Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).

Watson Ladd <watsonbladd@gmail.com> Wed, 01 March 2017 18:37 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52B90129668 for <cfrg@ietfa.amsl.com>; Wed, 1 Mar 2017 10:37:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EcPHZd_yBmnw for <cfrg@ietfa.amsl.com>; Wed, 1 Mar 2017 10:36:59 -0800 (PST)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 730DF12964E for <cfrg@irtf.org>; Wed, 1 Mar 2017 10:36:59 -0800 (PST)
Received: by mail-wm0-x22a.google.com with SMTP id 196so30956770wmm.1 for <cfrg@irtf.org>; Wed, 01 Mar 2017 10:36:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=u/zHggTYzfNirQVlKzJwj+TEM4D6LxIhVdKeKly5QQU=; b=rO7X1N66J3AE5uTmb9P7Z7RqX6tWi4gMsDzf7+iHHoFGDQMJgh/6D4FNoOTYC6f+sI oQFm6LlVEBrgmgQ6/Li4mhTGk3K0ouvq1fhuGhADv5KUZWn6Oq0neC2xYjClHR4Q6VzO SDBw6oC/UHeLIB9Zfgen1D6mbvjPBZpfynw7x6R4lzZf9sND7Zr8u68rYXZ8olwvMfIi CKxu++ePyf8TEBo7it/aWGbZxdbzolLmc7IYkQzs376OmlNqpEQwYjmqmthfu4jzrS1n xMpFT6QXqPhP0tg/g3vusLlF0r5/7UoXxGzaiWKy2c/yoPmBwC3+tcwKrbsKcDgkTmmN EC3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=u/zHggTYzfNirQVlKzJwj+TEM4D6LxIhVdKeKly5QQU=; b=DywcfVzptelIybhD3pNictI/kVIfh35F6//Io7XqGA4x4Dtlqhxw9nfy9DbW9G7DNU 1pXi4vnmslxlkF4OO+mg1ywT0oQCvcB4pIrZWvSXbMgVA4amsqD0Lq85QRqb8YT9NTw0 DAN94TyhM8Ru+uTCKvPWTjAKsks7qJ8xMIBXpmZaMp9saMlw9L0OTuO4xRDuq1O0Gab0 1jALY1esQq6UpPLUfKBmRHY7gU7iBfcJ43X+0cGOnjSolfD3lP4ATJfGNgS698wvR+kW G0hwX2+GF6twNgZCMkb903olHDc6MzmsNO+wdyYAlMIndlySgfVz9KBnLyBitT8trguA bpIA==
X-Gm-Message-State: AMke39nMmKenjfMCB8Rw4vfAMf7rRWl5PlKZEyllNRlggTgWlxDhH1Btsj8GR02Q106pe36E9a02lrErlGwSzQ==
X-Received: by 10.28.165.147 with SMTP id o141mr4160034wme.67.1488393417898; Wed, 01 Mar 2017 10:36:57 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.163.2 with HTTP; Wed, 1 Mar 2017 10:36:57 -0800 (PST)
Received: by 10.223.163.2 with HTTP; Wed, 1 Mar 2017 10:36:57 -0800 (PST)
In-Reply-To: <D4DC48E2.31204%qdang@nist.gov>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CY4PR09MB1464243342F19FCBE48C37E7F3550@CY4PR09MB1464.namprd09.prod.outlook.com> <26137F3B-5655-44CA-877E-7168CE02DBF1@azet.org> <D4DC341D.311E1%qdang@nist.gov> <2572E3FC-0139-4946-A12D-9D9509C402F1@azet.org> <D4DC4473.311F2%qdang@nist.gov> <D4DC8CDB.8A84E%kenny.paterson@rhul.ac.uk> <D4DC48E2.31204%qdang@nist.gov>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Wed, 1 Mar 2017 10:36:57 -0800
Message-ID: <CACsn0cmf1AN1roDpQykoVJgqC-rhvauVwSEvokG9wiCNkk==yw@mail.gmail.com>
To: "Dang, Quynh" <quynh.dang@nist.gov>
Content-Type: multipart/alternative; boundary=001a114b40aef5c17a0549af98f0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/4IY2pUQvRM5wc72JqHqnsRd06zk>
Cc: cfrg@irtf.org, tls@ietf.org
Subject: Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 18:37:01 -0000

That is not how HTTP works. Lots of records are small because they result
from small writes.

