age-plugin: Add labels extension to recipient-v1
#37
Conversation
| - The `x25519` recipient stanza has an implicit empty label set. | ||
| - The `scrypt` recipient stanza has an implicit label set containing a single | ||
| random label. |
There was a problem hiding this comment.
In str4d/rage#365 (comment) I noted that we also need to decide on how file header grease (currently unspecified) interacts with the label set, because what it results in is extra stanzas.
The simplest approach, and the one compatible with the behaviour of pre-labels clients, is that grease has an implicit empty label set. This lets it be added alongside x25519 and any pre-labels plugins, but not alongside scrypt. However, it means that plugins which start using labels would as a side-effect never have their headers greased. This might be fine (and in fact would probably be a nice side-effect for corp usage, where you probably don't want random extra stanzas), but would be annoying for e.g. postquantum-only headers.
There was a problem hiding this comment.
It's indeed a greasing loss, but probably worth it to keep the implementation general. Empty label set sounds right.
| - The `x25519` recipient stanza has an implicit empty label set. | ||
| - The `scrypt` recipient stanza has an implicit label set containing a single | ||
| random label. |
There was a problem hiding this comment.
It's indeed a greasing loss, but probably worth it to keep the implementation general. Empty label set sounds right.
| treat the plugin's recipient stanzas has having an empty label set. | ||
| - The `x25519` recipient stanza has an implicit empty label set. | ||
| - The `scrypt` recipient stanza has an implicit label set containing a single | ||
| random label. |
There was a problem hiding this comment.
| random label. | |
| random label. In other words, it can't be combined with any other stanza. |
| - `(extension-labels)` - indicates that the client is using "labels" to constrain | ||
| the recipient stanzas that it will accept. |
There was a problem hiding this comment.
| - `(extension-labels)` - indicates that the client is using "labels" to constrain | |
| the recipient stanzas that it will accept. | |
| - `(extension-labels)` - indicates that the client supports "labels" to constrain | |
| the recipient stanzas and will accept a `labels` command in phase 2. |
| - The order of labels in the command is undefined. Clients MUST treat them as a | ||
| set. |
There was a problem hiding this comment.
| - The order of labels in the command is undefined. Clients MUST treat them as a | |
| set. | |
| - The order of labels in the command is irrelevant. Clients MUST treat them as an | |
| unordered set. |
| more than once. | ||
| - The order of labels in the command is undefined. Clients MUST treat them as a | ||
| set. | ||
| - Response is `(ok)`. |
There was a problem hiding this comment.
| - Response is `(ok)`. | |
| - Response is `(ok)` or an error. |
| postquantum-secure, and that they can only be combined with other stanzas | ||
| that are also postquantum-secure. | ||
| - *Common private label* - used by plugins created by the same private entity | ||
| to permit their recipient stanzas to be used together. For example, private |
There was a problem hiding this comment.
| to permit their recipient stanzas to be used together. For example, private | |
| to permit their recipient stanzas to be used only together. For example, private |
| recipient stanzas it generates in this phase. | ||
| - Labels can have any value, but usually take one of several forms: | ||
| - *Common public label* - used by multiple plugins to permit their recipient | ||
| stanzas to be used together. Examples include: |
There was a problem hiding this comment.
| stanzas to be used together. Examples include: | |
| stanzas to be used only together. Examples include: |
Designed with @FiloSottile.
This extension to
recipient-v1enables clients to require that plugins provide a set of labels at encryption time. These labels are used to restrict which stanzas can appear together in the same file header.We don't make any changes to
identity-v1because decryption time restrictions are pointless: an attacker can drop stanzas or reuse the single stanza.This can be used for