Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change max encrypted document and max chunk size #62

Merged
merged 1 commit into from
Aug 5, 2021
Merged

Change max encrypted document and max chunk size #62

merged 1 commit into from
Aug 5, 2021

Conversation

DRK3
Copy link

@DRK3 DRK3 commented Jul 8, 2021
edited
Loading

closes #22

  • Max encrypted document size is now 10MiB (used to be 16MB).
  • Updated some text to indicate that the limit is on Encrypted Documents, not Structured Documents.

@DRK3 DRK3 requested review from csuwildcat, msporny and OR13 as code owners July 8, 2021 19:05
@DRK3
Copy link
Author

DRK3 commented Jul 8, 2021

Feedback from call:

Add normative language

Explain how that limit is calculated (e.g. based on UTF-8 JSON)

@DRK3
Copy link
Author

DRK3 commented Jul 18, 2021

@msporny To make this normative, should the 10MiB limit be moved to https://identity.foundation/edv-spec/#encrypteddocument?

@msporny
Copy link
Contributor

msporny commented Jul 18, 2021
edited
Loading

@msporny To make this normative, should the 10MiB limit be moved to https://identity.foundation/edv-spec/#encrypteddocument?

Yes, it might be better to move the limit there.

As an aside, the thing that makes a statement normative or not is the use of the words (all caps): MUST, SHOULD, MAY, RECOMMENDED... and the rest of the IETF RFC normative statement language -- https://www.rfc-editor.org/rfc/rfc2119.html

ReSpec (the editing tool) is usually good about only letting you use those statements in normative sections of the specification. If you try to use those words in "informative" sections, like the introduction, it'll complain loudly. :)

@DRK3 DRK3 force-pushed the UpdateMaxDocumentSize branch 2 times, most recently from d9a3911 to ec6b02d Compare July 18, 2021 22:29
@DRK3
Copy link
Author

DRK3 commented Jul 18, 2021

@msporny To make this normative, should the 10MiB limit be moved to https://identity.foundation/edv-spec/#encrypteddocument?

Yes, it might be better to move the limit there.

As an aside, the thing that makes a statement normative or not is the use of the words (all caps): MUST, SHOULD, MAY, RECOMMENDED... and the rest of the IETF RFC normative statement language -- https://www.rfc-editor.org/rfc/rfc2119.html

ReSpec (the editing tool) is usually good about only letting you use those statements in normative sections of the specification. If you try to use those words in "informative" sections, like the introduction, it'll complain loudly. :)

Good to know! I've updated my PR to include normative text under the Encrypted Document section.

An encrypted document's size MUST NOT exceed 10MiB.

@DRK3
Copy link
Author

DRK3 commented Jul 18, 2021

Regarding how the limit is calculated - does this standard mandate what character set to use? Should be pick one now? Or maybe we can create an issue to explore this later.

@msporny
Copy link
Contributor

msporny commented Jul 19, 2021
edited
Loading

Regarding how the limit is calculated - does this standard mandate what character set to use? Should be pick one now? Or maybe we can create an issue to explore this later.

Yes, a good question. I expect that we may want to pick some place where it's easy to measure... like "on the wire". So, if your HTTP body is above 10MiB, the request is rejected. How the data is stored behind the API is implementation specific, and so will vary depending on optimizations implementations may do.

If it were me, I'd limit it to sent/received HTTP body size... then the question becomes, is that uncompressed or compressed HTTP body size? I expect that we might want application front-ends to be able to abort when you go above 10MiB without concern for uncompressed size... that is, we want the application servers to be able to abort using a simple rule... "is the HTTP body I'm receiving going above 10MiB? If so, abort... we don't care if it's compressed or uncompressed via gzip." I'll also note that because we're dealing w/ encrypted blobs, gzip compression isn't expected to provide huge savings.

@DRK3
Copy link
Author

DRK3 commented Jul 19, 2021

@msporny HTTP body size (regardless of compression) sounds like a good idea. To me. Anyone else have any comments?

@msporny
Copy link
Contributor

msporny commented Jul 20, 2021

Anyone else have any comments?

@dlongley any thoughts here?

@dlongley
Copy link
Contributor

@DRK3, @msporny,

HTTP body size (regardless of compression) sounds like a good idea. To me. Anyone else have any comments?

+1 to HTTP body size. I can't remember if there will be any frustrating edge cases in implementations with transfer-encoding: chunked or that sort of thing, but we should make the spec say HTTP body size and then get implementation experience.

@DRK3 DRK3 force-pushed the UpdateMaxDocumentSize branch from ec6b02d to e2b0c17 Compare July 22, 2021 19:33
@DRK3
Copy link
Author

DRK3 commented Jul 22, 2021

@msporny @dlongley I've updated my PR to now specify that the size is based on the HTTP body size. Let me know if you can think of any improvements to the wording.

@DRK3
Copy link
Author

DRK3 commented Jul 22, 2021
edited
Loading

Discussed on the July 22, 2021 WG call:

  • Chunk size should be smaller (1 MiB) in order to mitigate DoS attacks (find out more quickly if a chunk is bad) (no objections)

@DRK3 DRK3 force-pushed the UpdateMaxDocumentSize branch from e2b0c17 to 1914ff8 Compare August 4, 2021 01:05
@DRK3 DRK3 changed the title Change max document size Change max document and max chunk size Aug 4, 2021
Change max encrypted document and max chunk size
5e9fdc1 
- Max encrypted document size is now 10MiB (used to be 16MB).
- Max chunk size is now 1MiB (wasn't explicitly defined before).
- Updated some text to indicate that the limit is on Encrypted Documents, not Structured Documents.
@DRK3 DRK3 force-pushed the UpdateMaxDocumentSize branch from 1914ff8 to 5e9fdc1 Compare August 4, 2021 01:06
@DRK3 DRK3 changed the title Change max document and max chunk size Change max encrypted document and max chunk size Aug 4, 2021
@DRK3
Copy link
Author

DRK3 commented Aug 4, 2021

Updated this PR to specify the max chunk size.

dmitrizagidulin
dmitrizagidulin approved these changes Aug 5, 2021
View reviewed changes
Copy link
Contributor

@dmitrizagidulin dmitrizagidulin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@dmitrizagidulin dmitrizagidulin merged commit 42c769a into decentralized-identity:main Aug 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmitrizagidulin dmitrizagidulin dmitrizagidulin approved these changes

@msporny msporny msporny approved these changes

@csuwildcat csuwildcat Awaiting requested review from csuwildcat csuwildcat is a code owner

@OR13 OR13 Awaiting requested review from OR13 OR13 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Max structured document size
4 participants
@DRK3 @msporny @dlongley @dmitrizagidulin