Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).

Aaron Zauner <> Wed, 01 March 2017 14:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C70AF12955A for <>; Wed, 1 Mar 2017 06:24:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1Hl6_Y9SBkvH for <>; Wed, 1 Mar 2017 06:24:46 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c0c::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 537FB12940C for <>; Wed, 1 Mar 2017 06:24:44 -0800 (PST)
Received: by with SMTP id u108so31326209wrb.3 for <>; Wed, 01 Mar 2017 06:24:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gmail; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=E+6wN7j5giQLnctTPVLqaSdM4DtM05NXOsMfxaOqxQE=; b=cRD12fUtjEaJyBUaUsKAl/tgbD6IDOnlI8tFe0RQt0pR4GFUI3MG1VzvvuVLiyxUFj cDrObwXra3icL8l4/Ja/ZlhbKVyOCkSU5y9O6WPAaNKw36TljIbfeuAzvWftPUsCjLGJ O8e2rqxIaGUMeD+KNWSNzFz++W78Isx28KjDk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=E+6wN7j5giQLnctTPVLqaSdM4DtM05NXOsMfxaOqxQE=; b=dXOYQwQ/Q/mf5Op8DzhC8p1u0vvGqw/ueYkra20JeJ7X1pWhh0yeVNrSWDeFkmoykH xtTMNj9U/4F14KuNR/lHO29asBi/PRgHrvGppcN3l1p9IFFJ4EqfGBx5OwIq+Yds+NL6 n1wk/EzU6JssJEO8BwtlEJzfJobp3MRYQGhRFBUEEQGk+oSdSDSq8zYU2GKv7XCWrwYN lWM6QEmoMMnoQlYOlV7IOqXvAwLy2uvH2dfU+v/2MGVDFavJWeVgj/jTPeAyF5kiqad+ uOMK9rEjMBhAfyfEfuom6RSQhsAZE0/Ieu/Mz/2Equ0OFj7MYEAvoe8mveBI/BMko/s9 pwdQ==
X-Gm-Message-State: AMke39nf0oUJBg9KEgChEVRN7dWKA8PvchvJpbnJupHlcgqF6oVRd8kMH7BR5b06FLGSSQ==
X-Received: by with SMTP id y4mr7417080wrd.77.1488378282826; Wed, 01 Mar 2017 06:24:42 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id p93sm6780589wrc.67.2017. (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 01 Mar 2017 06:24:42 -0800 (PST)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_7A411B51-E70C-45CA-9662-6BFD89ADE5E9"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail
From: Aaron Zauner <>
In-Reply-To: <>
Date: Wed, 1 Mar 2017 14:24:37 +0000
Message-Id: <>
References: <> <> <> <>
To: "Dang, Quynh (Fed)" <>
X-Mailer: Apple Mail (2.3124)
Archived-At: <>
Cc: IRTF CFRG <>, "<>" <>, Sean Turner <>
Subject: Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 01 Mar 2017 14:24:47 -0000

> On 01 Mar 2017, at 13:18, Dang, Quynh (Fed) <> wrote:
> From: Aaron Zauner <>
> Date: Wednesday, March 1, 2017 at 8:11 AM
> To: 'Quynh' <>
> Cc: Sean Turner <>om>, "<>" <>rg>, IRTF CFRG <>
> Subject: Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
>>> On 25 Feb 2017, at 14:28, Dang, Quynh (Fed) <> wrote:
>>> Hi Sean, Joe, Eric and all,
>>> I would like to address my thoughts/suggestions on 2 issues in option a.
>>> 1) The data limit should be addressed in term of blocks, not records. When the record size is not the full size, some user might not know what to do. When the record size is 1 block, the limit of 2^24.5 blocks (records) is way too low unnecessarily for the margin of 2^-60.  In that case, 2^34.5 1-block records is the limit which still achieves the margin of 2^-60.
>> I respectfully disagree. TLS deals in records not in blocks, so in the end any semantic change here will just confuse implementors, which isn't a good idea in my opinion.
> Over the discussion of the PRs, the preference was blocks.

I don't see a clear preference. I see Brian Smith suggested switching to blocks to be more precise in a PR. But in general it seems to me that "Option A" was preferred in this thread anyhow - so these PRs aren't relevant? I'm not sure that text on key-usage limits in blocks in a spec that fundamentally deals in records is less confusing, quite the opposite (at least to me). As I pointed out earlier: I strongly recommend that any changes to the spec are as clear als possible to engineers (non-crypto/math people) -- e.g. why the spec is suddenly dealing in blocks instead of records et cetera. Again; I really don't see any reason to change text here - to me all suggested changes are even more confusing.