Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
Martin Thomson <martin.thomson@gmail.com> Wed, 01 March 2017 21:18 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1782C127076 for <cfrg@ietfa.amsl.com>; Wed, 1 Mar 2017 13:18:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id enNlGfdcjZEs for <cfrg@ietfa.amsl.com>; Wed, 1 Mar 2017 13:18:22 -0800 (PST)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0CCD1296BD for <cfrg@irtf.org>; Wed, 1 Mar 2017 13:18:22 -0800 (PST)
Received: by mail-qk0-x22c.google.com with SMTP id u188so92613710qkc.2 for <cfrg@irtf.org>; Wed, 01 Mar 2017 13:18:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vrCITNjcd07mVfW48E4dyb9ZT0FeLYXbjNqQymK8pAM=; b=nOSw+LES7Hn4IE3qnSnU2cr5N87fh/JMcaEWSgZAGbNVJfXM2ydtWYuCcvod+6Y3Ei Svqadgsre21VVe3YAcb2/5u9C593pT7dSTsduhl81SY4zvQspaiBiF6Cx3Bqody88w0V J05zf/XIxzKVGRVN4PDYLTplulPCilod1OTw6GRd2GuoAasq8KC5yqLMjG3V5X9fYnXN ZlDzZcTlq27O/DjMiFIjkwmEv9gzMq+GdTEhYJEHrbwEKoPn1NwSpM1iquZDIIm0qGAb VNjWlSHnejSlQALXnZ+tOWdpD2jWajHdU+Z0NwVco9kMHhfTSqj2boSN+8+op3kaQYG/ zH9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vrCITNjcd07mVfW48E4dyb9ZT0FeLYXbjNqQymK8pAM=; b=Z395kgniA0a0SeHM6orCEQClGc0P1jGf0TIXVmVEozzCe8vh3/lXTFauOf+Ysn90GK EDhbOROKjsjJktv7idM89BEJDh81w5rwLs//wZS0ThlseyIOOczgnFC5bIy6MNA7BZll YiLdwl3MBc6lVjmuFdRi2lvzlkrB9ajKeyf7eriTt5xwSbphSCtx7kHdRJ5jz1LfimlD CF1MYkOnvW75MTbLvVmvOHEWzq/PNzGFTqZGVLlEC2qoE+rcNUtdG8mkTH0pxaeTlL1i bgFevix82eEe3FonGempgGqlP3FIRv6J3dj37MiYp7AyJgzDNsOe7vEFT+ALFWZ3Agit 8TNA==
X-Gm-Message-State: AMke39k4/PGTOj2XN1Kl/2HP9AX09NdRyoHZCGaZ3Ttv5TuYGiRWW4ekNPnMrMbPzurHqlujHVHWr01aYtsJlg==
X-Received: by 10.200.46.208 with SMTP id i16mr12941392qta.13.1488403101872; Wed, 01 Mar 2017 13:18:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Wed, 1 Mar 2017 13:18:21 -0800 (PST)
In-Reply-To: <D4DC7F7F.3122D%qdang@nist.gov>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CY4PR09MB1464243342F19FCBE48C37E7F3550@CY4PR09MB1464.namprd09.prod.outlook.com> <26137F3B-5655-44CA-877E-7168CE02DBF1@azet.org> <D4DC341D.311E1%qdang@nist.gov> <2572E3FC-0139-4946-A12D-9D9509C402F1@azet.org> <D4DC4473.311F2%qdang@nist.gov> <D4DC8CDB.8A84E%kenny.paterson@rhul.ac.uk> <D4DC48E2.31204%qdang@nist.gov> <CACsn0cmf1AN1roDpQykoVJgqC-rhvauVwSEvokG9wiCNkk==yw@mail.gmail.com> <D4DC7F7F.3122D%qdang@nist.gov>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 02 Mar 2017 08:18:21 +1100
Message-ID: <CABkgnnVyYGqacWfOWhnO6WRnPebNV=T9+gLnnyo-+hkCN=SvGg@mail.gmail.com>
To: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/r9hS7nQ_ZDD7IQICxxMQcZwL1UA>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 21:18:24 -0000
On 2 March 2017 at 05:44, Dang, Quynh (Fed) <quynh.dang@nist.gov> wrote: > OK. What is the percentage ? Even all records were small, providing a > correct number would be a good thing. If someone wants to rekey a lot often, > I am not suggesting against that. It will vary greatly depending on circumstance. Most of the time the record size matches the MTU. Other times it matches the write size, which can be only a small number of octets. For bulk transfers it can approach the record maximum. All on the same connection sometimes. I really don't know what you are suggesting here. The point is the accounting in terms of records doesn't really give you any insight into the number of blocks.
- [Cfrg] Closing out tls1.3 "Limits on key usage" P… Sean Turner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Stanislav V. Smyshlyaev
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Martin Thomson
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Paterson, Kenny
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Ilari Liusvaara
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Rene Struik
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Rene Struik
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Martin Thomson
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Andrey Jivsov
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Markulf Kohlweiss
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Tony Arcieri
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Atul Luykx
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Atul Luykx
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Aaron Zauner
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Aaron Zauner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Aaron Zauner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Watson Ladd
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Brian Smith
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Andrey Jivsov
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Hal Murray
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Andrey Jivsov
- Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Sean Turner
- Re: [Cfrg] Closing out tls1.3 "Limits on key usag… Russ Housley