Re: [quicwg/base-drafts] Include epoch in the AAD or the nonce? (#3661)
ekr <notifications@github.com> Tue, 19 May 2020 01:17 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81CE13A0FB7 for <quic-issues@ietfa.amsl.com>; Mon, 18 May 2020 18:17:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.153
X-Spam-Level:
X-Spam-Status: No, score=-0.153 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_16=1.048, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9w-c_1tG7ykE for <quic-issues@ietfa.amsl.com>; Mon, 18 May 2020 18:17:11 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E0E13A0FB6 for <quic-issues@ietf.org>; Mon, 18 May 2020 18:17:11 -0700 (PDT)
Received: from github-lowworker-3a0df0f.ac4-iad.github.net (github-lowworker-3a0df0f.ac4-iad.github.net [10.52.25.92]) by smtp.github.com (Postfix) with ESMTP id 70DEB960657 for <quic-issues@ietf.org>; Mon, 18 May 2020 18:17:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1589851030; bh=/ro5a/F8wNrogNtjN6jnlf+1kqtRvQcU5FMLvQOfEYw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=MfbyD5TLZnBXZ6q9PQirvOfn5Qip/ZSb/YHJ+YHcbM5guExGtpjjM9oPmkMSawA7Y xjLXfYzRylG4ciZG8De968nf/+g8+VjmmxjIBYOloLIZQ17UficFBozIKYYfGG0Kph C7hwXH5LJZU4lNH83x9WlxOj5HkxJdA/tp+Xi9Uk=
Date: Mon, 18 May 2020 18:17:10 -0700
From: ekr <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK4ZMY5ISRZMGQC4R754Z4KJNEVBNHHCJ2QBFM@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3661/630518297@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3661@github.com>
References: <quicwg/base-drafts/issues/3661@github.com>
Subject: Re: [quicwg/base-drafts] Include epoch in the AAD or the nonce? (#3661)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ec33396628bf_5fad3fe3128cd9649444d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/eM9jLj9ldFjans9gJAxnneV6CMQ>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2020 01:17:13 -0000
I think where TLS is going to land is with no change, because the nonce includes the full epoch. I have the same intuitions as you, but as you say they aren't formal. With that said, as you observed in our call today, it seems like there is an easy fix: both AES_GCM and ChaCha20/Poly1305 take a 96-bit nonce which we are just left-padding with 0s. If we are willing to restrict to <2^32 key changes, we could encode the epoch in those 0s, right? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/3661#issuecomment-630518297
- [quicwg/base-drafts] Include epoch in the AAD or … ekr
- Re: [quicwg/base-drafts] Include epoch in the AAD… ekr
- Re: [quicwg/base-drafts] Include epoch in the AAD… Kazuho Oku
- Re: [quicwg/base-drafts] Include epoch in the AAD… Martin Thomson
- Re: [quicwg/base-drafts] Include epoch in the AAD… ekr
- Re: [quicwg/base-drafts] Include epoch in the AAD… Martin Thomson
- Re: [quicwg/base-drafts] Include epoch in the AAD… Kazuho Oku
- Re: [quicwg/base-drafts] Include epoch in the AAD… Martin Thomson
- Re: [quicwg/base-drafts] Include epoch in the AAD… ianswett
- Re: [quicwg/base-drafts] Include epoch in the AAD… Felix Günther
- Re: [quicwg/base-drafts] Include epoch in the AAD… Lars Eggert
- Re: [quicwg/base-drafts] Include epoch in the AAD… ekr
- Re: [quicwg/base-drafts] Include epoch in the AAD… Lars Eggert
- Re: [quicwg/base-drafts] Include epoch in the AAD… David Schinazi
- Re: [quicwg/base-drafts] Include epoch in the AAD… Lucas Pardue
- Re: [quicwg/base-drafts] Include epoch in the AAD… Lucas Pardue
- Re: [quicwg/base-drafts] Include epoch in the AAD… Lucas Pardue