IETF Logo Mail Archive

Re: [CFRG] Can you help me with this?

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Sun, 25 July 2021 17:56 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41DD53A33B2 for <cfrg@ietfa.amsl.com>; Sun, 25 Jul 2021 10:56:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.594
X-Spam-Level:
X-Spam-Status: No, score=-9.594 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Qy8qVpll; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=nmMxeX07
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IOkm_nrO4tHY for <cfrg@ietfa.amsl.com>; Sun, 25 Jul 2021 10:56:30 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91DD83A33B1 for <cfrg@irtf.org>; Sun, 25 Jul 2021 10:56:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11472; q=dns/txt; s=iport; t=1627235790; x=1628445390; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/Z1oYTxsGW4vbAhZel5g+gT+MJpM3OUH/QnA3DhyOKc=; b=Qy8qVpll3yjmpY+IhVAlWPKbI8fhz8PEHTqmFBCB4cfYvnmr6yZ32jg4 cLZN2qP3z5+EwmLowb/IFbVk3LzBqHYXU/jYgBboIFVqx3ddC7u4KPPQm 57NrnQupFsb1m4XGVBSwgfKy5aceyHyLlyXqVf+1addXW9Cd6U8l733Sy k=;
IronPort-PHdr: A9a23:Ahzk3B2gfKF/izi7smDPtVBlVkEcU/3cMQsc655hgLVLIeyv/JXnaUrY4/glzFrERp7S5P8Mje3K+7vhVmoN7dfk0jgCfZVAWgVDhZAQmAotU8GAAEz/avXtan9yEMFLTlQw+Xa9PABcE9r/YFuHpHq04HYSFxzzOBAzKP7yH9vZjt+80Ka5/JiACzg=
IronPort-HdrOrdr: A9a23:cHW3v6r/dKzDENXLNU61MDIaV5uJL9V00zEX/kB9WHVpm5Oj9vxGzc506farslkssSkb6K+90KnpewK6yXcH2/huAV7CZnimhILMFuFfBOTZskbd8kHFh4tgPOJbAtRD4b7LfBhHZKTBkXOF+r8bqbHtms3F9ISurUuFDzsaFp2IhD0JbDpzZ3cGPDWucqBJbaZ0iPA3wwaISDAyVICWF3MFV+/Mq5ngj5T9eyMLABYh9U2nkS6owKSSKWna4j4uFxd0hZsy+2nMlAL0oo+5teug9xPa32jPq7xLhdrazMdZDsDksLlWFtyssHfsWG1SYczEgNkHmpDo1L/sqqiUn/4UBbU215oWRBDsnfKi4Xi67N9k0Q6S9bbRuwqSnSW+fkNhNyKE7rgpLicwLCEbzYxBOetwrhGknosSAhXakCvn4d/UExlsi0qvuHIn1fUelnpFTOIlGfJsRKEkjQho+a07bWjHAUEcYZ5TJdCZ4OwTfUKRbnjfsGUqyNuwXm4rFhPDRkQZoMSa3zVfgXg8liIjtYMit2ZF8Ih4R4hP5uzCPKgtnLZSTtUOZaY4AOsaW8O4BmHEXBqJOmOPJlbsEr0BJhv22tLKyaRw4PvvdI0DzZM0lpiEWFREtXQqc0arEsGK1I0jyGGEfIx8Z0Wl9ih63ek2hlTRfsufDcSzciFZryL7mYRsPiTyYYfGBK5r
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AfDAARpf1g/4wNJK1aHgEBCxIMgg4LgSMwUQd3WjcxhEeDSAOFOYhbA4pYilmFAIEugSUDVAsBAQENAQEqAQoMBAEBhFgCF4JlAiU1CA4CBAEBARIBAQUBAQECAQYEexOFaA2GQgEBAQQBARARChMBASwLAQ8CAQgRBAEBKAMCAgIfBgsUCQgCBAENBQgXA4JQgX5XAy8BDpwmAYE6AoofeoEygQGCBwEBBgQEhRANC4I0AwaBOoJ8hAwBAYEYhUsIHxyBSUSBFUOCMjA+giArFwGBYysJgmE2gi6CIn08fVuBBA6VfYg6nnRcCoMmmF+FehKDY5IdkGOWCo9olSYCBAIEBQIOAQEGgWEBOYFZcBU7gmlQGQ6OH4NxhRSFSnM4AgYBCgEBAwmLSAEB
X-IronPort-AV: E=Sophos;i="5.84,269,1620691200"; d="scan'208,217";a="898389983"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Jul 2021 17:56:29 +0000
