Re: [TLS] Reducing record expansion overhead allowance

"StJohns, Michael" <msj@nthpermutation.com> Sun, 20 July 2014 14:52 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C19081B2818 for <tls@ietfa.amsl.com>; Sun, 20 Jul 2014 07:52:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zuspUf_AlKH7 for <tls@ietfa.amsl.com>; Sun, 20 Jul 2014 07:52:23 -0700 (PDT)
Received: from mail-qa0-f41.google.com (mail-qa0-f41.google.com [209.85.216.41]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFD681B2816 for <tls@ietf.org>; Sun, 20 Jul 2014 07:52:22 -0700 (PDT)
Received: by mail-qa0-f41.google.com with SMTP id j7so4480568qaq.28 for <tls@ietf.org>; Sun, 20 Jul 2014 07:52:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=UN76WBkqBWdcfCSNfos/elBq0VhYSemS62dOuwLMRwI=; b=WfGjolJG1oFppwl8hhBGggWMse8l79GgYFJTLBtwMz3f9r2CSyV3bWtfYKa/7rMlnH XuFarmenWAgF1s58m6hoL2CJNRZkPwjPTky27ah1qtvra6jtB8tnBOW8FyesZ34qHgaj gVYcI2f7bBeLxm67XK/2Jcu+4+od4ibWcdRYFPLmZTKzCv3X8AlcnctdOa5xbxt1fO2o KQKZ8j9FN504MVOUqVVJ6IeGSYIvn+QckJQVE1GfwkfLMiX8xzehNA8q0B/H5E5q0wST RlI9jW21Z6PBhShYLFJmPycCC/DHDpF1biO+Bexzr4d+janwAL/RapnDmn6uot5yK/4m rGGg==
X-Gm-Message-State: ALoCoQnybWUaEAHRdUv0kqPC9NoixvBEFGHmzHb7EWEsIe8PaeKidPeYfgWaECf3G+ZQn+RFnyki
MIME-Version: 1.0
X-Received: by 10.140.43.245 with SMTP id e108mr28679077qga.76.1405867941903; Sun, 20 Jul 2014 07:52:21 -0700 (PDT)
Received: by 10.140.108.75 with HTTP; Sun, 20 Jul 2014 07:52:21 -0700 (PDT)
X-Originating-IP: [172.56.2.41]
In-Reply-To: <CABcZeBODbabpOUgb431X3Xz_fB1KK8wn8-SMJgYZVE2V3oCLow@mail.gmail.com>
References: <CABcZeBODbabpOUgb431X3Xz_fB1KK8wn8-SMJgYZVE2V3oCLow@mail.gmail.com>
Date: Sun, 20 Jul 2014 10:52:21 -0400
Message-ID: <CANeU+ZCX4wGOPytP3qO80Q+6yq=TFCM0Xi9SMmxdMrveDv8ZCA@mail.gmail.com>
From: "StJohns, Michael" <msj@nthpermutation.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary=001a113a666447912304fea123c2
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/1Jv_EuQpe4eFOzw3TS1ZSP53JoY
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Reducing record expansion overhead allowance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jul 2014 14:52:24 -0000

The only other thing that hasn't been mentioned that was discussed at the
interim in Denver is padding for traffic analysis resistance. That could
hit 1k in size.  But since there's no proposal that's just a guess on size.


On Saturday, July 19, 2014, Eric Rescorla <ekr@rtfm.com> wrote:

> https://github.com/tlswg/tls13-spec/issues/55
>
> In TLS 1.2, we had the following maximum values:
>
> TLSPlaintext: 2^{14}
> TLSCompressed: 2^{14} + 1024
> TLSCiphertext: 2^{14} + 2048
>
> These overhead values allow for expansion in these transforms
> due to potential bad compression overhead or padding, etc.
>
> Wan-Teh Chang points out that we no longer have compression
> so there's no need to allow for 1024 bytes of expansion there.
>
> Minimally we should reduce the TLSCiphertext overhead to
> 2^{14} + 1024. Do people believe that we will have AEAD
> ciphers with 1024 bytes of expansion or should we reduce
> it further? I'm inclined to not re-judge that and just leave it
> at 2^{14} + 1024.
>
> Thoughts?
> -Ekr
>
>