On Mar 1, 2017 6:48 AM, "Dang, Quynh (Fed)" <quynh.dang@nist.gov> wrote:

>
>
> From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
> Date: Wednesday, March 1, 2017 at 9:38 AM
> To: 'Quynh' <Quynh.Dang@nist.gov>ov>, Aaron Zauner <azet@azet.org>
> Cc: IRTF CFRG <cfrg@irtf.org>rg>, "<tls@ietf.org>" <tls@ietf.org>
> Subject: Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs
> (#765/#769).
>
> Hi,
>
> On 01/03/2017 14:31, "TLS on behalf of Dang, Quynh (Fed)"
> <tls-bounces@ietf.org on behalf of quynh.dang@nist.gov> wrote:
>
> From: Aaron Zauner <azet@azet.org>
> Date: Wednesday, March 1, 2017 at 9:24 AM
> To: 'Quynh' <Quynh.Dang@nist.gov>
> Cc: Sean Turner <sean@sn3rd.com>om>, "<tls@ietf.org>" <tls@ietf.org>rg>, IRTF
> CFRG <cfrg@irtf.org>
> Subject: Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs
> (#765/#769).
>
>
>
>
>
> On 01 Mar 2017, at 13:18, Dang, Quynh (Fed) <quynh.dang@nist.gov> wrote:
> From: Aaron Zauner <azet@azet.org>
> Date: Wednesday, March 1, 2017 at 8:11 AM
> To: 'Quynh' <Quynh.Dang@nist.gov>
> Cc: Sean Turner <sean@sn3rd.com>om>, "<tls@ietf.org>" <tls@ietf.org>rg>, IRTF
> CFRG <cfrg@irtf.org>
> Subject: Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs
> (#765/#769).
>
> On 25 Feb 2017, at 14:28, Dang, Quynh (Fed) <quynh.dang@nist.gov>
> wrote:
> Hi Sean, Joe, Eric and all,
> I would like to address my thoughts/suggestions on 2 issues in option
> a.
> 1) The data limit should be addressed in term of blocks, not records.
> When the record size is not the full size, some user might not know
> what to do. When the record size is 1 block, the limit of 2^24.5
> blocks (records) is way too low unnecessarily for
> the margin of 2^-60.  In that case, 2^34.5 1-block records is the
> limit which still achieves the margin of 2^-60.
>
> I respectfully disagree. TLS deals in records not in blocks, so in the
> end any semantic change here will just confuse implementors, which
> isn't a good idea in my opinion.
>
> Over the discussion of the PRs, the preference was blocks.
>
>
>
> I don't see a clear preference. I see Brian Smith suggested switching to
> blocks to be more precise in a PR. But in general it seems to me that
> "Option A" was preferred in this thread anyhow - so these PRs aren't
> relevant? I'm not sure that text on key-usage
> limits in blocks in a spec that fundamentally deals in records is less
> confusing, quite the opposite (at least to me). As I pointed out
> earlier: I strongly recommend that any changes to the spec are as clear
> als possible to engineers (non-crypto/math people)
> -- e.g. why the spec is suddenly dealing in blocks instead of records
> et cetera. Again; I really don't see any reason to change text here - to
> me all suggested changes are even more confusing.
>
>
>
>
> Hi Aaron,
>
>
> The  technical reasons I explained are reasons for using records. I don’t
> see how that is confusing.
>
>
> If you like records, then the record number = the total blocks / the
> record size in blocks: this is simplest already.
>
>
> That formula does not correctly compute how many records have been sent on
> a connection, because the record size in blocks is variable, not constant.
> You can modify it to get bounds on the total number of records sent, but
> the bounds are sloppy because some records only consume 2 blocks (one for
> encryption, one for masking in GHASH) while some consume far more.
>
> It's simpler for an implementation to count how many records have been
> sent on a connection .... by using the connection's sequence number. This
> puts less burden on the implementation/implementer.
>
>
> I think the record size is configurable and it does not change regularly
> in the same session (or connection).  Somebody corrects me here!
>
> Quynh.
>
>
>
> Cheers
>
> Kenny
>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>