Re: [quicwg/base-drafts] Forgery limits on packet protection (#3619)
Martin Thomson <notifications@github.com> Wed, 06 May 2020 07:21 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F3373A0064 for <quic-issues@ietfa.amsl.com>; Wed, 6 May 2020 00:21:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.555
X-Spam-Level:
X-Spam-Status: No, score=-6.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZB2zBGm86qXA for <quic-issues@ietfa.amsl.com>; Wed, 6 May 2020 00:21:15 -0700 (PDT)
Received: from out-21.smtp.github.com (out-21.smtp.github.com [192.30.252.204]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F23E3A00AD for <quic-issues@ietf.org>; Wed, 6 May 2020 00:21:15 -0700 (PDT)
Received: from github-lowworker-cd7bc13.ac4-iad.github.net (github-lowworker-cd7bc13.ac4-iad.github.net [10.52.25.102]) by smtp.github.com (Postfix) with ESMTP id 63840A0D07 for <quic-issues@ietf.org>; Wed, 6 May 2020 00:21:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1588749674; bh=DQKhYXX72iQ2E+Y8iGS2ppP9w265lG9RhcrxOl5uTyg=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=YLBgmu6JfeOBDf02bgqgg3QMBNvd/xgUDPY8haT0gAByq2zoA+Kr90ZNchbI/iC4O 7hs6jkrGjxFruWJHnuKTRitCDaACvG6tOlJxIBzwMVkrZ5VH/MnuKi3Zyjukhexsm0 k5aNiKfdgi0yIvxgaVwQbUQeGcK/iZvEiqoVEWtg=
Date: Wed, 06 May 2020 00:21:14 -0700
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK4YNZKOZ7XL6XKOPHF4XZDGVEVBNHHCIZC2Y4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3619/624484456@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3619@github.com>
References: <quicwg/base-drafts/issues/3619@github.com>
Subject: Re: [quicwg/base-drafts] Forgery limits on packet protection (#3619)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5eb2656a53ddc_40c33fe0fb6cd95c118122f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/4CXUfgsIkFgRD1uKLjU_Uvpw31s>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2020 07:21:17 -0000
I realize that I didn't respond to @anrossi. That advice applies to the limits that TLS specifies already; this issue is primarily about responding to forgeries. That said, 1G is pretty good advice. However what we've seen from this analysis that 1G results in a lower safety margin than TLS aims for. But it's close enough that if the AEAD is as good as the set we have here, you are probably OK. However, this does depend a lot on the specific AEAD. I'd be uncomfortable using so simple a guide in the general case. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/3619#issuecomment-624484456
- [quicwg/base-drafts] Forgery limits on packet pro… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Nick Banks
- Re: [quicwg/base-drafts] Forgery limits on packet… martinduke
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Anthony Rossi
- Re: [quicwg/base-drafts] Forgery limits on packet… martinduke
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Antoine Delignat-Lavaud
- Re: [quicwg/base-drafts] Forgery limits on packet… Felix Günther
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Felix Günther
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Felix Günther
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson