IETF Logo Mail Archive

Re: [Cfrg] Call for adoption for draft-wood-cfrg-aead-limits

Hal Murray <hmurray@megapathdsl.net> Thu, 30 July 2020 10:32 UTC

Return-Path: <hmurray@megapathdsl.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9288A3A1062 for <cfrg@ietfa.amsl.com>; Thu, 30 Jul 2020 03:32:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.036
X-Spam-Level: *
X-Spam-Status: No, score=1.036 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_DYNAMIC_IPADDR=1.951, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LrVSLQpYWcgr for <cfrg@ietfa.amsl.com>; Thu, 30 Jul 2020 03:32:45 -0700 (PDT)
Received: from ip-64-139-1-69.sjc.megapath.net (ip-64-139-1-69.sjc.megapath.net [64.139.1.69]) by ietfa.amsl.com (Postfix) with ESMTP id 67F743A105E for <cfrg@irtf.org>; Thu, 30 Jul 2020 03:32:45 -0700 (PDT)
Received: from shuksan (localhost [127.0.0.1]) by ip-64-139-1-69.sjc.megapath.net (Postfix) with ESMTP id 198C740605C; Thu, 30 Jul 2020 03:32:34 -0700 (PDT)
X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.3
To: cfrg@irtf.org
From: Hal Murray <hmurray@megapathdsl.net>
In-Reply-To: Message from Dan Harkins <dharkins@lounge.org> of "Fri, 24 Jul 2020 19:46:54 PDT." <932316cb-7df0-b59a-c673-3579f9f4b8df@lounge.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 30 Jul 2020 03:32:34 -0700
Message-Id: <20200730103234.198C740605C@ip-64-139-1-69.sjc.megapath.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/y12kMtrpbwTHscG-CQ6IZATBlA0>
Subject: Re: [Cfrg] Call for adoption for draft-wood-cfrg-aead-limits
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2020 10:32:47 -0000

dharkins@lounge.org said:
> I know this draft is motivated by the use of AEAD  algorithms with QUIC and
> TLS where the AAD will be a fraction of the ciphertext, but it should address
> other uses of AEAD algorithms that may do things differently.

Another use case...

NTP (Network Time Protocol) uses UDP which is easy to forge.  It's getting a 
layer of authentication which uses AEAD.

The basic NTP packet is 48 bytes.  NTS bumps that up to roughly 200.  The 
client-to-server has no encryption.  The server-to-client encrypts roughly 100 
bytes.

That 100 bytes is a cookie which also uses AEAD.  The cookie contains a 
client-to-server and a server-to-client key for the above AEAD so the server 
doesn't have to maintain any per-client state.  The cookie key is maintained 
by the server.

The RFC as been approved but is still in the editor's queue.  Last draft here:
  https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-28



-- 
These are my opinions.  I hate spam.

v2.23.0 | Report a Bug | By Email