Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)

Andrey Jivsov <crypto@brainhub.org> Sun, 12 February 2017 19:28 UTC

To: Martin Thomson <martin.thomson@gmail.com>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <f4503c6d-5274-83c5-65be-4bb70d59a24a@brainhub.org> <CABkgnnXRswsqDHxeXeoAann5wkZxk1-uZMEi_uyFTJ1yvFAuiQ@mail.gmail.com>
From: Andrey Jivsov <crypto@brainhub.org>
Message-ID: <c191662f-5aa1-291b-ba44-c8d2a4c2bf1b@brainhub.org>
Date: Sun, 12 Feb 2017 11:28:18 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <CABkgnnXRswsqDHxeXeoAann5wkZxk1-uZMEi_uyFTJ1yvFAuiQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/7gZ9ItZTseSdXHzwZW0vn1pWdXU>
Cc: IRTF CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)
Precedence: list

On 02/12/2017 01:44 AM, Martin Thomson wrote:
> On 12 February 2017 at 09:26, Andrey Jivsov <crypto@brainhub.org> wrote:
>> How should an implementer read [0]? If an implementation sends or receives
>> shorter records, it has to re-key sooner.
>
> [0] (the current text) says that there is a maximum number of records.
> That's pretty straightforward.  You are required to count them anyway.
> No accounting for partial records and other such things.
>
> If that means rekeying sooner, I'd like evidence that this is in some
> way harmful.  I think that it's fine.
>
> I'm not disagreeing with the notion of correctness that has been
> discussed on this thread and elsewhere, just offering a different set
> of criteria upon which you might make this decision.
>
> Ilari made a related point: if you don't rekey occasionally, you might
> as well just forget the whole mechanism.  Given the actual limit - for
> even the most conservative option, [0] - is so large that common usage
> will never hit it, that means rekeying even more often than any
> idealized 2^52 octets.
>

I don't disagree with the above.

If the stack shares code with 3DES, that code will probably count in 
bytes. This logic can be reused with TLS 1.3. Then the code can be 
tested with 3DES.

[Cfrg] Closing out tls1.3 "Limits on key usage" P… Sean Turner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Stanislav V. Smyshlyaev
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Martin Thomson
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Paterson, Kenny
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Ilari Liusvaara
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Rene Struik
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Rene Struik
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Martin Thomson
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Markulf Kohlweiss
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Tony Arcieri
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Atul Luykx
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Atul Luykx
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Aaron Zauner
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Aaron Zauner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Watson Ladd
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Brian Smith
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Andrey Jivsov
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Hal Murray
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Andrey Jivsov
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Sean Turner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Russ Housley