year.

Could you please comment on the approximate number of messages that
have been sent with AEAD? Is protonmail doing AEAD exclusively these

I can't because I do not know--it's an experimental feature in OpenPGP.js. I do 
know that some users of the library are using it internally in closed systems, 
and we'd prefer not to break decryption for their existing messages but also 
prefer not to keep supporting an obsolete draft. You could argue that they 
shouldn't have used an experimental feature for production but given how 
overdue AEAD is for PGP I find it difficult to blame them myself.

ProtonMail doesn't use V5 keys yet at all, as we exist within the federated 
email ecosystem and it would break compatibility. So this is not coming from us 
personally, just on behalf of the OpenPGP.js community in general.

Attachment: signature.asc
Description: OpenPGP digital signature

openpgp mailing list
<Prev in Thread] Current Thread [Next in Thread>