On Apr 2, 2019, at 6:12 AM, Conrado P. L. Gouvêa
<conradoplg(_at_)gmail(_dot_)com> wrote:
On Sat, Mar 30, 2019 at 11:59 PM Peter Gutmann
<pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz> wrote:
I'm not saying remove it, just get some data to support making a decision in
some way. In particular, AEAD is a good thing, but there's no evidence that
chunking with AEAD, which complicates things greatly, is useful or necessary.
I know you're tired of hearing about it... but EFail.
Even if PGP used AEAD, but without chunks, EFail would probably still
happen. If the AEAD data is arbitrarly large, then implementations
would be forced to provide a streaming API that discloses
unauthenticated plaintext, and the same thing would happen.
No, no, it’s okay, because this why I was saying, “Let’s not talk about Efail.”
The AEAD discussion is good, and there are many reasons to upgrade to allow its
use. If one of those reasons is complex, then having that be the major reason
means that there’s a counter-argument that is essentially, “if this isn’t the
silver bullet claimed, then maybe we shouldn’t do it,” and worse, it’s a
completely reasonable counter-argument.
There’s one more small issue around AEAD that I’ll bring up in another note.
Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp