Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).

Martin Thomson <martin.thomson@gmail.com> Wed, 01 March 2017 21:18 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1782C127076 for <cfrg@ietfa.amsl.com>; Wed, 1 Mar 2017 13:18:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id enNlGfdcjZEs for <cfrg@ietfa.amsl.com>; Wed, 1 Mar 2017 13:18:22 -0800 (PST)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0CCD1296BD for <cfrg@irtf.org>; Wed, 1 Mar 2017 13:18:22 -0800 (PST)
Received: by mail-qk0-x22c.google.com with SMTP id u188so92613710qkc.2 for <cfrg@irtf.org>; Wed, 01 Mar 2017 13:18:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vrCITNjcd07mVfW48E4dyb9ZT0FeLYXbjNqQymK8pAM=; b=nOSw+LES7Hn4IE3qnSnU2cr5N87fh/JMcaEWSgZAGbNVJfXM2ydtWYuCcvod+6Y3Ei Svqadgsre21VVe3YAcb2/5u9C593pT7dSTsduhl81SY4zvQspaiBiF6Cx3Bqody88w0V J05zf/XIxzKVGRVN4PDYLTplulPCilod1OTw6GRd2GuoAasq8KC5yqLMjG3V5X9fYnXN ZlDzZcTlq27O/DjMiFIjkwmEv9gzMq+GdTEhYJEHrbwEKoPn1NwSpM1iquZDIIm0qGAb VNjWlSHnejSlQALXnZ+tOWdpD2jWajHdU+Z0NwVco9kMHhfTSqj2boSN+8+op3kaQYG/ zH9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vrCITNjcd07mVfW48E4dyb9ZT0FeLYXbjNqQymK8pAM=; b=Z395kgniA0a0SeHM6orCEQClGc0P1jGf0TIXVmVEozzCe8vh3/lXTFauOf+Ysn90GK EDhbOROKjsjJktv7idM89BEJDh81w5rwLs//wZS0ThlseyIOOczgnFC5bIy6MNA7BZll YiLdwl3MBc6lVjmuFdRi2lvzlkrB9ajKeyf7eriTt5xwSbphSCtx7kHdRJ5jz1LfimlD CF1MYkOnvW75MTbLvVmvOHEWzq/PNzGFTqZGVLlEC2qoE+rcNUtdG8mkTH0pxaeTlL1i bgFevix82eEe3FonGempgGqlP3FIRv6J3dj37MiYp7AyJgzDNsOe7vEFT+ALFWZ3Agit 8TNA==
X-Gm-Message-State: AMke39k4/PGTOj2XN1Kl/2HP9AX09NdRyoHZCGaZ3Ttv5TuYGiRWW4ekNPnMrMbPzurHqlujHVHWr01aYtsJlg==
X-Received: by 10.200.46.208 with SMTP id i16mr12941392qta.13.1488403101872; Wed, 01 Mar 2017 13:18:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Wed, 1 Mar 2017 13:18:21 -0800 (PST)
In-Reply-To: <D4DC7F7F.3122D%qdang@nist.gov>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CY4PR09MB1464243342F19FCBE48C37E7F3550@CY4PR09MB1464.namprd09.prod.outlook.com> <26137F3B-5655-44CA-877E-7168CE02DBF1@azet.org> <D4DC341D.311E1%qdang@nist.gov> <2572E3FC-0139-4946-A12D-9D9509C402F1@azet.org> <D4DC4473.311F2%qdang@nist.gov> <D4DC8CDB.8A84E%kenny.paterson@rhul.ac.uk> <D4DC48E2.31204%qdang@nist.gov> <CACsn0cmf1AN1roDpQykoVJgqC-rhvauVwSEvokG9wiCNkk==yw@mail.gmail.com> <D4DC7F7F.3122D%qdang@nist.gov>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 2 Mar 2017 08:18:21 +1100
Message-ID: <CABkgnnVyYGqacWfOWhnO6WRnPebNV=T9+gLnnyo-+hkCN=SvGg@mail.gmail.com>
To: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/r9hS7nQ_ZDD7IQICxxMQcZwL1UA>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 21:18:24 -0000

On 2 March 2017 at 05:44, Dang, Quynh (Fed) <quynh.dang@nist.gov> wrote:
> OK. What is the percentage ? Even all records were small, providing a
> correct number would be a good thing. If someone wants to rekey a lot often,
> I am not suggesting against that.

It will vary greatly depending on circumstance.  Most of the time the
record size matches the MTU.  Other times it matches the write size,
which can be only a small number of octets.  For bulk transfers it can
approach the record maximum.  All on the same connection sometimes.

I really don't know what you are suggesting here.  The point is the
accounting in terms of records doesn't really give you any insight
into the number of blocks.