Re: [quicwg/base-drafts] handshake and 0rtt data in a single packet (#630)

Martin Thomson <notifications@github.com> Thu, 09 November 2017 22:15 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65CB2127077 for <quic-issues@ietfa.amsl.com>; Thu, 9 Nov 2017 14:15:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level:
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYNm1it6ytKc for <quic-issues@ietfa.amsl.com>; Thu, 9 Nov 2017 14:15:29 -0800 (PST)
Received: from o10.sgmail.github.com (o10.sgmail.github.com [167.89.101.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E18A11252BA for <quic-issues@ietf.org>; Thu, 9 Nov 2017 14:15:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=qQpkO/n3OZIMo9XmwO+AmGj5xiA=; b=pyQ/Y/YGmwldhU6X /yx4blvyZAy6fsXDP/TLz4LbV2W0PnPAmyrBdF7phZGDrqgu09YTeTmLG5l4pXK/ VRmZYEocgl8rWpdyg2p7Qj4PRythpWkSwTDE0s5kyoX6m92u799/uEUDh3x+IUXh 3FzzabeIcxip+nkJDUN3CnW7NFw=
Received: by filter0198p1iad2.sendgrid.net with SMTP id filter0198p1iad2-25372-5A04D37F-33 2017-11-09 22:15:27.828403459 +0000 UTC
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2b-ext-cp1-prd.iad.github.net [192.30.253.17]) by ismtpd0005p1iad2.sendgrid.net (SG) with ESMTP id KGIYBSx-T1Wmo139wrePyg for <quic-issues@ietf.org>; Thu, 09 Nov 2017 22:15:27.905 +0000 (UTC)
Date: Thu, 09 Nov 2017 22:15:27 +0000
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab7e210b26b2697e1079e58bdd41dcd0da6b9c70db92cf00000001161c957f92a169ce0e0bd8dd@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/630/343309522@github.com>
In-Reply-To: <quicwg/base-drafts/issues/630@github.com>
References: <quicwg/base-drafts/issues/630@github.com>
Subject: Re: [quicwg/base-drafts] handshake and 0rtt data in a single packet (#630)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5a04d37f10aa2_6e4e3fab8b0f6f382492bc"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
tracking:
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak3qxkdpunZBgBtHUSZtV6khVFuo/ucK2U4Wbl i2H2agSEIIdbHwzX5sfeT8GoUmnjIyNDQSeVaClY5KzpPFKqAM0U6R6WWtKN23Dj8Y/gRnFf6L+9i1 Wbtxn3cfm/GgcsFG9iCeWEL81Lb0wWnZW1NSw0nac4k3MWsoLDt3eMgQaobZii3LDYO+CuT+BPZncx E=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/uSQdEJat3_R5tA6OPKY_A0SZs0M>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2017 22:15:30 -0000

The analysis of TLS (some analysis, not all), rely on strict separation of proofs.  That means that the handshake is assessed independent of the record layer.  One condition of that proof is that the keys that the handshake produces are never used to protect the handshake.  Otherwise, the proofs get entangled as a result of needing to show that the record layer doesn't abuse the keys in ways that would compromise the record layer.

Actually, maybe this is OK in the sense that the AES-GCM isn't really encryption, or related to the handshake at all.

But the point remains, it's easier to add a length to the long header and pack multiple records in the same datagram (oops, those are DTLS terms, see DTLS for an example of how this works) than to do double encryption.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/630#issuecomment-343309522