Re: [Sframe] Paul Wouters' Discuss on draft-ietf-sframe-enc-07: (with DISCUSS)
Richard Barnes <rlb@ipv.sx> Thu, 04 April 2024 13:25 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5151C1516E2 for <sframe@ietfa.amsl.com>; Thu, 4 Apr 2024 06:25:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.893
X-Spam-Level:
X-Spam-Status: No, score=-1.893 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dd48KFGYUNJn for <sframe@ietfa.amsl.com>; Thu, 4 Apr 2024 06:25:59 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00355C151707 for <sframe@ietf.org>; Thu, 4 Apr 2024 06:25:58 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id e9e14a558f8ab-36a00f48b35so1921465ab.0 for <sframe@ietf.org>; Thu, 04 Apr 2024 06:25:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20230601.gappssmtp.com; s=20230601; t=1712237158; x=1712841958; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ColLtWtZdmoGom4noTvHFa2hZlA36B3eYVD1iv/Gijs=; b=Gp6zkBurX17utDJZJyxc4Ziv05x/xASdKG3EmGLNZsxOJm6ALJBQo7vM+CFK58wZ1G lHsuQkq8UL1ci4ozZzV854/eDWiJZVF5eQe/zo6Y/MPLfvQjI845eV9sJE7M++w3U11U lFM70s7EGV73RShiafA7/0MJHMgJuDhL49JB38SyhRmUUKPibO3Tz5vjWuVXqf8AT7mu fLSNJ3kOTj6lp21qP1/L/SmQdDU3qJdDRoVpzpF1sebhRcx6BNlp9eU9R/b6PyePVedt g/xTAU/gXO2IQfpswknWhiF7QIfDBJWPrTzOZ8odUs6CfudhBBjmkwqYjbsYUI7lnSzi Jo6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712237158; x=1712841958; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ColLtWtZdmoGom4noTvHFa2hZlA36B3eYVD1iv/Gijs=; b=X0eb/i1XKrAS7Keh9ffZDz2ZdB9tIWZ4fSA+9QwzMWE21z4/anF2A1sbYvFLmFJXdY voOdm8/RRHkeLh6ySp9V6wlB28kj+Kv6VRYZpOySxh3hz/+EiWqdwsbT54tOcnOdHJB4 /nxoI/h5HU7pmmXdRXiXYj1IHpdbFF1eQinQfxFJg7BImjcUSUq3v3yeGTWM2Eqjl8AB thSELCdpT1otABSwD1V+rR7G9++OX1GurUBWSuIHMt7LwpAbZi8jFsL/KIRUEDf3dOqt hcL8gRi1mBTpCleuJw5bi7VWFl97rmC1kmKWwdZn725kaPnO8AsdNMnhC6+bFq9u1IUF HWiw==
X-Forwarded-Encrypted: i=1; AJvYcCV8tjPu/HEbzNSkwe0kmE+eWQPtiowO4gA7yaF9GyFKHE/vKL4Go6A3ZiclzqIVpyYW6P3onuIK1WtpCdMB5So=
X-Gm-Message-State: AOJu0Yw+P9eKyxlgqy1fWnDFnTWu1MgCQaO3RJJwQpWVqMziefPATIjH CAkcxUK9ZVJNFXqM6200pyAbKJfqhRUcyowdDwybVPJX7X6beGvYCEGwJXk8ybbGh9hXW88vGEZ EIYM0q+MlTFJzua+UdB29yXBVs4Gop97UelLVZw==
X-Google-Smtp-Source: AGHT+IE8PvKBeoB6XrMfWlZoYF6+/KKcKSxaldy0VKYWugN2X997VNdbbAbT+qby8oQudZwYLyD2CXCuLfllqjzUeZk=
X-Received: by 2002:a05:6e02:3d06:b0:368:9aa2:67dd with SMTP id db6-20020a056e023d0600b003689aa267ddmr2128161ilb.13.1712237157862; Thu, 04 Apr 2024 06:25:57 -0700 (PDT)
MIME-Version: 1.0
References: <171222827133.13678.14383922324724649943@ietfa.amsl.com>
In-Reply-To: <171222827133.13678.14383922324724649943@ietfa.amsl.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 04 Apr 2024 09:25:47 -0400
Message-ID: <CAL02cgSDNLi421WHFcxTFXA4Xm+fHW2Afnxq+O9p3jm7TUNYZQ@mail.gmail.com>
To: Paul Wouters <paul.wouters@aiven.io>
Cc: The IESG <iesg@ietf.org>, draft-ietf-sframe-enc@ietf.org, sframe-chairs@ietf.org, sframe@ietf.org, mt@lowentropy.net
Content-Type: multipart/alternative; boundary="00000000000090f3270615454747"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/u-GPLZkORMV-bo11VkGlYzDDTJk>
Subject: Re: [Sframe] Paul Wouters' Discuss on draft-ietf-sframe-enc-07: (with DISCUSS)
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 13:25:59 -0000
Hi Paul, Thanks for the review. Responses inline... On Thu, Apr 4, 2024 at 6:57 AM Paul Wouters via Datatracker < noreply@ietf.org> wrote: > 1) KID and CTR encoding > > Is there really much to be gained from the SFrame Header KID and CTR > encoding > for small values? For example an audio or video stream would almost > immediately > require the "extended encoding" for the CTR? I find it difficult to see the > advantage of this added complexity. > The compressed encoding is definitely useful for KID values. For small sessions (e.g., 1:1), you might never need more than a handful of KID values. The compressed CTR encoding is for parallelism, so that you can use the same code to process both KID and CTR. See also my response to John Scudder's COMMENT: https://mailarchive.ietf.org/arch/msg/sframe/ra0s-A7v9hMM2XBQpgSKj6wc4CQ/ > 2) Tag size > > What is the real gain of allowing shorter authentication tags? Even the > document itself states: > > Nonetheless, without these mitigations, an application that > makes use of short tags will be at heightened risk of forgery > attacks. In many cases, it is simpler to use full-size tags and > tolerate slightly higher bandwidth usage rather than add the > additional defenses necessary to safely use short tags. > > Why not simplify on just 1 tag size? > Media people love to complain about tags :) Audio streams in particular tend to send lots of really small packets, so a full GCM tag can add more than 25% to the bandwidth overhead. See the overhead analysis in Appendix C: https://www.ietf.org/archive/id/draft-ietf-sframe-enc-07.html#name-audio At the same time, as the document describes, it is possible to use short tags safely in some circumstances. So the WG decided to allow folks some flexibility. 3) IANA Considerations > > Have you considered splitting the ciphersuites into a part that > requires standards action and a part that is specification required? > > Related, have you considered using a RECOMMENDED column for ciphersuites, > where a RECOMMENDED=y can only be done via standards action? > Roman also raised something like this point in his NO OBJ: https://datatracker.ietf.org/doc/draft-ietf-sframe-enc/ballot/#draft-ietf-sframe-enc_roman-danyliw I filed a PR making following the same RECOMMENDED pattern as MLS and TLS: https://github.com/sframe-wg/sframe/pull/196
- [Sframe] Paul Wouters' Discuss on draft-ietf-sfra… Paul Wouters via Datatracker
- Re: [Sframe] Paul Wouters' Discuss on draft-ietf-… Richard Barnes
- Re: [Sframe] Paul Wouters' Discuss on draft-ietf-… Paul Wouters