[Crypto-panel] Re: Request for review: Usage Limits on AEAD Algorithms

Thomas Pornin <thomas.pornin@nccgroup.com> Wed, 31 July 2024 14:26 UTC

Return-Path: <thomas.pornin@nccgroup.com>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A424C151089 for <crypto-panel@ietfa.amsl.com>; Wed, 31 Jul 2024 07:26:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nccgroup.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bZ18j5iFpcdm for <crypto-panel@ietfa.amsl.com>; Wed, 31 Jul 2024 07:26:26 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2070a.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e88::70a]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E00EC15106B for <crypto-panel@irtf.org>; Wed, 31 Jul 2024 07:26:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ye896pDESkzVIcrqrZ2DFkDzanBhH53oV91zJ2Cx01t4mRCip0rG08Qr5DpYMsybNU3Ic7XiO8LBVCV4Qztd1wDofipYAA9Ft29GsD9moo1nHXhvoSejEWOrV0RAeR9orVgqBPIhKmpFEZYCTxufgoc/6YsaS5VBmRDSxeax8TR2lZTzHORWaiTUszgz640qTMPaum1Gme5XsxRlsxLlYOelmlSV8qS19xScAmNd6FcCnwyx8KpeMIpdr3d+vFfSrwXNB8zizVu68hkHAJohTRYGdjWNEdeUhm/q6LtCpRGoNXWosYwTbXwFuMvT3YNI8RAc7/V/QRgj2bllcrevoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=crmIUzikOHzEbJU25jg/7tAurXx1uyAuo0Mx7hjs720=; b=u1aJxDnH8jMg/e3ZhvkzK/kVH6r81VebIW8mpQrw8k7S0jVm1c+r56R5gkaLwCm0ouAXyIsEypGgOclITcQAcrj4zlFEtwlewQyTutqHE08+9JexUUQHHuO9i8aM4bX1Ul7MfyxhW6gnCClDTJ7FlpEvxEfjYao+XpS6HvXONCcB88Cj4cH8440zztXuCZKJi9mS046UWUX8HMTbavSJ+w5NIVMXrw68lKPPwuptXF+zTfo+rcFcxNOHfibT4xBOrClIQXfHz0nzUTPdFfZNVg/yo3HiMu775WKEZ174h3JyPvi9ypedJrG+5mBexW4ekO7G97jQae9U965v7+UakA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nccgroup.com; dmarc=pass action=none header.from=nccgroup.com; dkim=pass header.d=nccgroup.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nccgroup.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=crmIUzikOHzEbJU25jg/7tAurXx1uyAuo0Mx7hjs720=; b=DIPca7JKUB0DDo5J2d5dyGDiorQpwZ7eqWNGDt1ArzZMgLk7rv9PPLvKRI3muiSZ53+XwqoUEw/zkYJmRH3oJ5BZu4Rx/p+yFavs3R2+JYFv2jlN97SJ0oq8cgOCqycKDlApYiMcvgB3rJOVE2Jnv+0katbX8NAftSkfXNaJAnFVp6XhORZaJyu34+980XxecV+AzAbZ1qp77LwIuQ+iGQdxpcl+1TDyBWRHHPfv5KRiiP9MoJMTD1cZbDSDxOy8LW7vVG9GuaHY0u7M6gx7BPILnuCGFtXCxFVidMdmcT0K8lrkLYJ3VFez0Mzg7wvPiuSMtN89AjjAyl9mnUXDCw==
Received: from CH2PPFCDF62ED4C.namprd06.prod.outlook.com (2603:10b6:61f:fc00::44b) by PH0PR06MB8482.namprd06.prod.outlook.com (2603:10b6:510:59::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.22; Wed, 31 Jul 2024 14:26:20 +0000
Received: from CH2PPFCDF62ED4C.namprd06.prod.outlook.com ([fe80::b107:2359:b2b5:84a2]) by CH2PPFCDF62ED4C.namprd06.prod.outlook.com ([fe80::b107:2359:b2b5:84a2%2]) with mapi id 15.20.7828.016; Wed, 31 Jul 2024 14:26:19 +0000
From: Thomas Pornin <thomas.pornin@nccgroup.com>
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Thread-Topic: [Crypto-panel] Request for review: Usage Limits on AEAD Algorithms
