Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).

Yoav Nir <ynir.ietf@gmail.com> Fri, 03 March 2017 09:22 UTC

From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <3F458D44-2232-498C-944F-C3F72A53291A@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_E2B79941-1801-4DDA-9E97-E175F83AF075"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Fri, 03 Mar 2017 11:22:08 +0200
In-Reply-To: <cd2835c7-d093-60b0-df9c-998d77a6a26e@brainhub.org>
To: Andrey Jivsov <crypto@brainhub.org>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CY4PR09MB1464243342F19FCBE48C37E7F3550@CY4PR09MB1464.namprd09.prod.outlook.com> <26137F3B-5655-44CA-877E-7168CE02DBF1@azet.org> <D4DC341D.311E1%qdang@nist.gov> <2572E3FC-0139-4946-A12D-9D9509C402F1@azet.org> <CAFewVt5gCGrGrJRMQFiqXP_zeNONS45VhmJWYiyXyTkKt6ezPw@mail.gmail.com> <cd2835c7-d093-60b0-df9c-998d77a6a26e@brainhub.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/nLE3cr5YBIHtO5yrd4RQ7eiiKxo>
Cc: cfrg@ietf.org, "tls@ietf.org list" <tls@ietf.org>
Subject: Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
Precedence: list

Hi

As an implementer I have no problem counting records, bytes or blocks (OK, the last you usually don’t count directly but (n+15)/16 is not beyond the capabilities of any implementer)

So IMO whichever gives the tightest bound should be selected, and that means blocks.

Exercising the rekey code is up to developers, not document writers.

Yoav

Attachment: signature.asc

[Cfrg] Closing out tls1.3 "Limits on key usage" P… Sean Turner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Stanislav V. Smyshlyaev
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Martin Thomson
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Paterson, Kenny
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Ilari Liusvaara
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Rene Struik
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Rene Struik
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Martin Thomson
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Markulf Kohlweiss
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Tony Arcieri
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Atul Luykx
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Atul Luykx
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Aaron Zauner
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Aaron Zauner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Watson Ladd
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Brian Smith
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Andrey Jivsov
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Hal Murray
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Andrey Jivsov
Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Sean Turner
Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Russ Housley

Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).

Attachment: signature.asc