Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
Brian Smith <brian@briansmith.org> Thu, 02 March 2017 21:44 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 914911295EF for <cfrg@ietfa.amsl.com>; Thu, 2 Mar 2017 13:44:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=briansmith-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GpKmkJogGfaQ for <cfrg@ietfa.amsl.com>; Thu, 2 Mar 2017 13:44:14 -0800 (PST)
Received: from mail-it0-x231.google.com (mail-it0-x231.google.com [IPv6:2607:f8b0:4001:c0b::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3544129535 for <cfrg@irtf.org>; Thu, 2 Mar 2017 13:44:13 -0800 (PST)
Received: by mail-it0-x231.google.com with SMTP id 203so1946582ith.0 for <cfrg@irtf.org>; Thu, 02 Mar 2017 13:44:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=briansmith-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=PmXHXrUwBBn3FKB1UU9gitiSHibI8xN3gm54gcAYriU=; b=nVw1c2CYUAg2mngp1P/32NRJLF60WVhHh9snq/T6MNTSUENcNmMs3+n36J0Gm4dieL WXAa8EFoaHcqfV5FVHGuVPjlrTIC3da9ED58GUDkIWVi1Zo9JJkPhdP77vDbbEarXkSi T5cFmzyTAHG/X+NeMUVTFhqYXOsvYxC2js5PpW/Hzailv+rVbXc/4dbyFzE7rkhDHjWI 2LXyyhfN2i6/G0TJtrIWq3SLsuL4KjPwpxK7HedbkrFG8HyIOC793+a067NeRSBHOJ7d A+5SyLNPlZTnViNplQ4rWdEIq2xg1a55n8DXA/ghM3za1Js8M/rHUwkigAx3zVa7ZE2v 4asQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=PmXHXrUwBBn3FKB1UU9gitiSHibI8xN3gm54gcAYriU=; b=eePb6xWxbc1jP83aJ4r5FTymB7hrGiL0NiEAXXtUCGFnlsZkg3fQINIkekZ8+69GAo AdozoUrIfMunUx9BbtNjcOeZr2F0o6RZq7Kh1XYmI2va20qR2azul4t/BSJ3THtHTYWx 8Q5mjMX0YTx+c7X5wROtI8+KGVNUERJ9mPa8MFGsY+qFnM6uj/+Y9XKI+mFOcM5BlkZZ 5u21u5NeBH8Dpx7+zx5hlohgkksvfi3uJBe2SHXloGepBb7hXHw56bCOlYAKNFBJPXW+ hgxqZ4y6JnjTFo83uN6ag1cuHQtCm5tq1tuzkqPZi0EInahv9m5ogP/smS5MYadXUm7d RWIw==
X-Gm-Message-State: AMke39l/OhC/9WElsY5s6i6DxuKteLTWxlyvMbGbtAfiLfoNDzO8Wd8eWyn8pfYCs340lTKYaWe9JjHlwdVeVA==
X-Received: by 10.36.60.211 with SMTP id m202mr493249ita.58.1488491053194; Thu, 02 Mar 2017 13:44:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.36.87.82 with HTTP; Thu, 2 Mar 2017 13:44:12 -0800 (PST)
In-Reply-To: <2572E3FC-0139-4946-A12D-9D9509C402F1@azet.org>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CY4PR09MB1464243342F19FCBE48C37E7F3550@CY4PR09MB1464.namprd09.prod.outlook.com> <26137F3B-5655-44CA-877E-7168CE02DBF1@azet.org> <D4DC341D.311E1%qdang@nist.gov> <2572E3FC-0139-4946-A12D-9D9509C402F1@azet.org>
From: Brian Smith <brian@briansmith.org>
Date: Thu, 02 Mar 2017 11:44:12 -1000
Message-ID: <CAFewVt5gCGrGrJRMQFiqXP_zeNONS45VhmJWYiyXyTkKt6ezPw@mail.gmail.com>
To: Aaron Zauner <azet@azet.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/XEaK69ylbT9oxVhFaVU1zaSC5QE>
Cc: IRTF CFRG <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 21:44:15 -0000
Aaron Zauner <azet@azet.org> wrote: > I'm not sure that text on key-usage limits in blocks in a spec > that fundamentally deals in records is less confusing, quite > the opposite (at least to me). 1. Consider an implementation that negotiates with another implementation to use a very large record size such as 1MB records. If the limit is specified in terms of records then the limit would need to be readjusted to the new max record size, or else the new extension is potentially unsafe to use. This shows that specifying the limits in terms of records is brittle. 2. If it is only safe to use an AES-GCM key for a certain number of blocks, where in the code is the best place to enforce the limit on the number of blocks? IMO, it is better to enforce it in the AES-GCM implementation itself, underneath the TLS layer. In that case the limit is best expressed in terms of the number of blocks. Specifying the limit in terms of records would be optimizing for implementations that enforce the limit at the wrong layer of abstraction. > As I pointed out earlier: I strongly recommend that any changes > to the spec are as clear als possible to engineers > (non-crypto/math people) -- e.g. why the spec is suddenly > dealing in blocks instead of records et cetera. Again; I really > don't see any reason to change text here - to me all suggested > changes are even more confusing. Given a limit in blocks, the arithmetic to keep track of the number of blocks is trivial, and very similar to the arithmetic that's already needed to split up a large byte stream into records and keep track of the record sequence number. Cheers, Brian -- https://briansmith.org/
- [Cfrg] Closing out tls1.3 "Limits on key usage" P… Sean Turner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Stanislav V. Smyshlyaev
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Martin Thomson
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Paterson, Kenny
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Ilari Liusvaara
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Rene Struik
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Rene Struik
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Martin Thomson
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Markulf Kohlweiss
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Tony Arcieri
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Atul Luykx
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Atul Luykx
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Aaron Zauner
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Aaron Zauner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Watson Ladd
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Brian Smith
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Andrey Jivsov
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Hal Murray
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Andrey Jivsov
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Sean Turner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Russ Housley