Thread-Index: AQHau9FGE7rSyuLuCkebbNxTaUu4a7HETH2/gAAA8ICATOQauQ==
Date: Wed, 31 Jul 2024 14:26:19 +0000
Message-ID: <CH2PPFCDF62ED4C490EC37D17DCA1E60DC782B12@CH2PPFCDF62ED4C.namprd06.prod.outlook.com>
References: <CAMr0u6=n0b85hZ-a4Sm73dUru4U6bXHBbfgNOOgQE+T4WtBRyA@mail.gmail.com> <CO6PR06MB7441DB10F91F68F7D6253AE482C02@CO6PR06MB7441.namprd06.prod.outlook.com> <CAMr0u6kgjGeJWfBf6KdtpSsUcirH8xj1Ju176hCLWuja2Y9=HA@mail.gmail.com>
In-Reply-To: <CAMr0u6kgjGeJWfBf6KdtpSsUcirH8xj1Ju176hCLWuja2Y9=HA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-CA
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nccgroup.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH2PPFCDF62ED4C:EE_|PH0PR06MB8482:EE_
x-ms-office365-filtering-correlation-id: 19e421e8-5dc9-498f-deb3-08dcb16cbea1
campaign: C_Default
signature: S_NoSignature
disclaimer: D_NoDisclaimer
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018;
x-microsoft-antispam-message-info: 6Mv8gSU1QWxeBjWF8pyzY4crKsQcHQh6hwUr67sU9Pf0QTFGzpB5CAL9O7JCtK0u+L/pOVJxNh1rePmrBjJJwLqZ/BXDMiFzpgRvYFFcY35oqV/X2BWqKCavgf1OafzIoTZtYWpSB2QKB9nTcHgNiGw0ZGP9S48ZDTGDFVnmvHmAX+1hMemq2j7r8JkT9ThEGmrcArhE9b47RLLikOB3t1Rm7BhZ/5qZYCSeKAY6FcmTKwyXAvYCMVSEM0oQOx+Vrzw6omird+GuSmQPRELumt0XgpEruKkMuMO8/NXcS2blmZcZ4eHgXnoUpPjbSBy15P3kTivBISZzYV3p8JZkLcnuE7uziCMyulFHkhEJCgiNy9hOuQdNj2kkcBk4bGtZ5cZiD44AKa6/9Svg7KgKomhAuRYbJG++coW54XzuDh4YExKGQMW9bWZKsfZGXwMtBGezBXpB3wM/u1vcE2WKEBp88X545A70lLqCk0ZSt7LFbTNGTVMl2SsrjoxE/Ux3SMDKGSEj/cWUn/qYfj9T/SS/D4Cj4n9s4aazTLWYX9hbEnVVuxpYosF+6diWYhYKHhrw3ZA/JTAFvuC5RmhwZIKMiLuYf8xyTFbFhEGuVGFcxrdHKjKXQH85Bl2bHDnzaWaqzTFmkbbpL0DgCWQls+mPimrdUkuBK4JjWaEhIeouW2Bg44DNXeosqNM9L4FqKWaybiyMAxtBu3jz8JqiQ/8SNULX4V55LCSv0eB5WwNW4Ko27EhXATFDvGmYMZXxIkwEoj0pdpr7EA6Tpec6Pwytl0wq8AvyPZr8HrU26bN1ifFCaaCmUBdeDATjxTmUnOGPO8DIPfnD+ZFfTw09oQakPBH2sYChH2uaTrLPCrPNc7RZnf+9OLIf7U66JilTdfHNuSeF4WHW57rzqOy9PI1j2ubxZKkz8YKg/Itizbd45jcz2j9QHQOQPHIEqNKr1ThjstzLkKlUYGXQCOEIJ4JUe/W+uYWM+nYdeKi2qpAEkV/eNF5b/6QcxDvthrfJ7wpxiUya2tlCNtyLuz+x6oEydG1YiaUxxH2m/jkWusv/CdbkV57zcQub92lqoAljlja99B5O2YOk7g/BLz+8fWzLHpXmWYak9esq+r/IRFvLaPNwrOB8D+dskN1qTXLFE1gNDrIPDiUx4rM0jkVQp+qMVaUrmwACbM3rKwkAGucb9m2xZCng74POtHeAZPR5brdumzoTNSfzVnytuJnuWgwPht2cYW3AJrB+iO2t2U5aAxto3j2lmvNk75l6TMR+4MIa1A+dQFDiEyExgTblxJouRI4vhSpxVbAUl/TrnC8yt4iZq4xOswcxAd8r+0zbvob0rTSy3cm2jWRy9sNYQ9evlXcOSzg5eLvpnYjt1ro=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH2PPFCDF62ED4C.namprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: