I forgot to address this in the last message: On Fri, 10 Jun 2016, Marcus Watts wrote: > 2. > session handshake & message exchange > w/ confounder >= block_size, cbc-cts -- there's no need to send pad bytes. > [ cts, ciphertext stealing, is a simple modification of cbc to > not send some bytes which turn out to to be unnecessary; does > not hurt security, see > https://en.wikipedia.org/wiki/Ciphertext_stealing ] If we knew that we would always know when the end of a payload was coming before we got to that last encryption block, we could skip the padding, but it would be complex and fragile. The key requirement is that we want to be able to flush data over the wire and have the other end process it at any message boundary. And the receiver would need to know that it should do it's ciphertext stealing thing when it has only read a fraction of that last block off the wire. IMO just specifying the block_size as an auth method attributes simplifies everything: we don't have to write code to do the ciphertext stealing, and we can more or less blindly read data off the wire in chunks that we know can be decrypted. It costs a few extra bytes, per frame, but I think the performance and simplicity win is more than worth it. sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