Received: from mail.cisco.com (xbe-rcd-007.cisco.com [173.37.102.22]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 16PHuSm5012041 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Sun, 25 Jul 2021 17:56:29 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xbe-rcd-007.cisco.com (173.37.102.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Sun, 25 Jul 2021 12:56:28 -0500
Received: from xfe-rtp-001.cisco.com (64.101.210.231) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Sun, 25 Jul 2021 12:56:28 -0500
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-001.cisco.com (64.101.210.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Sun, 25 Jul 2021 13:56:28 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PxPOkGRZIe3KvSZeeqb3qB5JKpnNwDoLR1EmaEnIpHVLrVtp8Fus11bm6fXLCra72+LlT716pI+3jx9vTtPzILpOhSMKJypWESATWal3e+DowqLkeKytG3uo/pJcA+BXdP8/Y+PuM16bPUBjMreHe3csVTcEcEv8Je8PnmCd1AUsMMvZQJEBQwL7ep+7PFa6Sv7wdlhtWcj5S444DlRfv/dD+27KON8dJ2yxam7cEBTrzgboKnGDIlGjdBCh5T+re39EbZsb+s2FMYil75FH4DpOarikQmlJuQnYMchxkcT/ubPBi4hOyGMtCuydGIDAO5Ch5okgKmd9uwSHt10qog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/Z1oYTxsGW4vbAhZel5g+gT+MJpM3OUH/QnA3DhyOKc=; b=PQT42yuULF1v7QaRQdFMtdOJ0hjD+cCTDkzqmNRY+ngKcy0pOE61yazZXqB1MfkfJOjBMT/SszcxbVrk/4EQpAlRK9d9LBH/Vb/ef1gqN+JYkSSb99Vt4C3RGFqv/54gYlX/kWlSeg9Em89kqUYVDP/jkfeFb9qLkN0Q42GV1LdT2PUrEsvZc7LQd0N8Ip1CKYdT8sOtjuD9EDOQ8t05MZF3Y8ijkwevo41lpB92L6xEvDlEXpUz7U3GX6sdxC0rcU28ejedXr3ij4Vpq4xybJFjfgWthMrdiJJDRo8Ewf1abBCYGeSAWn6uSKuhDs1a19222iUsQ3lr475EFon3qQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/Z1oYTxsGW4vbAhZel5g+gT+MJpM3OUH/QnA3DhyOKc=; b=nmMxeX073msknWBZ0yJe5hrYUEyvBHUEzg1/cfCpHr7Yj+3oN2TxN5ZRt6nPzafE1zP6aLgpZ3SnEW8/Rn3NO8uY2+whazztDP6LD4HN20AuI2yjg4sXsZJtoQ6GYFnVjAD3DVrQS1IeRtscW9A4Pji+k5wKFojnXATZkhqVefU=
Received: from BL3PR11MB5682.namprd11.prod.outlook.com (2603:10b6:208:33d::18) by MN2PR11MB4319.namprd11.prod.outlook.com (2603:10b6:208:193::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.24; Sun, 25 Jul 2021 17:56:27 +0000
Received: from BL3PR11MB5682.namprd11.prod.outlook.com ([fe80::10cc:9b86:5495:ce4b]) by BL3PR11MB5682.namprd11.prod.outlook.com ([fe80::10cc:9b86:5495:ce4b%7]) with mapi id 15.20.4352.031; Sun, 25 Jul 2021 17:56:26 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Soatok Dreamseeker <soatok.dhole@gmail.com>, Adnan Rashid <adnanrashidpk@gmail.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] Can you help me with this?
Thread-Index: AQHXgJ1S9kvrf4l0dkiFRtfL4Wf0RatSvgwAgAE7OZA=
Date: Sun, 25 Jul 2021 17:56:26 +0000
Message-ID: <BL3PR11MB5682858FDEEA0CF50A007AABC1E79@BL3PR11MB5682.namprd11.prod.outlook.com>
