IETF Logo Mail Archive

RE: Packet number encryption

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Fri, 09 February 2018 08:25 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD6A4126DEE for <quic@ietfa.amsl.com>; Fri, 9 Feb 2018 00:25:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id npN1Do5Jgn3G for <quic@ietfa.amsl.com>; Fri, 9 Feb 2018 00:25:08 -0800 (PST)
Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B547012420B for <quic@ietf.org>; Fri, 9 Feb 2018 00:25:08 -0800 (PST)
Received: by mail-it0-x22c.google.com with SMTP id i144so10022390ita.3 for <quic@ietf.org>; Fri, 09 Feb 2018 00:25:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to; bh=YkDotoDvHp+7hzhsYzUCX/iOLPgqAVPCYZVlmhckhsU=; b=OwD9UMIqdCSkpinM0w+6p2JslbDbbY1hV+aq/Ozq7gllhswGQ7U410adW4XewisQIA 7r7/YKP/gYquWS4w25ePu+6LJi0f3t0rSD96Qfpm0Xt/i0wDwBxuaDPe90BJOC8dvKDb iXMdWUypTqjTFh0IYsG8oL6Qhu6Ab9pJeu9AnOiwXvhaaJpaKsxxhhPa2rRuBtSId9+6 ExdhgwtIbY7QCotHAAZrT8qwnxRYcDp3eRHl1+mkaHLm+0AFWhPwCHPt2OvKHLO74AZQ ULH/999nsj25I0cYDgeopda3I7lWUiivE52WH3hlI24dPZ0vAEnPbYU6USLhzr1V0d3a CcXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to; bh=YkDotoDvHp+7hzhsYzUCX/iOLPgqAVPCYZVlmhckhsU=; b=s0BFlaQXDb++Nvrpe+UbAweMnrokSBe9ll7zefdKGiMLG1c/dR5OYKcVQHNRvDWU/6 OLPM7SIbNNNnim+tf3pOSN9v/N/nEaN+/zY1Jj+mmzOdB+ftCDnHdmQKk9TUQjmCkQjO esSm4KkCtKIsVnqlpmlQyaHA3Pm5kS+Wn+p3ADMaqRF4mNwjeSDcUUQq6M1LUp6TeRlS JNwf2TwslZXA+doguDB50l2Is8dIdh//kyTlwtjnOSyQw7NyX1S/gi4HqGje4FASOR0/ pK8bPIWrl3R19m5DsGSmEZ1BXxLW4sXPQ/UizmGncGIwgudJ5umXeTWBD7BgHWSbaKm2 dzRg==
X-Gm-Message-State: APf1xPDeSYYJVGq7+ja0dUmgxdESjSd2sjiSOYJy6sEaLDmgR02rJc5y z9RvBBU/AzAYHnTKj+5MTj+ix+y6o113J0siKTScaA==
X-Google-Smtp-Source: AH8x2254HDc6FJ3T0EVC4UWyYl+xC3eD0/FPk6FfQWGH5n0jLKurYGkI+//HQh0kEvVvfJXpukSJalzG7/neotBxU/I=
X-Received: by 10.36.10.207 with SMTP id 198mr2425673itw.42.1518164708108; Fri, 09 Feb 2018 00:25:08 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 9 Feb 2018 03:25:07 -0500
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <CAN1APdfLV4byvUv8jftthPL_ducB6Hz8-u--JdLm9Fv7_xw1ow@mail.gmail.com>
References: <CABkgnnVyo3MmWtVULiV=FJTnR528qfY8-OmKGWAs0bCvri-a_g@mail.gmail.com> <CAGD1bZauKbucs_5n7RQbK8H2HiyfiqpGVEcKreGA6umhMBSFgg@mail.gmail.com> <CABcZeBPNrc-9vANSH02r++p53s6gN4pVB8DMd80nUxOhKTp3dA@mail.gmail.com> <CAKcm_gMvHSBhpUvsQCCkV2_o+d_wchF3R3L6H8mp6nKNaaRmSw@mail.gmail.com> <CY4PR21MB0133CCAA6807469BA983D00BB6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <CABkgnnW4xr_YzpsvCxaJJgcQdBTuX=Yv735_sdd4VoMfji8mbA@mail.gmail.com> <CY4PR21MB0133C759D4A08A4988B641B2B6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <bdf88936-8edc-d56e-ee59-c9d597058edd@huitema.net> <CY4PR21MB01337C8A700E58B49D90B712B6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <119b3276-5799-1cc3-8982-7479171bbf27@huitema.net> <CAOYVs2pi8-NVuS+crNMfjsP-n5upK3=5tPeQ8OSGpOvL6RTrjA@mail.gmail.com> <CY4PR21MB0133A1117B2733BBCF049C5FB6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <MWHPR08MB24327A7BB5AE1AE70FE5CDB1DAF30@MWHPR08MB2432.namprd08.prod.outlook.com> <533a0a2e-3a87-b55f-84ce-c52bc03cd81c@huitema.net> <MWHPR21MB0144C68102972A668611E1FCB6F20@MWHPR21MB0144.namprd21.prod.outlook.com> <CY4PR21MB01332141C3563ABBA240C566B6F20@CY4PR21MB0133.namprd21.prod.outlook.com> <MWHPR08MB2432EAF7D176BBFCA28DF3FFDAF20@MWHPR08MB2432.namprd08.prod.outlook.com> <CAN1APdeUzoxMaA-U6Ls4q_hw1b4BXZzwOCvo2dGm=s8YTokWAQ@mail.gmail.com> <CY4PR21MB0133F887774049426C51145DB6F20@CY4PR21MB0133.namprd21.prod.outlook.com> <CY4PR21MB0133F887774049426C51145DB6F20@CY4PR21MB0133.namprd21.prod.outlook.com> <CAN1APdfLV4byvUv8jftthPL_ducB6Hz8-u--JdLm9Fv7_xw1ow@mail.gmail.com>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Fri, 09 Feb 2018 03:25:07 -0500
Message-ID: <CAN1APdcL-C+2AbbZpUjr2D6_QX+1fu9hK4XO41uWgzS_5JZkaw@mail.gmail.com>
Subject: RE: Packet number encryption
To: Praveen Balasubramanian <pravb@microsoft.com>, Mike Bishop <mbishop@evequefou.be>, "quic@ietf.org" <quic@ietf.org>, huitema <huitema@huitema.net>
Content-Type: multipart/alternative; boundary="001a1144b828232efc0564c344bd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/agHOt3yD261BxQS_ffOJbCrNyNs>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2018 08:25:11 -0000

The lifetime is typically limited to about 2^32 bytes because AES-GCM says
so though

There is a limit in bytes per packet as well, but I actually I meant to say
2^32 invocations, i.e. distinct packets and nonces based on NIST
requirements, FWTW. IETF TLS requires IV’s (aka nonce) to be unique whereas
NIST allows for random IV but it must then use 96 bits and still not exceed
2^32 invocations.

Since IETF does not permit reuse, that random construct is out, and it
would also be using too much space.

http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf

v2.23.0 | Report a Bug | By Email