Re: [TLS] Data volume limits

Dave Garrett <davemgarrett@gmail.com> Wed, 16 December 2015 03:57 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81ABA1A6F30 for <tls@ietfa.amsl.com>; Tue, 15 Dec 2015 19:57:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUaTBWj2Gmxl for <tls@ietfa.amsl.com>; Tue, 15 Dec 2015 19:57:04 -0800 (PST)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 482191A6EFB for <tls@ietf.org>; Tue, 15 Dec 2015 19:57:04 -0800 (PST)
Received: by mail-qk0-x231.google.com with SMTP id u65so27391449qkh.2 for <tls@ietf.org>; Tue, 15 Dec 2015 19:57:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=CByVqD7GOcTvc848Wyn468GcRTsGIH4vbHb5HBwDAA4=; b=w0z3SvboKs6RshcRklyztzozHG4Zo6ajamLWaSg+vEb+r59WnIRmjJG33idk9c+rDz +u3J7bUWpnyeUd3jDrbDMVb5hfug7/i+vR2r9DIc3n3MOOBgqIsAMgOIT3qkp89TTHqw 5fNe39V9jdjvXrvKADzqcrUR0a9m726JRsSd0jLOU41Xbuwv/Es0WZO3aZO3x+VBfyvY QrzohAwLyBsqr8HfYRjaUpg2gL4ITf2ujjGJsRQCoqmEicYHwp8nlgLm5jvTwEwzCmy4 ydMsi0+uoDLOtYgEH4P83chH9r2zU2N8rxuqZKTF6LbbN+0PLMEYU4lJRFqP2dgSJ2ei N3Og==
X-Received: by 10.55.79.207 with SMTP id d198mr53367199qkb.49.1450238223495; Tue, 15 Dec 2015 19:57:03 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-94-152-197.phlapa.fios.verizon.net. [72.94.152.197]) by smtp.gmail.com with ESMTPSA id j36sm1878542qgd.46.2015.12.15.19.57.02 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 15 Dec 2015 19:57:02 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Tue, 15 Dec 2015 22:57:01 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABcZeBNR76DqPo0Mukf5L2G-WBSC+RCZKhVGqBZq=tJYfEHLUg@mail.gmail.com> <CABkgnnU67_rsVEWKg_ckaYXcZhiXNEgku4ntaZTF3nTYSMZGsg@mail.gmail.com>
In-Reply-To: <CABkgnnU67_rsVEWKg_ckaYXcZhiXNEgku4ntaZTF3nTYSMZGsg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201512152257.01966.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/4tMlFTJU9zPbhklNEF6pPqmls6I>
Subject: Re: [TLS] Data volume limits
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2015 03:57:05 -0000

On Tuesday, December 15, 2015 09:40:41 pm Martin Thomson wrote:
> In light of that, the actual limits don't matter that much to me.  As
> David McGrew suggested, set a limit at 2^32 and avoid having to think
> too hard about how close to the failure point you might be.

+1

In fact, if we're OK with setting this rather low threshold, then we could even get rid of the rekey signal entirely and just have an automatic rekey after every 4GiB for all ciphers. That'd be one less complexity to deal with. Rekeys would be routine.


Dave