[Cfrg] New Version Notification for draft-wood-cfrg-aead-limits-00.txt

Christopher Wood <caw@heapingbits.net> Wed, 20 May 2020 17:01 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F109A3A0AA9 for <cfrg@ietfa.amsl.com>; Wed, 20 May 2020 10:01:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=EENbiBTK; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=gUXLW1wd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7C0XMlz0xbT for <cfrg@ietfa.amsl.com>; Wed, 20 May 2020 10:01:55 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87BB93A0A9A for <cfrg@irtf.org>; Wed, 20 May 2020 10:01:55 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id E0D231521 for <cfrg@irtf.org>; Wed, 20 May 2020 13:01:54 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Wed, 20 May 2020 13:01:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:date:from:to:subject:content-type :content-transfer-encoding; s=fm1; bh=lvvRzcMqs0kAbhFu9Z2P4thLcf y7H32VD643krhVIW0=; b=EENbiBTKpHcQ63aAkyw/iQWfCwY6LHjupOIfkh4Clw siD/cOB4geXWlRlUFN5Q4OvOiY9uf+LgsVrbG4rFTNP+GifW7n0dPvWjhbH6fur+ v4lanZS0xNN0BPehIURXB4foQUk1CIO4lmuyW1ZWtaL9V1+ulSAnyV4RRKJenfuw lqiUq+/yEWUD9C7M2cFQgF8W0hIoZVU0/Giv3aPiIsO6if1GmFfK4cX7WeXb/Hc9 4HsjRLTl/k8mE35qxSzOhbqKNBLmy7+hAQIDk5EyL6xKo3xwqSsaKOq5eZGzNh7f FtfIjSrxKP9NVQYhwkf89c3Lp3RHxxcyzN6br8hsNFJA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=lvvRzc Mqs0kAbhFu9Z2P4thLcfy7H32VD643krhVIW0=; b=gUXLW1wdSR9Zro7I2c/UGm DuGbS+qnGvfqoCd7Gpzaf+xDcOrOM4yyXScruAFIcciOWZxHaTvpFW9rg7Vha/zh QCa0TtnH6BMQe8zJFM6YICXmLJU1kWGTT5xC3G12WMeoNlk3vfyobea3/Jyviupv Dehp5/MrtOPLe/MV5SxQtdThvSf3iaRrwCyNnwpIqyYWfJ33GianaFYURgeUXuJ4 ASQOh2NE+uUswMBAlhBN7roR+FzBU2/aG6nqR0VBNdnisH7DjD374mfFbQNUq+vh SuPXjO/aUgN4pUpAjv3XD9N5iwQXSo3utzIMQd724mnvbZu0kRxinPrCTfrqvXdg ==
X-ME-Sender: <xms:gmLFXtmDYyuJpjAkRW2POnoP6oswbT1U34OeE20WrsCS4HaAND5BPw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedruddtledguddthecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeejffetgfekgf ehgfevgfeutddtvdehudffvedtheevhedvheektdetudehudejleenucffohhmrghinhep ihgvthhfrdhorhhgpdhrhhhulhdrrggtrdhukhdpughoihdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhg sghithhsrdhnvght
X-ME-Proxy: <xmx:gmLFXo011uNNFoiOR3PQ6A9nMBa_xVkp-LdG55bz9sFc9Nd43jQPeQ> <xmx:gmLFXjrTrRHtRWPebkEi4ElyDOuWEz4RpXwG14plaXAv9oxNA-CrTw> <xmx:gmLFXtl3JP3d6EVkeE27C-dgGG7QeraBAcD_AO74O4Wk2lLpXo5XGA> <xmx:gmLFXi0nXts0a11etmf-AEAWC0DQfRNfoD407-juN1ms6SZC6O_qqw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 271113C00A1; Wed, 20 May 2020 13:01:54 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-464-g810d66a-fmstable-20200518v1
Mime-Version: 1.0
x-forwarded-message-id: <158998423817.6963.17671171107563438959@ietfa.amsl.com>
Message-Id: <fb034764-2ce4-4bd1-b8e9-baca2d1d69f2@www.fastmail.com>
Date: Wed, 20 May 2020 10:01:17 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: cfrg@irtf.org
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/-fwfbfa2JZMkbjQJt-2BTvkZyV0>
Subject: [Cfrg] New Version Notification for draft-wood-cfrg-aead-limits-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2020 17:01:58 -0000

Based on recent discussions in the QUIC [1] and TLS [2] working groups, Martin, Felix, and I felt it would be useful if we documented the confidentiality and integrity bounds of AEADs used in those protocols. This is more or less pulling together results documented elsewhere, such as [3], with some additional work for AEAD_AES_128_CCM and AEAD_AES_128_CCM_8 based on [4]. We're also re-examining the AEAD_CHACHA20_POLY1305 bounds offline.

We plan to add more content going forward, including limit simplifications for different protocol scenarios (with different q and v values). 

Do folks think this is work worth continuing? As always, any and all feedback is welcome!

Thanks,
Chris

[1] https://mailarchive.ietf.org/arch/msg/quic/28W4-5HxqHSf62PTICnxKU3izks/
[2] https://mailarchive.ietf.org/arch/msg/tls/QpV0KZILrwUxeEZ3_QUoz74r-P8/
[3] https://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf
[4] https://doi.org/10.1007/3-540-36492-7_7

----- Original message -----
From: internet-drafts@ietf.org
To: "Christopher A. Wood" <caw@heapingbits.net>et>, Christopher Wood <caw@heapingbits.net>et>, Martin Thomson <mt@lowentropy.net>et>, "Felix Günther" <mail@felixguenther.info>fo>, Felix Gunther <mail@felixguenther.info>
Subject: New Version Notification for draft-wood-cfrg-aead-limits-00.txt
Date: Wednesday, May 20, 2020 7:17 AM

A new version of I-D, draft-wood-cfrg-aead-limits-00.txt
has been successfully submitted by Christopher Wood and posted to the
IETF repository.

Name:		draft-wood-cfrg-aead-limits
Revision:	00
Title:		Usage Limits on AEAD Algorithms
Document date:	2020-05-20
Group:		Individual Submission
Pages:		10
URL:            https://www.ietf.org/internet-drafts/draft-wood-cfrg-aead-limits-00.txt
Status:         https://datatracker.ietf.org/doc/draft-wood-cfrg-aead-limits/
Htmlized:       https://tools.ietf.org/html/draft-wood-cfrg-aead-limits-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-wood-cfrg-aead-limits


Abstract:
   An Authenticated Encryption with Associated Data (AEAD) algorithm
   provides confidentiality and integrity.  Excessive use of the same
   key can give an attacker advantages in breaking these properties.
   This document provides simple guidance for users of common AEAD
   functions about how to limit the use of keys in order to bound the
   advantage given to an attacker.

                                                                                  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat