Re: [TLS] Data volume limits

Aaron Zauner <azet@azet.org> Fri, 01 January 2016 06:35 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2046D1A1A60 for <tls@ietfa.amsl.com>; Thu, 31 Dec 2015 22:35:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IxLctpdKx8yq for <tls@ietfa.amsl.com>; Thu, 31 Dec 2015 22:35:33 -0800 (PST)
Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 244ED1A1A34 for <tls@ietf.org>; Thu, 31 Dec 2015 22:35:33 -0800 (PST)
Received: by mail-wm0-x22e.google.com with SMTP id l65so100033418wmf.1 for <tls@ietf.org>; Thu, 31 Dec 2015 22:35:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=REE2nDTmUUFD81bBxStxPttB8efwrWiJSxyF+HOzb0w=; b=jU0pwtC0uaue3Yy7/1G18f+UI9g7+KAkXIPnxJLjV6lsK3PvjORJhE0BNA9ZlL54IY knLuPcxMvZ7QiyvOVIslnKcBhS0DoWO39Zftcv/qdJmGXDOIWUtSTfcOrOnT1uyc9zB5 SJmUACq9PQW7JkUIF8Hj0Qa0A1db7IEn9uVg8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=REE2nDTmUUFD81bBxStxPttB8efwrWiJSxyF+HOzb0w=; b=HJChtxrKKUp7O/l6bbXLqnnhzlo1ZgEJRCdXaYeKpuR/m5fMUW4Aw0JsROHvLp+KRX 1ab+yiKMm3aLgP7DGbvy1xgp0qcANHxvDnB+/wLFPzoLZqBCoPue35bIjWI8/ASKHQyt ST/g1QD63hlaUaNp/dL7esYhNQszSH6HpNjphvGl3i5n5ukrVLS2J8D8QFx5qEhvbVEM Egm2IprhCnOdTRVs2KaV4VfWI9W+iix8tgKPZhDFvIQlIrjOYwFtLZ2EVhIlVk5/vDvK p00OcQNwoUNczxlhTeDVwtgjd/3PlcQKEcqV9NI5xLwQOnpKEDGWHfrwMmOLYvyLWsPn nSDA==
X-Gm-Message-State: ALoCoQmvBCPktJ57bKySHUkGhOcgHtRDqDer72UFlmh5YDY07e/dFrbNQ7kluIcVoSHtqdYxFkf2itAvsGCvt8sKNZiR+yZZ7A==
X-Received: by 10.194.120.226 with SMTP id lf2mr79672748wjb.108.1451630131618; Thu, 31 Dec 2015 22:35:31 -0800 (PST)
Received: from typhoon.azet.org (chello080108049181.14.11.vie.surfer.at. [80.108.49.181]) by smtp.gmail.com with ESMTPSA id u4sm72059095wjz.4.2015.12.31.22.35.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Dec 2015 22:35:30 -0800 (PST)
Date: Fri, 1 Jan 2016 07:35:41 +0100
From: Aaron Zauner <azet@azet.org>
To: Simon Josefsson <simon@josefsson.org>
Message-ID: <20160101073508.4dd10442c5@ebeb88ce88adeb8>
References: <CABcZeBNR76DqPo0Mukf5L2G-WBSC+RCZKhVGqBZq=tJYfEHLUg@mail.gmail.com> <87twnibx5p.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="PEIAKu/WMn1b1Hv9"
Content-Disposition: inline
In-Reply-To: <87twnibx5p.fsf@latte.josefsson.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/0BxjpieNt-dRt2KYwR4xJm7NSms>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Data volume limits
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jan 2016 06:35:35 -0000

Hi,

* Simon Josefsson <simon@josefsson.org> [16/12/2015 09:44:55] wrote:
> I don't like re-keying.  It is usually a sign that your primitives are
> too weak and you are attempting to hide that fact.  To me, it is similar
> to discard the first X byte of RC4 output.
> 
> If AES-GCM cannot provide confidentiality beyond 64GB (which would
> surprise me somewhat), I believe we ought to be careful about
> recommending it.
> 

I unequivocally concur here.

This might be a good time to point again to my existing AES-OCB
draft that hasn't really seen a lot of discussion nor love lately.
It expired but I've recently updated the draft (not yet uploaded
to IETF as I'm waiting for implementer feedback from two particular
sources). The update has something to do with how GCM is implemented
in some stacks though, see:
https://github.com/azet/draft-zauner-tls-aes-ocb/commit/26c2fff7808fc88bf47e5d097f2ff5ca23201029

Aaron