Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).

"Dang, Quynh (Fed)" <> Sat, 25 February 2017 14:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 71310129FF3 for <>; Sat, 25 Feb 2017 06:28:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Dc_OhVGsAhlh for <>; Sat, 25 Feb 2017 06:28:43 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1592D129FE4 for <>; Sat, 25 Feb 2017 06:28:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Od3Ef4DCLz8hNSHvVNx4JVtf0Mky28hWGoN9Y+UJaF0=; b=0euVVzJtewUt/61bEEikJmV8WCKJ2Oa0ELUIbJVpXQhm7dSBC0wapO/IC6WmZNUBAq7d1oh1a77edOWvSwmM9nn3avLVnnuG0r4DXOcaANKPRkl9hx1R0SBf4o/u3ZsSnwmt4nbs27mJ1nzmaFPJD4Q4kgirxQ5nxL0rRG0FNDA=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.919.13; Sat, 25 Feb 2017 14:28:40 +0000
Received: from ([]) by ([]) with mapi id 15.01.0919.020; Sat, 25 Feb 2017 14:28:40 +0000
From: "Dang, Quynh (Fed)" <>
To: Sean Turner <>, "<>" <>
Thread-Topic: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
Thread-Index: AQHSj3N1z8IXvDyfJEuMUkRo/k0w1A==
Date: Sat, 25 Feb 2017 14:28:40 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: []
x-ms-office365-filtering-correlation-id: f4717a3b-d5fa-4dc8-7c92-08d45d8a9830
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY4PR09MB1464;
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1464; 7:aFdcPV0BTTlXJbSHfbMQU4d5FIcE57SmcmMXLypSaAfsDrXI2ss3tQGU4ehsxoiTtYPluFI9XNxIqqRWYlLo6hYl41Jw+JXst0MhQFbHAP5se+UJmUAWXQMp8y2qjZQpGuWJb3eXlDpJxYEziF3lKUwTabUsHoKYu5itf5FtA7y04OlyJXvr0mlOSqVdsd1qAjcAenEcqxmPM2g/yhD5sjEe+die/s/P9su4gXFMUc42cgHzFIQcSp6x+4UAOkGoezL0s9hWzVyio4/Wdi7DiOL/gQERAOqlPHlcfAItiiZFQGCAFFGAJ0CuaAGVLQJ9fDgHraDrJkasNdTOUewFbA==
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(166708455590820)(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123562025)(20161123564025)(20161123558025)(20161123555025)(6072148); SRVR:CY4PR09MB1464; BCL:0; PCL:0; RULEID:; SRVR:CY4PR09MB1464;
x-forefront-prvs: 02296943FF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39850400002)(39410400002)(39450400003)(39840400002)(39860400002)(189002)(199003)(377454003)(102836003)(5660300001)(3846002)(2950100002)(6116002)(81166006)(6436002)(6506006)(53936002)(19627405001)(7906003)(7696004)(74316002)(7736002)(229853002)(68736007)(2900100001)(8676002)(81156014)(8936002)(86362001)(97736004)(92566002)(54356999)(76176999)(50986999)(55016002)(99286003)(77096006)(38730400002)(105586002)(106116001)(53546006)(101416001)(106356001)(122556002)(6246003)(3280700002)(6606003)(606005)(4326007)(66066001)(2906002)(25786008)(189998001)(33656002)(3660700001)(236005)(9686003)(54896002)(6306002)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1464;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR09MB1464243342F19FCBE48C37E7F3550CY4PR09MB1464namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Feb 2017 14:28:40.3925 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1464
Archived-At: <>
Subject: Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 25 Feb 2017 14:28:49 -0000

Hi Sean, Joe, Eric and all,

I would like to address my thoughts/suggestions on 2 issues in option a.

1) The data limit should be addressed in term of blocks, not records. When the record size is not the full size, some user might not know what to do. When the record size is 1 block, the limit of 2^24.5 blocks (records) is way too low unnecessarily for the margin of 2^-60.  In that case, 2^34.5 1-block records is the limit which still achieves the margin of 2^-60.

2) To achieve the margin of 2^-57 as the current text says, the limit number should be 2^36 blocks.



From: Cfrg <> on behalf of Sean Turner <>
Sent: Friday, February 10, 2017 12:07 AM
To: <>
Subject: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)


We’ve got two outstanding PRs that propose changes to draft-ietf-tls-tls13 Section 5.5 “Limits on Key Usage”.  As it relates to rekeying, these limits have been discussed a couple of times and we need to resolve once and for all whether the TLS WG wants to:

a) Close these two PRs and go with the existing text [0]
b) Adopt PR#765 [1]
c) Adopt PR#769 [2]

Please indicate you preference to the TLS mailing list before Feb 17.  Note that unless there’s clear consensus to change the text will remain as is (i.e., option a).


Cfrg mailing list