Re: [quicwg/base-drafts] Use the same KDF regardless of TLS version (#2034)
MikkelFJ <notifications@github.com> Wed, 21 November 2018 20:48 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C679130DC5 for <quic-issues@ietfa.amsl.com>; Wed, 21 Nov 2018 12:48:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Level:
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id at_w6ufcbqdV for <quic-issues@ietfa.amsl.com>; Wed, 21 Nov 2018 12:48:39 -0800 (PST)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B04A1127B4C for <quic-issues@ietf.org>; Wed, 21 Nov 2018 12:48:39 -0800 (PST)
Date: Wed, 21 Nov 2018 12:48:38 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1542833318; bh=pq50hY5acmc3AB4x9eO87+WBgfhbSDiywuDjPKjKIYk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=TWh5N9gSjPjDeHiEHWuuoDmxVtSm0mhTw02VAoy3EeyFmjoGXe0YdmEjxQSgvlDCd 67vDIkniIjFNAXopULudgUZU4eUI/YO9BpkNmVxakhZjS1OVU3fOJHyExRtUyKQ9u+ mIOz4es03Ve/SgdkOo89XYYCqB2z+piQ7+RS0WE0=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab61702cd33b4c16669213272d9a5b2278d349cdcb92cf00000001180d86a692a169ce16d3c410@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2034/c440803911@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2034@github.com>
References: <quicwg/base-drafts/pull/2034@github.com>
Subject: Re: [quicwg/base-drafts] Use the same KDF regardless of TLS version (#2034)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bf5c4a6aba8d_1d823fa408cd45c4828a3"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Fngsdat3euCoDde9jrB_6P6iGLg>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 20:48:41 -0000
HKDF is generally designed to strengthen weak input data. With a strong session key AES-CTR could be used instead of a HMAC HKDF to derive traffic keys. To separate QUIC versions, the session key could be version saltet. Maybe HMAC is better at protecting against weak session keys due to bad PRNGs or side-channels, but I doubt it. If a general solution is sought, some consideration ought to be directed towards versions that do not use TLS crypto. For example a version that uses a much smaller/faster crypto subset. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/2034#issuecomment-440803911
- [quicwg/base-drafts] Use the same KDF regardless … Martin Thomson
- Re: [quicwg/base-drafts] Use the same KDF regardl… Kazuho Oku
- Re: [quicwg/base-drafts] Use the same KDF regardl… Martin Thomson
- Re: [quicwg/base-drafts] Use the same KDF regardl… Kazuho Oku
- Re: [quicwg/base-drafts] Use the same KDF regardl… MikkelFJ
- Re: [quicwg/base-drafts] Use the same KDF regardl… Martin Thomson
- Re: [quicwg/base-drafts] Use the same KDF regardl… Kazuho Oku
- Re: [quicwg/base-drafts] Use the same KDF regardl… MikkelFJ
- Re: [quicwg/base-drafts] Use the same KDF regardl… Martin Thomson
- Re: [quicwg/base-drafts] Use the same KDF regardl… janaiyengar
- Re: [quicwg/base-drafts] Use the same KDF regardl… Marten Seemann
- Re: [quicwg/base-drafts] Use the same KDF regardl… Alessandro Ghedini
- Re: [quicwg/base-drafts] Use the same KDF regardl… Martin Thomson
- Re: [quicwg/base-drafts] Use the same KDF regardl… ekr
- Re: [quicwg/base-drafts] Use the same KDF regardl… Martin Thomson
- Re: [quicwg/base-drafts] Use the same KDF regardl… MikkelFJ
- Re: [quicwg/base-drafts] Use the same KDF regardl… MikkelFJ
- Re: [quicwg/base-drafts] Use the same KDF regardl… MikkelFJ
- Re: [quicwg/base-drafts] Use the same KDF regardl… ekr
- Re: [quicwg/base-drafts] Use the same KDF regardl… Martin Thomson