IETF Logo Mail Archive

[quicwg/base-drafts] Clarify header protection sampling (#4404)

Paul Mabileau <notifications@github.com> Sat, 21 November 2020 20:52 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E0E03A0D7E for <quic-issues@ietfa.amsl.com>; Sat, 21 Nov 2020 12:52:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.1
X-Spam-Level:
X-Spam-Status: No, score=-3.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzVJ9sBJZ_ge for <quic-issues@ietfa.amsl.com>; Sat, 21 Nov 2020 12:52:26 -0800 (PST)
Received: from smtp.github.com (out-18.smtp.github.com [192.30.252.201]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8A273A0D81 for <quic-issues@ietf.org>; Sat, 21 Nov 2020 12:52:25 -0800 (PST)
Received: from github.com (hubbernetes-node-eaeaa25.va3-iad.github.net [10.48.114.25]) by smtp.github.com (Postfix) with ESMTPA id 24242340081 for <quic-issues@ietf.org>; Sat, 21 Nov 2020 12:52:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1605991945; bh=1ODyfFJ1GhxwMu16uyRJctUoJmCCyaG4lZYJh37KPh8=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=BvF74iTB5MKMXRQCpK2UFp08+fGZhb0lP6md7Qdkfrk/XOC5tkaAfYw6U35KsoPRS 0J54LSPMVe11P+HcTYh1ssQaqrISXx5nFXhCI3vFOjs7WvgT913X6nMaLJ7pafsqUo XUJwFK0TyusUIfuviQlcC5TmxBujWHHA0E6EitUQ=
Date: Sat, 21 Nov 2020 12:52:25 -0800
From: Paul Mabileau <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK6NF6EPB2PRZ7KIHS55YVPQTEVBNHHCZFY5AU@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/4404@github.com>
Subject: [quicwg/base-drafts] Clarify header protection sampling (#4404)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5fb97e092663d_660519b41402d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: PaulDance
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/OmQ_n5gddJGZW-hoOUMEHXFBbUU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Nov 2020 20:52:27 -0000

Hello gentlemen!

The header protection sampling (HPS) is quite simple, as it is just selecting 16 bytes out of the encrypted payload, but we think the current description is really confusing.

Indeed, section 5.4.2 explains the process with pseudocodes computing an offset relative to the beginning of an entire packet which payload is the encrypted one. However, when applying the AEAD function, one cannot do it in-place, so additional allocation must be reserved in any case. Therefore, one most probably has access to the encrypted payload separately from the unprotected packet, headers and payload.

Thus, this PR proposes two things, split in different commits:
 * Clearly and explicitly specify the two already-existing pseudocodes sample from an entire packet.
 * Add another pseudocode explaining how the sampling can be achieved for both short-header and long-header packets.

We have not changed or removed any existing content however, as we believe this draft could use some more explanations and clarifications here and there, rather than less with confusing elements, even if it means a bit of duplication.

Please tell us if there is any form of typo, wrong wording, grammatical issue or just general mistake, especially concerning the new pseudocode.

Hope this helps.
Cheers,
Paul.
You can view, comment on, or merge this pull request online at:

  https://github.com/quicwg/base-drafts/pull/4404

-- Commit Summary --

  * Add paragraph explaining `packet` in 5.4.2 HPS
  * Add pseudocode explaining HPS relative to ciphertext

-- File Changes --

    M draft-ietf-quic-tls.md (19)

-- Patch Links --

https://github.com/quicwg/base-drafts/pull/4404.patch
https://github.com/quicwg/base-drafts/pull/4404.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/4404

v2.23.0 | Report a Bug | By Email