Re: [quicwg/base-drafts] Add retry integrity tag (#3120)

MikkelFJ <> Thu, 31 October 2019 08:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 71607120883 for <>; Thu, 31 Oct 2019 01:52:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.382
X-Spam-Status: No, score=-1.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QjkmGYh--aNW for <>; Thu, 31 Oct 2019 01:52:36 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E9E1412086A for <>; Thu, 31 Oct 2019 01:52:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=SZnzRbv8QQf9nr6aKRbSfvWorh2pzzdYIxswPgbSKY4=; b= QHXUXYzjOHKvXw/a//TdBUlFLkNqPTyskv4hWLGqej4exGwcNEyz+KjcQhZwe3nn mnP6JPr6WCOsHn69MwMUB+2NBxtX4zY0t7/B/fp73mz+2mMTVO3KJiwdiTwAbbCr yeFUlexY3OQK9ILynXQIEvK2efScs93Ov1Z5VbzmESA=
Received: by with SMTP id filter1439p1las1-15147-5DBAA0D2-15 2019-10-31 08:52:34.670619897 +0000 UTC m=+225014.343830264
Received: from (unknown []) by (SG) with ESMTP id EA_JXLzYTi6Quwb0aKxGaA for <>; Thu, 31 Oct 2019 08:52:34.542 +0000 (UTC)
Received: from (localhost []) by (Postfix) with ESMTP id 75C241E06D1 for <>; Thu, 31 Oct 2019 01:52:34 -0700 (PDT)
Date: Thu, 31 Oct 2019 08:52:34 +0000
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3120/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add retry integrity tag (#3120)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dbaa0d274046_31c13fd1cbccd96885740"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak32Vcpt3lOzTUsZAeVRSzjPVUE6BNdGJzHxag ALL95k+n74z2pKry1E93qak+0pMg9YymoM8zJ85hM7YHM8JniAy07OSVM1agnKHjjhiEPxVFNdMJGC 8RbZHPoQuWMdYKLy9rHNMJ75OfL6yDctY9tYz8TocKo0yWbpvw2lKejxJIdpn30Plu5apA/4sgjFG/ o=
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 31 Oct 2019 08:52:37 -0000

XOR'ing with zero keys provides no confidentiality and just adds overhead. It is fine to use AES-GCM to tap into the GHASH logic by adding only authenticated additional data. But requiring a large static buffer of zero encrypted data is just overhead. For servers it harms expensive L1 cache and for embedded devices it would require encryption as usual.

As I said before GHASH is not the ideal hash for broader use, but given what we have it makes sense for authenticated additional data.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: