Re: [MLS] [Metadata encryption]

Benjamin Beurdouche <benjamin.beurdouche@inria.fr> Thu, 31 October 2019 17:14 UTC

Return-Path: <benjamin.beurdouche@inria.fr>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09FFC120888 for <mls@ietfa.amsl.com>; Thu, 31 Oct 2019 10:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.201
X-Spam-Level: ***
X-Spam-Status: No, score=3.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=10, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9rypyvDJKtIW for <mls@ietfa.amsl.com>; Thu, 31 Oct 2019 10:14:21 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 367251200D7 for <mls@ietf.org>; Thu, 31 Oct 2019 10:14:20 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.68,252,1569276000"; d="scan'208";a="409834711"
Received: from aannecy-653-1-78-207.w90-41.abo.wanadoo.fr (HELO pc54.home) ([90.41.199.207]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Oct 2019 18:14:19 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3594.4.19\))
From: Benjamin Beurdouche <benjamin.beurdouche@inria.fr>
In-Reply-To: <CAPOUjt7qjPTF+sS9RmgDBN9N1K-90VUMomqTRHZcpoV6e7ybMw@mail.gmail.com>
Date: Thu, 31 Oct 2019 18:14:18 +0100
Cc: ML Messaging Layer Security <mls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <80EC298F-0E50-443D-B798-ADB880DE062A@inria.fr>
References: <CAPOUjt7zw=ULd5+RMK07T-Tif4A6ej7jBRY7M0NA=JhrwENtgw@mail.gmail.com> <24F9C4C5-EC56-4C77-8940-E2BF828F6265@inria.fr> <CAPOUjt7=a6PMVr+37J5s5reOUUzH7WanU8nBMFRxGXhavi8OGA@mail.gmail.com> <034A69CB-4C6D-4247-A04C-691A514BDD9E@inria.fr> <CAPOUjt7qjPTF+sS9RmgDBN9N1K-90VUMomqTRHZcpoV6e7ybMw@mail.gmail.com>
To: Pascal Junod <pascalj@snap.com>
X-Mailer: Apple Mail (2.3594.4.19)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/MgEp99zbcWjga2YfOXO74Xb-NFE>
Subject: Re: [MLS] [Metadata encryption]
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 17:14:23 -0000


> On Oct 31, 2019, at 4:43 PM, Pascal Junod <pascalj@snap.com>; wrote:
> 
> It does help, thank you! Still, the SenderDataAAD window could stop with "new field", this would decrease the number of AAD hashed bytes by 12 and be somewhat consistent with the ContentAAD window that does not contain the content nonce, right ?

Stylistically, maybe we could, but I liked having the explicit nonce under AEAD
just in case a malicious insider wants to play with it in some fancy ciphersuite.
It basically doesn’t cost much in terms of performance but might help us with
unforeseen cornercases … : )

B.