ietf-openpgp
[Top] [All Lists]

Re: [openpgp] AEAD Chunk Size

2019-03-27 10:50:59
Tobias Mueller <muelli(_at_)cryptobitch(_dot_)de> writes:

[snip]
Note that there is *a single output* rather than multiple and that it
doesn't allow for releasing partial plaintexts or authenticated
prefixes.
Do you see that any chunking protocol on top of that which is allowed
for releasing plaintext early is not immediately covered by this
definition?

In my mind, each chunk is its own AEAD ciphertext.  So the chunking is
happening *during* AEAD encryption, and not after encryption.  I.e., the
chunking and AEAD encryption should be tied together such that the chunk
header is part of the AEAD protection and the chunk data is the AEAD
encrypted data.

This approach does, IMHO, map directly into the RFC definition.

-derek

-- 
       Derek Atkins                 617-623-3745
       derek(_at_)ihtfp(_dot_)com             www.ihtfp.com
       Computer and Internet Security Consultant

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>