oNM0aFviBXykchSoMxdPgIUuhtcYvQYvAjiDMmDqZeFfeQOs7/VqME4gbJrONfoGzuEb8hv1StWfLSCi1WmcUd7xxdx/8cekHR6PN27H+WEbCE5UsIcxk5HrTU/N4ECySnYFUQuYpXh5ysDGykp4/skh6aKHVnpk4HCwvsAmWir9HMCcvoeUpTW3tvR+sdeRpjksmTPraAKehgx9hXs29Xt7puImfzWxmVUt9ZfhR+zKUG0TN4yfJTmClIqn/P3NCfMl3NW0vj/RhtxU1LwgVB/6EIeygNZWSyFSDe3eEWzhFAVv9TVh0fs0Vdjiajs53NyuTXjo77JzIkO8z6nfmFiH9YqESQZNt8ZWbFoxTyZCFs7OhGS86SPFjSsZXho+pibk9XUqAknm2PcasxhjWyFpLuymEuT+FLWmgC0HBaNMaH7/y/4zLK+uPiUYgO6syx5nDr7a2+tFQNe4nY4mhlkIuxEyi2p58PiBstmFXSUJuACff7ZHSvxMlp+UyrVkHESlFB1C7gx5GHJRX74WZRPxLtRQwFt/qIUpxWn2D5HnCLYCou9aT/+2FkiRGqrAPp+oVI2TTS1jtjzO6nWmXW1LIz9AITtLrLtvSSeKcKCqjRmJbrW++F/nCAP5BfW0s02Xt8Z9G4CDqHBuWmUyoCZ4G0++qeBxLtlnoao9+F+CfoEuek+9ht4GySTVhpRyhP1BuBY6Xy1n0fMrHkz5g7HKfw0P9kaxz0DpTmzp2QS9p6yaWSX7EtUnFUzBZBM0ZAGwQTGHm8dhhqhhHrReU2cFsbn2bV8HLwF2+aq3my14RA08sJ826ETp1x6wKzpDKA9dLD8iRm1EvDEAIBgHhJz8zvS4mg2B/ZjXuMZ39xRsthgsxg2moicL1AQH+bLmhmOy3TcTOqtm/AlHxQKwIM3IeCdYBMxcDpuQ39l92o8hIhO+sBgyVPN9SygjukW7soIVEUV/4kJ0R2z2bVO49jkJObqE1jYIHKSHIBj3KOVm91imuBsm2AcAm9RCB+IIhwRaQEOFoPO/zdCS7A/voe28gT9unlPyB9jQBAmb/C0oZp0CL0k5X63kJU0QgvWmY4FWyOrAYne19EEF/4YXu9jSN+gKLGm3Fcr/b/rki1GhY57YqSED/GP2l3iSCrMkorSnHzI2X+lc9P8y17qwumq0ao4tLURpci6NvnzSV6MYZ05wkaESsRJg0ouNY3n2d/JytdEuKD/8JHKyVce1x4697EF3e7VtxjD1J7WVISSapdEdo2fQ7i1p6KjWsxamyZGuuSbbvI5zg460svvCfeVd63YBTepskbU+d5GIb++KSXGdFCslM+bpMveq6EoHd47zKKZ1jaI4Bwvru5kkLo4Ec8rABtPY0R7fMofA16v61SWb0VhHTikkiPBJDEHwsMNRkGFhJcpyV/aNygUy2AGcUeOZ3HPefKZgw8x8quHepyLE1JHsaxbaHzooTVkMrQ02nMUlItK1r2asZ9t55qfCe7/QB+BrrKrC31m6OdwttM2R5E/s5gIenSST2FZh3lNKXAznYajf5cQZoZkg+Vuv0EN0PknekdkNyr9z2bNgFNgenes5MjIHEV16ig7oOC+f4Dw/lX4fxXrnPBZuTW1rzttyKtMNuJbY0DBN3uY=
Content-Type: multipart/mixed; boundary="_004_CH2PPFCDF62ED4C490EC37D17DCA1E60DC782B12CH2PPFCDF62ED4C_"
MIME-Version: 1.0
X-OriginatorOrg: nccgroup.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PPFCDF62ED4C.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 19e421e8-5dc9-498f-deb3-08dcb16cbea1
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jul 2024 14:26:19.2203 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a41111be-486b-45f6-8bd0-ee01a62f368e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eiOPly4qSvViBtMZCDCRE8j/ZhwmxsRIkVDRHc+ETRFkFszFRMEZ2uGjysj9/epjY8V0ZYXmBeUk1i9eaKpwwpOb7tTijwRZf8skNCuml3c=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR06MB8482
Message-ID-Hash: BIJVCET6YDY6RXC24YDSWDUL7HH23K3H
X-Message-ID-Hash: BIJVCET6YDY6RXC24YDSWDUL7HH23K3H
X-MailFrom: thomas.pornin@nccgroup.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-crypto-panel.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>, "draft-irtf-cfrg-aead-limits@ietf.org" <draft-irtf-cfrg-aead-limits@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Crypto-panel] Re: Request for review: Usage Limits on AEAD Algorithms
List-Id: Crypto Review Panel review coordination <crypto-panel.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/AKkf4W6n_JgDlvHlOdQphb932jQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Owner: <mailto:crypto-panel-owner@irtf.org>
List-Post: <mailto:crypto-panel@irtf.org>
List-Subscribe: <mailto:crypto-panel-join@irtf.org>
List-Unsubscribe: <mailto:crypto-panel-leave@irtf.org>

