Re: Eric Rescorla's Discuss on draft-ietf-httpbis-encryption-encoding-08: (with DISCUSS and COMMENT)
"Manger, James" <James.H.Manger@team.telstra.com> Thu, 13 April 2017 05:36 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02BEC127011 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 12 Apr 2017 22:36:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=teamtelstra.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xUmzJo8jyqTA for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 12 Apr 2017 22:36:31 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E82D12009C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 12 Apr 2017 22:36:31 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cyXMp-0001LN-3d for ietf-http-wg-dist@listhub.w3.org; Thu, 13 Apr 2017 05:32:27 +0000
Resent-Date: Thu, 13 Apr 2017 05:32:27 +0000
Resent-Message-Id: <E1cyXMp-0001LN-3d@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <James.H.Manger@team.telstra.com>) id 1cyXMi-0001K9-B3 for ietf-http-wg@listhub.w3.org; Thu, 13 Apr 2017 05:32:20 +0000
Received: from ipxbvo.tcif.telstra.com.au ([203.35.135.204]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <James.H.Manger@team.telstra.com>) id 1cyXMa-0006I9-A9 for ietf-http-wg@w3.org; Thu, 13 Apr 2017 05:32:15 +0000
X-IronPort-AV: E=Sophos;i="5.37,193,1488805200"; d="scan'208,217";a="151185739"
Received: from unknown (HELO ipcbvi.tcif.telstra.com.au) ([10.97.217.204]) by ipobvi.tcif.telstra.com.au with ESMTP; 13 Apr 2017 15:31:38 +1000
X-IronPort-AV: E=McAfee;i="5800,7501,8496"; a="466786866"
Received: from wsmsg3755.srv.dir.telstra.com ([172.49.40.196]) by ipcbvi.tcif.telstra.com.au with ESMTP; 13 Apr 2017 15:31:38 +1000
Received: from wsapp5584.srv.dir.telstra.com (10.75.131.20) by wsmsg3755.srv.dir.telstra.com (172.49.40.196) with Microsoft SMTP Server (TLS) id 8.3.485.1; Thu, 13 Apr 2017 15:31:39 +1000
Received: from wsapp5584.srv.dir.telstra.com (10.75.131.20) by wsapp5584.srv.dir.telstra.com (10.75.131.20) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Thu, 13 Apr 2017 15:31:37 +1000
Received: from AUS01-ME1-obe.outbound.protection.outlook.com (10.172.101.125) by wsapp5584.srv.dir.telstra.com (10.75.131.20) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Thu, 13 Apr 2017 15:31:37 +1000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=teamtelstra.onmicrosoft.com; s=selector1-team-telstra-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=v1576dNzD8BT8dUVgVi4YG0Z2A2yIO7VykECuNJpRFU=; b=VOFJnLl1/YLI3FPs1+/rmgEkvKhZ5k/pQPlcg3+RWm9HHFKyHbDrn0ot0oxiaJ/CzqTtg88wVNZODonQnV+RoFYpiqLFT2AZeoxDmS+7DCfLqTAwR/8+mdbhcUvPNeux1k/zLBFyQJgtePAhsNmgHmNMkqrFGoMm/I2aCEg6mi8=
Received: from MEXPR01MB1607.ausprd01.prod.outlook.com (10.175.214.10) by MEXPR01MB1605.ausprd01.prod.outlook.com (10.175.214.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10; Thu, 13 Apr 2017 05:31:37 +0000
Received: from MEXPR01MB1607.ausprd01.prod.outlook.com ([10.175.214.10]) by MEXPR01MB1607.ausprd01.prod.outlook.com ([10.175.214.10]) with mapi id 15.01.1034.011; Thu, 13 Apr 2017 05:31:37 +0000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: Re: Eric Rescorla's Discuss on draft-ietf-httpbis-encryption-encoding-08: (with DISCUSS and COMMENT)
Thread-Index: AdK0FSjAF9EOE05GQgOLpbnJ+JAbNg==
Date: Thu, 13 Apr 2017 05:31:37 +0000
Message-ID: <MEXPR01MB160767A203EFDBAA13F6B9A3E5020@MEXPR01MB1607.ausprd01.prod.outlook.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: w3.org; dkim=none (message not signed) header.d=none;w3.org; dmarc=none action=none header.from=team.telstra.com;
x-originating-ip: [203.35.185.244]
x-microsoft-exchange-diagnostics: 1; MEXPR01MB1605; 7:qRzguNFnhqORfvB0cbmTzUnWLqOVsH2BrWHD2GL9WsTPyj/rV7YLHbJGeDmnIrXXlKpZz3G56iNSZXoYzBj/yBhcDrD6MRFHZhPGp8PytcNTYFQGFvCyrgjJBHPlyNQRhrhKeGrKhfCHTxowmVvYRby95O6RQ8+YJdVMaIcRgG4H4aNfeuajBDJ5LmWq6AH8n08C0FbraIoF4Jq7JDX/PTS9uQ1iXNkxVJNrybETkjV19tv6DD2D68Dan/aJG8t67Qrb10RrSgxzVrft54yY4vaY60ZGPBaUnuz5mrt9v5M3jw01QD4a0Mk/2a1XOlhw+RB9YckkgolZt8Gn55PwXA==; 20:WI3jO6xX+ax6TKRlhFCOgs5SlVCyFdd8/Y69BkHA6oYNYskZes/6JFzitJ0aaqfrLdTSJTpZCJt8TYKWV77neOkzfEwKRzdk8rgp6/gmsvZ97koyfgt+bCcOukVTe3PhkdCg9+caBENnsgL35Kl6bn6KoWdCpCKtacNM2+/DRkUssUB61RRFzkg8bqtnbCgbZc8LM3suKavC2mNqJEhVqh+/go4w3M4cTXrKa+ZBrG1odaJgCI3JfAZHq491CJl8M6/lLks4mP4jWp57d5yi+2n4JUugXXVnkOtvKG92RgvvgVDGzHuEbvbpaTuWlpCqJ6v8geoQ1Sz0PUfizzrhXXbXZz2n1Wxk1h3w0o9XoKBoZOhtHLgJHdNBrONhMoahCG+DHRmsLhvUAC5ObkywxD+ebnzBGtaLTAxRWKGrxZc=
