Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)

Martin Thomson <martin.thomson@gmail.com> Wed, 15 February 2017 17:33 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78ADE1296B4 for <cfrg@ietfa.amsl.com>; Wed, 15 Feb 2017 09:33:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tf8C1fnYNEqw for <cfrg@ietfa.amsl.com>; Wed, 15 Feb 2017 09:33:22 -0800 (PST)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82DC21296A9 for <cfrg@irtf.org>; Wed, 15 Feb 2017 09:33:22 -0800 (PST)
Received: by mail-qk0-x231.google.com with SMTP id p22so66592076qka.0 for <cfrg@irtf.org>; Wed, 15 Feb 2017 09:33:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=zJYzbrH0hTyIR14j/7bll3X852dqxW5Den39cRhYLCo=; b=svnN8FTt0+W3K2etYF3e1STN5Ceh2NBGhu32C2nJvG3K0LFdaQFp/2Hfe2ZuOfvPjP lHuzgcTciQADC4xbCk26BAq6ye7pFoEaNDPIcHxUDGVPMmGi60jW9mcO1HNCJotCQf6h 0AoFW/awysYdlubSC2mLDJNaTwL+/zFjJy6QiMjxscchziokl9CQR6eQwLI6xABRklpj sQ69qfB2YpA9pSsf2hWptfACIuhgGlysO6Vp36ymg5NlPbQPVS6SQ981o6j51fs9CD7W FDo/U16Y3Y1LeScgOHZDgh9f6QlKK26Jn+WaQL6RfF6GO1SzotEUR4sERjc9aIcpc+7o hg2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=zJYzbrH0hTyIR14j/7bll3X852dqxW5Den39cRhYLCo=; b=aplOJwQwI3IJZDS64wcI6FkFnRf6KJq8equz72hckTFPxKDS6vUJh/2SEpsS6l8qPz WEEIEfGQRmtIVkgW7VeuO/8eD+egPW14fv17jOe0dQnWJ/6zq1OwVvKfkwxwwVnyz8p6 jaCHusD5ztHFMRf3E8fjgy5+rRlX2BnLtNMoyraBUKWfyKc0am9wqd6iNdwrDS+bVZIO DSbByb23nW6cCjvRozp/O0TNcqL6qbIVgTFNzAhdrcMecMC9ld/07M9IWvG7UWH+5Qv5 MyhBu0QORZJ+8t/OKpNMCkyKQHwEreznXUkCbrTHmbi/3hIB/od6xsIYRSnuw6+VOWYL 9jjQ==
X-Gm-Message-State: AMke39m1KtCIdk1GrOKGMgQ8nB64+iump9Kp70iPey57W1q6mKo4Lc9N760JQgjwGXeFBPWSne+QTt1Eq628RA==
X-Received: by 10.233.235.66 with SMTP id b63mr36582482qkg.144.1487180001787; Wed, 15 Feb 2017 09:33:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Wed, 15 Feb 2017 09:33:21 -0800 (PST)
In-Reply-To: <4639F8A9-1DD7-48E5-ABE4-2658311E0C33@gmail.com>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CABkgnnVrFGHe0eKREXbG_pv=y18ouopZsE2c5+Czz0HAGko6rg@mail.gmail.com> <D4C331C7.86224%kenny.paterson@rhul.ac.uk> <VI1PR8303MB0094D686941D99290BB431FCAB590@VI1PR8303MB0094.EURPRD83.prod.outlook.com> <D4C73D19.2FB4B%qdang@nist.gov> <D4C85054.2FDA4%qdang@nist.gov> <be49d59e37339cbaea8fef9bdb2a8971@esat.kuleuven.be> <D4C8AE28.30145%qdang@nist.gov> <CY4PR09MB1464278F1845979862CA9C8EF3580@CY4PR09MB1464.namprd09.prod.outlook.com> <BD6FC1F4-F2ED-46F8-9E53-862B69D9C00A@gmail.com> <e7c9bc1fb1b57333bacbe2def2687d18@esat.kuleuven.be> <D4C9AB9C.302D5%qdang@nist.gov> <CDDC7812-27AF-4566-AE33-6DF829FEB81E@rhul.ac.uk> <CABkgnnX78HnPnudEYOciS-VgJ4opYQX56OQ1R4yYvqxOQkO7Bg@mail.gmail.com> <859B3094-61BF-40B3-9473-4220E830D70F@gmail.com> <CABkgnnURRPNEGEFKJvBJ=of=pqSD6CLJ+M3CB5KepEQA38XeHQ@mail.gmail.com> <4639F8A9-1DD7-48E5-ABE4-2658311E0C33@gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 16 Feb 2017 04:33:21 +1100
Message-ID: <CABkgnnU0FzaeRy3wXzerYL8EdzWJsSmo7Wh+ce3PmDtDYUfzww@mail.gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/uqQVGY_EqcI9tjYwmxqexQ41dYA>
Cc: IRTF CFRG <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2017 17:33:35 -0000

On 16 February 2017 at 04:30, Yoav Nir <ynir.ietf@gmail.com> wrote:
> And now I’ve lost you. A moment ago I thought you were concerned that people would fail to implement KeyUpdate. Are you now suggesting that it be removed entirely from TLS 1.3?


No.  My point was that if GCM requires more updates than you can
handle (because you are running well in excess of 1Tbps perhaps, I
don't know, my crystal ball isn't that good), then use ChaCha where
you don't need to update so often.  Obviously there is a tradeoff
there given the relative availability of hardware support, which you
likely need at those rates, but again the crystal ball is imperfect in
telling us how that story plays out.