References: <CAGm_172fyiRdByRvp_Cd9C7ZZwB=vOS5OTpRz+-Dy4iF_m+GrQ@mail.gmail.com> <CAOvwWh2H4kbLfJhxQNVoWkosuL88V_rbX9Pw9FJqcdzx7XhY9A@mail.gmail.com>
In-Reply-To: <CAOvwWh2H4kbLfJhxQNVoWkosuL88V_rbX9Pw9FJqcdzx7XhY9A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 05706f10-062c-4778-d5bb-08d94f958616
x-ms-traffictypediagnostic: MN2PR11MB4319:
x-microsoft-antispam-prvs: <MN2PR11MB43194A1082E2F80B78689D7FC1E79@MN2PR11MB4319.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XjrniCJwGbl5/q8lwXnlpO02nP8RcL/xKxGsnjFLtLvIxw0Lp+wpnI+EmxemunSq7R/N0oO92g5ftrMu2tAU2D+OcbsNEeV/wWQ00oohHLS1wzBhnVyy3Ka7kQtJlWSuR8k3k3HzuxmmhbNG3NuOWn/181Cz/MQHywA7OyaLMpCM109zPi27jqNGitxx5Fz8Qz/bpIXdNGea4nDyrnNc7UqGWe2sQmWLi/205aGcfybAptIou38Ih8uRLYAUTn5nnTrd7G/pa6zg2U5HkdwqhAnHNhz+IM2sch5XA09cH0gwqvIdKQ5JMIIdvdvnE/IpBT/logOlY0AdK7wX/0fHR/MXMV9DTOGehRI32gaf1vsXPmJZ+bNRuYMgcSOzeW2ZNKRxat1IyeLUy50o0wa2bdhPAJHA6YFRnhl2RkoNUTBDkI7TfdtbUeJ7G6eYJfF5cJEx3cDNN1siQSZy4eJ8ddI9as/flLvb/a8/0+rfg1HW2vLT6+NrsURCyV72wEX8UyeKMn1nXPwlyBLoQuhdc4a3Os/SAKJBVmJEj5ivX82CjLW/qYEvxxfH5g2WQpvLh3ZueTvHrnDggRkBcMHQFTshuHgxaKwlgudbyCUGcBqkQ4lgELt38TF/PUW0uILYzfXDeibIKzZGTIaepWT8uV6TUEP5NkcQmIG8dOSqq/pPCyfaOWWK5m7GLxC+I7cCoaRrVr9LKXUQCzkLTlf9TylZIeFx0Lz2FLFoyIl3Gc9LQAJrApBQ6G89jQs5sEWGiUoDGGi6c8qoMVkbU495HQkaQiG04TDkCYuFSRzBV2L2DvFsCeZGfGLhm2nISKpF
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL3PR11MB5682.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(39860400002)(136003)(366004)(396003)(84040400004)(71200400001)(76116006)(4326008)(66556008)(166002)(2906002)(66946007)(66476007)(64756008)(86362001)(33656002)(83380400001)(966005)(478600001)(7696005)(52536014)(8676002)(186003)(6506007)(9686003)(53546011)(316002)(26005)(122000001)(8936002)(110136005)(38100700002)(5660300002)(55016002)(66446008)(182903001)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kdMAQGwXGj8E0DyEQjWoc9lv6CJrED/MSdyADccOlgXYXJPJHgCwWm+RTRmfycQpRLmTbmw1Aqgoi0Q+jwmqf1h4teLQOdYiLHrXGjhLFtZIanEhrAcrLMwpLFbWR1ZdoODGvSRt/v+jzLjmHcKz5Sbf9ovwUfQ60V3ozWZkjC8rvKab00dUHx2nNcE+F9+dZswdP89pUacyCcr3vZZ0qq6fWzo5FtZ4x7kk+LGFOl5Dl1Kj0LzBJ1TfdqFn6ULVWOVErSHOE/UxzcSvCwrnsckj36HOVtwvOXIlfqp4K0C3dYOLG36FRMn58bRN6QnkJh9KMkdfFCQotgeEmMawvryEhxrzVJd3x2k8po2rDukwrw/PoEcutwUq0PO1nd+3SCIK0G5SKAdRwa+NWG5CuLofDFJANLeedMNz6YAkRVjpZXKa5WhO/I6TRdCyQcS+5274sVNuVHdSwZzecc1QRhvcjF5BG4e61fixCtTyZwnaCsfWCX6Q7PDqGhF4HCjvmia8k6agKU40BU+mxGlZyTlp3Tfwb6rJXt4NMH4k8CeltA7N1uhcb6g9eEfvMZGSb2xeS5A/2VpERLypNSOPA24INnop3p/ADeo0vqWsWhl0nTZagLlSTa8DJCezROSHBOI6agX85Yz2nfzsjfytieLE+CWk9E/xMTYZFJhZoT35ikZN5dKfX/SFmXST9nuDKTkSS7SEb7BMplRZ3QiriufDuvZysg27/osxJNjuXFlDaLjolO4UeICxC1bCJ4LlTyVr9q8AKJ3rcqoSrfVX8ybowwulXvGkL1B6AZJkOWu05oYjJdMIA6e65KU+csP3G9Z2KWqITpK9YMxUS3Iv4+it6pa+L38UEY33DeVJeFNMjGDLND6tbcYzOZ+xYMHm/Vk+qZ0FN29cypL9ZZkzxow7D5Fl8n39b+0Bp25jcl2HjFUi2Zd4khv5BPFivh6++Kwm8TzK5vI2YLlC0mnqWZQ4VGM1txKDIs1ExgcPPPmaCbf5tyOdRCTTlB51YgQ37LRAWo8ZgpKmS1x/ocnTkLHRqb3SpHWvLL64cfRq/x7Ft/UXOd8vYHOOjtj56gsX4f8sIKoXaQabgdR5K7eHbuRNquhiGHl46csV5LJyLf+ruvx1kuJJPgSnrtWeCPQ6VwWNcvUkJDNgkQCrjhbt4ojS1nUQnKKLxBu1h2WZADfcVulqMPgMNtw3newpUsHat8Q87vVJiabQWMDn7w2qocW1ADeVq8jl2oTPR9mI6NIZN7IXV3nQRYmdHlChLqTblsSkL678BsFRcpyhxBMCDZ5V4LfQzquSt1qYmtBIfpcMhX8/FasqzrpUUJTvbvpP
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BL3PR11MB5682858FDEEA0CF50A007AABC1E79BL3PR11MB5682namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL3PR11MB5682.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 05706f10-062c-4778-d5bb-08d94f958616
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2021 17:56:26.6258 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: h1me2rSG8SUYaoHsclb++KVIBy50AHdTaivFKLaQIjiU498tXj0M5/bgV0sXS/QIuYRwKkTSazK7Raa19fc2Nw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4319
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.22, xbe-rcd-007.cisco.com
X-Outbound-Node: alln-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Qmp3itaPLurj0G2VXmyWm0evPhQ>
Subject: Re: [CFRG] Can you help me with this?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jul 2021 17:56:35 -0000

“Read the TLS RFC” isn’t a great answer, because TLS assumes a reliable transport; that is, records won’t be dropped or reordered (absent enemy action).  That assumption is mentioned in the first sentence of the introduction of the RFC, but the implications are not spelled out.

Certainly, assuming a reliable transport is one viable approach.  However, if you can’t make that assumption (and sometimes we can’t), what we do is include the nonce in the encrypted packet; that way, it doesn’t matter if previous packets were dropped, as the current packet has sufficient context (that is, nonce) for the receiver to decrypt.

From: CFRG <cfrg-bounces@irtf.org> On Behalf Of Soatok Dreamseeker
Sent: Saturday, July 24, 2021 7:00 PM
To: Adnan Rashid <adnanrashidpk@gmail.com>
Cc: cfrg@irtf.org
Subject: Re: [CFRG] Can you help me with this?

3. Check out the TLS 1.3 RFC for specifics.



Questions:

  1.  How do Alice and Bob know the exact nonce for a particular packet? Because packets may be dropped.


Regards,
ADNAN

_______________________________________________
CFRG mailing list
CFRG@irtf.org<mailto:CFRG@irtf.org>
https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email