x-ms-office365-filtering-correlation-id: 3d7a71c1-941a-4f33-2733-08d4822e5aed
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:MEXPR01MB1605;
x-microsoft-antispam-prvs: <MEXPR01MB1605FF3D23382635B60A23EBE5020@MEXPR01MB1605.ausprd01.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(6041248)(20161123560025)(20161123555025)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:MEXPR01MB1605; BCL:0; PCL:0; RULEID:; SRVR:MEXPR01MB1605;
x-forefront-prvs: 02760F0D1C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39410400002)(39840400002)(39400400002)(39860400002)(39450400003)(3660700001)(122556002)(6506006)(2906002)(54896002)(99286003)(3280700002)(5660300001)(6246003)(6306002)(8676002)(77096006)(5640700003)(74316002)(110136004)(53936002)(81166006)(38730400002)(3846002)(6116002)(790700001)(102836003)(42882006)(7736002)(86362001)(6916009)(229853002)(8936002)(2501003)(55016002)(2351001)(5630700001)(2900100001)(9686003)(33656002)(6436002)(230783001)(50986999)(189998001)(66066001)(54356999)(25786009)(7696004); DIR:OUT; SFP:1102; SCL:1; SRVR:MEXPR01MB1605; H:MEXPR01MB1607.ausprd01.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MEXPR01MB160767A203EFDBAA13F6B9A3E5020MEXPR01MB1607ausp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Apr 2017 05:31:37.1080 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 49dfc6a3-5fb7-49f4-adea-c54e725bb854
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEXPR01MB1605
X-OriginatorOrg: team.telstra.com
Received-SPF: none client-ip=203.35.135.204; envelope-from=James.H.Manger@team.telstra.com; helo=ipxbvo.tcif.telstra.com.au
X-W3C-Hub-Spam-Status: No, score=-2.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, W3C_NW=0.5
X-W3C-Scan-Sig: titan.w3.org 1cyXMa-0006I9-A9 e410a948e6774024bd37c35fe879d26c
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Eric Rescorla's Discuss on draft-ietf-httpbis-encryption-encoding-08: (with DISCUSS and COMMENT)
Archived-At: <http://www.w3.org/mid/MEXPR01MB160767A203EFDBAA13F6B9A3E5020@MEXPR01MB1607.ausprd01.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33811
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Eric said: ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- The "aes128gcm" content coding uses a fixed record size. The final encoding consists of a header (see Section 2.1) and zero or more fixed size encrypted records; the final record can be smaller than the record size. This restriction seems to be an artifact of your previous design which used short records as an end marker. With the new padding delimeter structure (which I note is isomorphic to the TLS 1.3 structure), I'm not seeing any reason to require that the records be fixed length (as they are not in TLS). I didn't see any discussion of this point in the thread where this structure was designed, so I'd like to get confirmation that the WG considered this point and decided to continue with the above restriction. I'll clear this discuss upon either such confirmation or removal of the restriction. ---------------------------------------------------------------------- The fixed record size is also necessary to be able to split the body into records. Records are simply concatenated together. There are no other boundary markers or per-record size fields. The fixed size allows you to read the header then skip, say, 1 MB into the content and still determine where the next record is so you can recover authentic plaintext from that point (though due to unknown padding in earlier records you might not know the actual offset for this plaintext). -- James Manger
- Eric Rescorla's Discuss on draft-ietf-httpbis-enc… Eric Rescorla
- Re: Eric Rescorla's Discuss on draft-ietf-httpbis… Eric Rescorla
- Re: Eric Rescorla's Discuss on draft-ietf-httpbis… Manger, James