Re: [Cfrg] I-D Action: draft-irtf-cfrg-re-keying-02.txt
"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Tue, 20 June 2017 12:42 UTC
Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80AF5129BCD for <cfrg@ietfa.amsl.com>; Tue, 20 Jun 2017 05:42:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PvPLlYmWoRuj for <cfrg@ietfa.amsl.com>; Tue, 20 Jun 2017 05:41:59 -0700 (PDT)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8C1A129BCF for <cfrg@ietf.org>; Tue, 20 Jun 2017 05:41:58 -0700 (PDT)
Received: by mail-qt0-x229.google.com with SMTP id u12so132376374qth.0 for <cfrg@ietf.org>; Tue, 20 Jun 2017 05:41:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1gWmSl1PVoWMlHYgkttsAk+r/govcW/8E17ts4dDGKY=; b=MvTTirqRx4vjmfs9w2/V/GiApNnkrgsAslcKlb9FOvPbzAGZ6E16WkH2DiGEBQ0Sy3 2QUlDoogQxZ+Su8TrEoeKLi1lf0MdQ2w7LxuLtMX6EuVbnoOFxz+BSWlFP0uVMPm011s ES9UPnTfZxh7VJYtsG5wv6Mdpop3lWMNe7g9AaSgFSFbRh+CrddkArY1VL3Gg5UtUz9a 0WuMgIh831aGRSukWgV3Gkeo8ci6B343q0vWTNIp11P72hJbZuxKlUavAtKzvKX5ZEGn 8+W2VS0YGy4nHHw++iaitZ+b28OchKvkSzm0jq3jGr6RkuTLBHP+g3hbqTJroC4XfPXz ECBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1gWmSl1PVoWMlHYgkttsAk+r/govcW/8E17ts4dDGKY=; b=By+VMA6ykVjWTDTchy476VjTK7m++ZP0Ep1g4JRKH6V/61yRHnufok6sccjfeg0VOb 9F3y4Y2+W9SIexcx3bn1kRh4hdY8Kqv5OqCNH8sgW3kMB4ISi6iDpV9kT0ivwak3bTiV 0Ga3o2pPempal1kVg1k2GNeEXZvm9kcJ/8tYnndMXrpT4TLVCoUIW6Y9qEU9znCF74/E 9mOv66t4mNzy8V7O8EDndrKyVqEgc54hAQjLGLMmQkM0fXfIaPGjb7rXMlV2jB/GcxBQ 0D/PPO40tRw7puvzwUGwRiBfjfw8Ywzb83tFuCwlsG6KtxbQrM/l8R0A+hU3ARNnE0// dd1Q==
X-Gm-Message-State: AKS2vOzoNnw1h89H2tLNyjsy0QGnn0BQExcy94g9O5iOfFXOsIQNzU19 RhniG6wJ0ELZWLvJDN/LAREiEpOg4e0i
X-Received: by 10.200.9.47 with SMTP id t44mr2786836qth.107.1497962517977; Tue, 20 Jun 2017 05:41:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.148.77 with HTTP; Tue, 20 Jun 2017 05:41:57 -0700 (PDT)
In-Reply-To: <89AFF43D-EFE7-4D7F-8ECE-877A4BEBD546@vigilsec.com>
References: <149667340139.3152.10556340180920549215@ietfa.amsl.com> <89AFF43D-EFE7-4D7F-8ECE-877A4BEBD546@vigilsec.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Tue, 20 Jun 2017 15:41:57 +0300
Message-ID: <CAMr0u6khW2e19bYFdH0-J3SrrCOpdBTa1LWGiDJHQa04EaNF+w@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: cfrg@ietf.org
Content-Type: multipart/alternative; boundary="001a1144be4ac55eb805526393eb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/vKSrknHD-drLxX8IV1C_Z-N61vM>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-re-keying-02.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2017 12:42:01 -0000
Dear colleagues, We've posted an updated version of the draft (see https://tools.ietf.org/html/draft-irtf-cfrg-re-keying-03), in which we've tried to address received concerns (thanks again for all of them, by the way!). Almost all the comments were fully taken into account, with the following comments: 1. > Section 1, Last paragraph: Please separate the ideas here. First, TLS 1.3 is an example of a protocol with external re-key. Second, there is a discussion of the benefits of re-key. The first belongs elsewhere. We completely agree with this comment, but instead of separating these ideas, we deleted the first sentence, since the reference to TLS 1.3 is provided below. 2. > Section 4, first item number 3 says: . . . provides forward and backward security of session keys . . . This is only true if the previous traffic keys are securely deleted by all parties that have the keys. We added this clarification to Security Considerations section. 3. > Wouldn’t it be cleaner to say: L = min(L1, L2), q = min(q1, q2), q*m <= L We added this explanation, but we did not remove the old text, because it looks important to show that (as L1 is usually much less than L2) the key lifetime can be greatly increased, because re-keying lets us to forget about the "side-channel limitation" L1. Best regards, Stanislav 2017-06-09 0:39 GMT+03:00 Russ Housley <housley@vigilsec.com>: > I have a few comments on the most recent version of this document. > > Section 1: Please describe parallel and serial re-keying mechanisms in the > introduction. > > Section 1: I think we need to say more about internal re-key when it is > first introduced. I suggest: > > This specification presents two approaches that extend the key > lifetime for a single symmetric key while avoiding renegotiation: > external and internal re-keying. External re-keying is performed by a > protocol, and it is independent of block cipher, key size, and mode. > Internal re-keying is built into the mode, and it depends heavily on > the properties of the block cipher and key size. > > Section 1, Last paragraph: Please separate the ideas here. First, TLS 1.3 > is an example of a protocol with external re-key. Second, there is a > discussion of the benefits of re-key. The first belongs elsewhere. > > Section 4 says: > > . . . External re- > keying approach is recommended for usage in protocols that process > quite small messages. . . . > > It is obvious that the message size can exceed L. That said, external > re-keying is also very useful when there are lots of messages or the > protocol has a way to break a very large message into manageable chunks. > Obviously, TCP breaks a very large stream into many manageable chunks. > > Section 4, first item number 3 says: > > . . . provides forward and backward security of session keys . . . > > This is only true if the previous traffic keys are securely deleted by all > parties that have the keys. > > Section 5, bottom of page 8: Wouldn’t it be cleaner to say: > > L = min(L1, L2) > q = min(q1, q2) > q*m <= L > > > > Nits: > > Please use figure numbers and captions on the illustrations. > > Section 1: s/С/C/ > > Section 4: s/Homever/However/ > > Section 4: s/it almost does not affect performance/minimal impact on > performance/ > > Section 4: s/sessin keys/session keys/ > > Section 4: s/always have an access/always has access/ > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- [Cfrg] I-D Action: draft-irtf-cfrg-re-keying-02.t… internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-re-keying-… Russ Housley
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-re-keying-… Stanislav V. Smyshlyaev