Re: aes128gcm: why verify padding?
Martin Thomson <martin.thomson@gmail.com> Mon, 16 January 2017 07:12 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58014129407 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 15 Jan 2017 23:12:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.72
X-Spam-Level:
X-Spam-Status: No, score=-9.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zdT8DUi8UdYt for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 15 Jan 2017 23:12:34 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B760126D73 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 15 Jan 2017 23:12:34 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cT1QY-00011k-GD for ietf-http-wg-dist@listhub.w3.org; Mon, 16 Jan 2017 07:10:02 +0000
Resent-Date: Mon, 16 Jan 2017 07:10:02 +0000
Resent-Message-Id: <E1cT1QY-00011k-GD@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1cT1QV-0000rD-MG for ietf-http-wg@listhub.w3.org; Mon, 16 Jan 2017 07:09:59 +0000
Received: from mail-qt0-f175.google.com ([209.85.216.175]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <martin.thomson@gmail.com>) id 1cT1QP-0000KS-DO for ietf-http-wg@w3.org; Mon, 16 Jan 2017 07:09:54 +0000
Received: by mail-qt0-f175.google.com with SMTP id x49so96548884qtc.2 for <ietf-http-wg@w3.org>; Sun, 15 Jan 2017 23:09:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=wNAi7XIDrMW+ZpuYifWPe1eyjKHfI2f1idbjOOTIocQ=; b=HBvB7WUJZkdErDwCFdfq/DV1UDCDg2umwWTEVdslDjlzUklBD6CKAsAELoftJFR+4L QuD0XnbxSAXlTpqI2A+lqAhfelY+QgmY58QGsVpIzvNXjs4sS3bEf8XRQfqehY8qa5jj iIxq8NP1xnlSJyQkgiiJDeQPalUdVn6/2li61dcFXKcvy4U7mrShr3BaYbsuB5r14khJ eORoHlv8Ty5sk3nUnMlp1gSHj9wvqxjDDsMMZge4Cnh4wB9swj819F5l9tIj3RMd6ivk QoSNGWqC8jnnOmHfXCY5IwVViePQu6QT6MB2wIJsvYzSGNybLK8lS1jSIWoLeWa3H3SA 0+yA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=wNAi7XIDrMW+ZpuYifWPe1eyjKHfI2f1idbjOOTIocQ=; b=lmOK4kc8zgKiMhu3d/fDlgKVQDXuMHWin4RELUtaVkDcBUlM1GYP7aokPzvzM203b2 RhpJnheMcuwV1LbyImFuwnjh9xH/kjHxzyt0ua2u2vbF/NFZ5ng7DPaY9wG05PrZd1LB iInc9JOs/BLgOsYTJn59nygVdpBgmGHcsTJkgbZpvgUdOoEciRCSOarQbKDTLbj17ZQ2 xiZ5PB3xWf/Xcsz07iHcasrpxBmssSwkxPJ6l7A6eLH+CI5vcrzRBUDwTCEwEfV89h6U XcAlazvXrzvrJeEnrrzvi23fPxo4YOuGC0+dHjRZ7kj5o7mtNY8U2DTVCwjc21HYqnB3 r2aw==
X-Gm-Message-State: AIkVDXJiPRNmo3SjzXnVShaNUnkuRj3t8xapPWbYrNhlr29P3OSDwDjTprKd6lhQ+8o/hBT+wRJEzK2xYw70AQ==
X-Received: by 10.237.35.84 with SMTP id i20mr31096465qtc.247.1484550567314; Sun, 15 Jan 2017 23:09:27 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Sun, 15 Jan 2017 23:09:26 -0800 (PST)
In-Reply-To: <SYXPR01MB16150F4D3D19CC69D18E1A09E57D0@SYXPR01MB1615.ausprd01.prod.outlook.com>
References: <SYXPR01MB161520224A59CDCE0D433A2CE57A0@SYXPR01MB1615.ausprd01.prod.outlook.com> <CABkgnnUo-tf69AzJC=OUy2rjDZwedTd5Ua9mhOiJBqaA0VKrYw@mail.gmail.com> <SYXPR01MB16150F4D3D19CC69D18E1A09E57D0@SYXPR01MB1615.ausprd01.prod.outlook.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 16 Jan 2017 20:09:26 +1300
Message-ID: <CABkgnnV_OatRWyZBE3Rak22gS1jrOZKjCGwOePpbqJCAeJFM4Q@mail.gmail.com>
To: "Manger, James" <James.H.Manger@team.telstra.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.216.175; envelope-from=martin.thomson@gmail.com; helo=mail-qt0-f175.google.com
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: AWL=0.120, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1cT1QP-0000KS-DO 211d7724aa5be1381f7c60f0eb7d5097
X-Original-To: ietf-http-wg@w3.org
Subject: Re: aes128gcm: why verify padding?
Archived-At: <http://www.w3.org/mid/CABkgnnV_OatRWyZBE3Rak22gS1jrOZKjCGwOePpbqJCAeJFM4Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33289
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 16 January 2017 at 14:06, Manger, James <James.H.Manger@team.telstra.com> wrote: > Improvement 2 is actually much better for this. The "internal" length (padding length) is calculated mod (external length - 2) so it can never be too large. A better scheme would be to pad with an arbitrary number of zeroes, then a terminal non-zero value. That could be at the end, like in TLS. It also allows for lower overhead and arbitrary amounts of padding. But I'd like to hear whether other people think that this is worth fixing.
- aes128gcm: why verify padding? Manger, James
- Re: aes128gcm: why verify padding? Martin Thomson
- RE: aes128gcm: why verify padding? Manger, James
- Re: aes128gcm: why verify padding? Martin Thomson
- RE: aes128gcm: why verify padding? Manger, James
- Re: aes128gcm: why verify padding? Ilari Liusvaara
- RE: aes128gcm: why verify padding? Manger, James
- Re: aes128gcm: why verify padding? Martin Thomson
- RE: aes128gcm: why verify padding? Manger, James
- Re: aes128gcm: why verify padding? Martin Thomson
- RE: aes128gcm: why verify padding? Manger, James
- Re: aes128gcm: why verify padding? Ilari Liusvaara
- RE: aes128gcm: why verify padding? Manger, James
- Re: aes128gcm: why verify padding? Martin Thomson
- RE: aes128gcm: why verify padding? Manger, James