Packet Number Encryption outside of AEAD

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Thu, 26 July 2018 06:21 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE89A130DF2 for <quic@ietfa.amsl.com>; Wed, 25 Jul 2018 23:21:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tliiLvI_pvc3 for <quic@ietfa.amsl.com>; Wed, 25 Jul 2018 23:21:48 -0700 (PDT)
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE9F5130DC2 for <quic@ietf.org>; Wed, 25 Jul 2018 23:21:47 -0700 (PDT)
Received: by mail-it0-x22b.google.com with SMTP id 72-v6so1266672itw.3 for <quic@ietf.org>; Wed, 25 Jul 2018 23:21:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:date:message-id:subject:to; bh=a5T/VlWp8XpoCviFG9y55uKCaXfH79+1hZDHFVAaoRY=; b=Nym+M3HSB1tDUPMQRLK7pb4P4HFSbPQRazX4vfJSPE3zD05yOasmV2ipoCb9FJYxBl IkDz2RSZoOKxvDMWrMLUpnGccOgVVM1DQD3+OJpB8bCBcu3rVz51nDNv6KuLzLRrrKAz myZjm6crKrRE3ih5qhrPGS5cz3O5kfvEju3vPZCNnJ96ZmyAJNOX+4H+S7MiwuUV3jxi ms4g9+2tkuK4FcFKBvXijQDpQflZfGtDpPd13ELM/2YeOaojqd9+kqxY8YdlL2lbngVA wdKUiNc2nXBuwkVBNeFGsZVNKBwsIyigowSF2u0+iL8j8r1BSy20MnCpbLOonHuyH1MF tDlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:date:message-id:subject:to; bh=a5T/VlWp8XpoCviFG9y55uKCaXfH79+1hZDHFVAaoRY=; b=UXMTOihFIvaxhWw1FCiQeRVjKi6NWrSdgfe+KHXTxTtK5/FUcsrDBmk+fpT+if9ndh biXFxHfxbOA9XOfZ6Ygn0nn23DTKBS1md1kLhdZUIC/R8QQ/XLOSgFFvAvCjTu515160 KtxGGH0EFsyqH1ndzKPwQcKAx32Gyi8VFFidDPFOt+tYRJLmJ9Yae2iYL3Nqr14JAX4W TJKOsipdQgB0KvE52gvLinkpT6R9gPlopxIip0XIu3GiPkiClI3+TW4FOrzKTR5PE/GX kffKF+hcl8z65FdU6/2/VmtJ7pV/KjFNxsgQrYPDTQvG2zq2/UuqSCE4CMJoPXOKIVq5 4Pcg==
X-Gm-Message-State: AOUpUlEFpjUfkf4QI0CKI2k52IuNnpsbQiAaaWimOVq49TK92/wM7+4F qjhvLQmqZsgGFae+DyZnK+8Z+CL/A4SGlH9D8sWm0w==
X-Google-Smtp-Source: AAOMgpfhKA315M9vP8ZbLjo+qJYIWmdC9hqyUm9QIcO1tcJ5SScudarN7SGutlCXg+vdjFzcoPJSo2nbWy1q5vQ3lWY=
X-Received: by 2002:a24:4ecb:: with SMTP id r194-v6mr829233ita.39.1532586107042; Wed, 25 Jul 2018 23:21:47 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 25 Jul 2018 23:21:46 -0700
From: =?UTF-8?Q?Mikkel_Fahn=C3=B8e_J=C3=B8rgensen?= <mikkelfj@gmail.com>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Wed, 25 Jul 2018 23:21:46 -0700
Message-ID: <CAN1APdcCdPGVEHJh4FiQBirunHUxY7HV_idYPtyQT09Fe-fSUw@mail.gmail.com>
Subject: Packet Number Encryption outside of AEAD
To: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007f82420571e1020e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/UHbY1j9CZsdo_krV6n0p4LdF_ek>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 06:21:50 -0000

I created the following issue a while ago but go no response, so perhaps it
should have been discussed on this list:

https://github.com/quicwg/base-drafts/issues/1578

The issues covers the point, but in summary:

If the packet format is kept as it is today, but the packet number is not
included in the authenticated data when computing the AEAD tag, then the
decoder need not modify the received packet buffer when decoding the packet
number. This can lead to more efficient hardware implementations and make
multi-processor buffer sharing more effective.

Mikkel