How much of AAD is actually necessary?

[vasilvv]

The draft defines:

SECURE_OBJECT_AAD {
    Key ID (i),
    Group ID (i),
    Object ID (i),
    Track Namespace (..),
    Track Name Length (i),
    Track Name (..),
    Serialized Immutable Extensions (..)
}

My observation:

• Key ID is already in Serialized Immutable Extensions
• Group ID and Object ID are in the nonce construction.
• Full Track Name is already bound through the key derivation.

I don't mind the integer ones that much, but full track name has the annoyance of being variable-size and potentially large, so it would be nice if we could avoid unnecessary per-message overhead.

[fluffy]

This is good point and I need to think more about the answer.

I wanted to add one point to note on this ... we are trying to keep this cryptographically isomorphic with SFrame, and SFrame does AAD across the header which includes CTR and KID. This GroupID and ObjectID form the equivalent of CTR. So to match sframe, I think we need thoses but that does not answer if Full Track Name is also needed. I'd like to better understand why these are included in SFrame.

[fluffy]

Need to consider the case where two tracks in the same namespace share the same keyID and secret and make sure that a relay can not swap objects between tracks.