Re: [quicwg/base-drafts] Forgery limits on packet protection (#3619)
Martin Thomson <notifications@github.com> Wed, 06 May 2020 07:08 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8652C3A0798 for <quic-issues@ietfa.amsl.com>; Wed, 6 May 2020 00:08:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.48
X-Spam-Level:
X-Spam-Status: No, score=-6.48 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VqV3YWTHs05u for <quic-issues@ietfa.amsl.com>; Wed, 6 May 2020 00:08:41 -0700 (PDT)
Received: from out-22.smtp.github.com (out-22.smtp.github.com [192.30.252.205]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 264B63A00C1 for <quic-issues@ietf.org>; Wed, 6 May 2020 00:08:41 -0700 (PDT)
Received: from github-lowworker-25680bd.va3-iad.github.net (github-lowworker-25680bd.va3-iad.github.net [10.48.17.61]) by smtp.github.com (Postfix) with ESMTP id 21A0DA043B for <quic-issues@ietf.org>; Wed, 6 May 2020 00:08:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1588748920; bh=gi7R7nu/2cYumUXXH5CMZdF+XHyN9NPRmZrMPAOkS+c=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=hub/o6JTMMBlTxLmTAAAJG+7Okcs9cEE1yQn//NHupwlNdTOnkutfKzYmMfWlFuJL QNhOLPsIbmEpqOq3iuoD3EmaPA0+oIvuoyi0eJ1LkmcKRAzKHFARKE6f1btu42h4zm VBAoN+LM5nl08uSLAUC/b3MmCRbCFXH858T4hvEw=
Date: Wed, 06 May 2020 00:08:40 -0700
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZPFXWLRDSH3OJM4SF4XZBXREVBNHHCIZC2Y4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3619/624479890@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3619@github.com>
References: <quicwg/base-drafts/issues/3619@github.com>
Subject: Re: [quicwg/base-drafts] Forgery limits on packet protection (#3619)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5eb2627812638_56553ff22accd95c7511a8"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/a9cr2W7_jTbsYY-qXnXOMHfigCM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2020 07:08:43 -0000
Thanks for checking this @fxguenther. I was a little concerned about the PRP/PRF split, so I'm glad to have you correct me. I ultimately went with per-AEAD recommendations, and a lower limit for CCM. That's mainly to establish some sort of uniformity around 2^-60 and 2^-57. Even if those are basically arbitrary choices, at least I think they are defensible and using them uniformly establishes the right expectations about what the standard is. I'm comfortable with specifying different limits for each AEAD in specifications. In practice, however, I expect that a far lower tolerance for forgery attempts. Assuming that these numbers work out, a review of the pull request would be greatly appreciated. If there are other relevant papers, I'm always happy to pull those in as well. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/3619#issuecomment-624479890
- [quicwg/base-drafts] Forgery limits on packet pro… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Nick Banks
- Re: [quicwg/base-drafts] Forgery limits on packet… martinduke
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Anthony Rossi
- Re: [quicwg/base-drafts] Forgery limits on packet… martinduke
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Antoine Delignat-Lavaud
- Re: [quicwg/base-drafts] Forgery limits on packet… Felix Günther
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Felix Günther
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson
- Re: [quicwg/base-drafts] Forgery limits on packet… Felix Günther
- Re: [quicwg/base-drafts] Forgery limits on packet… Martin Thomson