Re: Forgery limits in QUIC

Dirkjan Ochtman <dirkjan@ochtman.nl> Fri, 01 May 2020 19:47 UTC

Return-Path: <dirkjan@ochtman.nl>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BD293A1B8D for <quic@ietfa.amsl.com>; Fri, 1 May 2020 12:47:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vysG8ZfQeXqE for <quic@ietfa.amsl.com>; Fri, 1 May 2020 12:47:49 -0700 (PDT)
Received: from enrai.xavamedia.nl (enrai.xavamedia.nl [217.115.195.245]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F4AA3A1B84 for <quic@ietf.org>; Fri, 1 May 2020 12:47:21 -0700 (PDT)
Received: from mail-vs1-f54.google.com (mail-vs1-f54.google.com [209.85.217.54]) by enrai.xavamedia.nl (Postfix) with ESMTPSA id 21122900098 for <quic@ietf.org>; Fri, 1 May 2020 21:47:20 +0200 (CEST)
Received: by mail-vs1-f54.google.com with SMTP id s11so6989833vsq.13 for <quic@ietf.org>; Fri, 01 May 2020 12:47:20 -0700 (PDT)
X-Gm-Message-State: AGi0PuZWx/IGHsfGvOxvv1QcRtuoQG+2bB4de2AmfISGYJqW1HZKXQrQ tDm/A3ORdLYn76B9qtk9J3WqTl8mcoEN2U9qyC0=
X-Google-Smtp-Source: APiQypKdENlj3Tyrf9/Yu694dNP6CdgfrxNY3ATnoqZLT4cBYvBF8GWS2TL8A1OzgQ/OkcFXjjUmVsGLePwNUHoNLn4=
X-Received: by 2002:a67:1903:: with SMTP id 3mr4466917vsz.22.1588362438367; Fri, 01 May 2020 12:47:18 -0700 (PDT)
MIME-Version: 1.0
References: <c32379cb-43c1-4db8-9f0a-b7294085dd6d@www.fastmail.com> <d7f385d4-b6cb-4565-ba35-4c096239fd34@www.fastmail.com>
In-Reply-To: <d7f385d4-b6cb-4565-ba35-4c096239fd34@www.fastmail.com>
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Fri, 1 May 2020 21:47:07 +0200
X-Gmail-Original-Message-ID: <CAKmKYaBUfNQtxLEq+jmPiM7gUo0an5Fgf-JPJairx7vDOeFmQw@mail.gmail.com>
Message-ID: <CAKmKYaBUfNQtxLEq+jmPiM7gUo0an5Fgf-JPJairx7vDOeFmQw@mail.gmail.com>
Subject: Re: Forgery limits in QUIC
To: Martin Thomson <mt@lowentropy.net>
Cc: QUIC IETF mailing list <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e9e01f05a49b72c0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Ylmdr2DYkS9-BqH3jgFo2APnIrE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 19:47:53 -0000

On Fri, May 1, 2020 at 8:15 AM Martin Thomson <mt@lowentropy.net> wrote:

> I realize that this is a fairly dramatic change, but I think we need to
> hold our ciphers to a high standard.  I will attempt to find an analysis
> myself, as I would expect it to exist, but I have a poor history of success
> finding the right cryptographic paper.  If anyone is able to provide
> pointers, that would be appreciated.
>

FWIW, Quinn already doesn't support CCM, so this would be a no-op for us.
Might be interesting to poll if other implementations even support CCM
today?

Thanks for working on this,

Dirkjan