Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits-01
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 17 November 2020 00:09 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC6F83A1738 for <cfrg@ietfa.amsl.com>; Mon, 16 Nov 2020 16:09:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuH6tdGN2AFL for <cfrg@ietfa.amsl.com>; Mon, 16 Nov 2020 16:09:53 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D1E03A1735 for <cfrg@irtf.org>; Mon, 16 Nov 2020 16:09:53 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7ADCBBE6F for <cfrg@irtf.org>; Tue, 17 Nov 2020 00:09:51 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W_STfs_9rO_l for <cfrg@irtf.org>; Tue, 17 Nov 2020 00:09:49 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AF088BE64 for <cfrg@irtf.org>; Tue, 17 Nov 2020 00:09:49 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1605571789; bh=YsHysNlm3/UaumesWEevhXeOnTQlWFDizwhEVLX2wLk=; h=To:References:From:Subject:Date:In-Reply-To:From; b=hab0VJjMdY3tl2IxrJ5kPRE+89Win6FRI72DqBfjwdf+4zY4md8/zrCTNGJl1R/YC sbXPAFxyr7gh0pZb3Y8fsFUYmEeGJlQsVzoC4pGVD16kdbBVdcJneDKI1U34HWtI05 /tzWYx9/ufcw0fghDB6TyYFK1F/SyUTrMu5nrLWc=
To: CFRG <cfrg@irtf.org>
References: <A3C540A2-6B18-42E0-8F0F-B4723BC5F0DA@ericsson.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <26fe988b-c2a8-2202-19ed-03b1b2d62d3e@cs.tcd.ie>
Date: Tue, 17 Nov 2020 00:09:48 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2
MIME-Version: 1.0
In-Reply-To: <A3C540A2-6B18-42E0-8F0F-B4723BC5F0DA@ericsson.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="r2onNVOh9qdjXFAz4ggeYK0hLBEoGjt6G"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/M0XvZhLpb1CKgqxxuU_qFOhN8ZE>
Subject: Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits-01
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 00:09:56 -0000
Hiya, I've a higher level question about this topic that came up a bit in the LAKE WG session this morning (my time;-) I'm not sure if this draft would be a good vehicle to address this or not. I'm unsure whether application developers using EDHOC or cTLS or TLS would really make use of drafts such as this to e.g. decide when/whether or not to re-key. ISTM the text in this draft is more useful for authors of other drafts (such as EDHOC etc.) when the want to write security considerations. Now, maybe it's fine to say that's enough for us to do, but (assuming we can't automate re-keying) I do wonder if all that's sufficiently understandable to a normal developer or not? And if not, then I suspect the upshot would be some keys never being changed and thus leaks and attacks (not really due to AEAD limits mind, but more due to the probability of a key leaking over time from a borked or de-commissioned device). So while this draft and similar are exercises well worth doing, I suspect someone somewhere also needs to provide some more prosaic (yet safe) rule-of-thumb guidance to which developers might pay attention. For example, I'd imagine developer-friendly text might say something like "Keys leak from devices. If you can re-key every year, do at least that. If every month, then re-key monthly. If more frequently then great, do it as often as you can afford. And in the limit, theory says you really have to re-key at least as often as section x.y says." Does anyone know of a draft that has text like that? Or would it be good to add it to this one? (In the hope that it'd percolate out via stackexchange or whatever and eventually get to the right audience.) Cheers, S.
- [CFRG] Comment on draft-irtf-cfrg-aead-limits-01 John Mattsson
- Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits… Martin Thomson
- Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits… Stephen Farrell
- Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits… Eric Rescorla
- Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits… Stephen Farrell
- Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits… Eric Rescorla
- Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits… Stephen Farrell
- Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits… John Mattsson
- Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits… John Mattsson
- Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits… Martin Thomson
- Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits… Stephen Farrell