Oops, looks like I had forgotten it. Sorry.

Here is my review. Overall, the document is a nice endeavour; since the focus is on IETF protocols, it might be worth to give a few more applied examples? The tables in the document give number of 1500-byte messages (“a common Internet MTU”) which would conceptually apply to something like IPsec, though less so for e.g. SSH or TLS, which have larger “records”. I also have some misgivings on the advice in section 7 which amounts to, basically, ignoring in implementations the limits that the rest of the document takes pains to define; as a “security consideration”, it does not seem conductive of security.

Thomas

From: Stanislav V. Smyshlyaev <smyshsv@gmail.com>
Date: Wednesday, June 12, 2024 at 12:07
To: Thomas Pornin <thomas.pornin@nccgroup.com>
Cc: cfrg-chairs@ietf.org <cfrg-chairs@ietf.org>, crypto-panel@irtf.org <crypto-panel@irtf.org>, draft-irtf-cfrg-aead-limits@ietf.org <draft-irtf-cfrg-aead-limits@ietf.org>
Subject: Re: [Crypto-panel] Request for review: Usage Limits on AEAD Algorithms
Thank you so much, Thomas!

Regards,
Stanislav

On Wed, 12 Jun 2024 at 19:04, Thomas Pornin <thomas.pornin@nccgroup.com<mailto:thomas.pornin@nccgroup.com>> wrote:
I can make a review (by mid-July, possibly much sooner).

Thomas

From: Stanislav V. Smyshlyaev <smyshsv@gmail.com<mailto:smyshsv@gmail.com>>
Date: Tuesday, June 11, 2024 at 03:30
To: crypto-panel@irtf.org<mailto:crypto-panel@irtf.org> <crypto-panel@irtf.org<mailto:crypto-panel@irtf.org>>
Cc: cfrg-chairs@ietf.org<mailto:cfrg-chairs@ietf.org> <cfrg-chairs@ietf.org<mailto:cfrg-chairs@ietf.org>>, draft-irtf-cfrg-aead-limits@ietf.org<mailto:draft-irtf-cfrg-aead-limits@ietf.org> <draft-irtf-cfrg-aead-limits@ietf.org<mailto:draft-irtf-cfrg-aead-limits@ietf.org>>
Subject: [Crypto-panel] Request for review: Usage Limits on AEAD Algorithms
Dear Crypto Panel experts,

The chairs would like to ask the Crypto Panel to provide a review for the current version (-08) of the "Usage Limits on AEAD Algorithms" draft, draft-irtf-cfrg-aead-limits-08  (https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-limits-08.html)

Volunteers?

Stanislav (on behalf of the CFRG Chairs)