[TLS] Consensus for AEAD IV

Joseph Salowey <joe@salowey.net> Fri, 24 April 2015 17:10 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 104E41B37BE for <tls@ietfa.amsl.com>; Fri, 24 Apr 2015 10:10:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id aaR9stb-C70R for <tls@ietfa.amsl.com>; Fri, 24 Apr 2015 10:10:29 -0700 (PDT)
Received: from mail-qk0-f172.google.com (mail-qk0-f172.google.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0D9E1B37BC for <tls@ietf.org>; Fri, 24 Apr 2015 10:10:28 -0700 (PDT)
Received: by qkx62 with SMTP id 62so33935704qkx.0 for <tls@ietf.org>; Fri, 24 Apr 2015 10:10:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=suLlgGm9881WjWfku4yh7xrddnVyMsCaA1QkDDGR0TE=; b=JmEj4l7bTirtu1iXkC9silO5dP/0nw2qpn3xEoxDm763YdcU8q6ZiKuLxZLDgaXYQL g0X7NAn4PSkK/ovmETvhu9JYCpebfrhWRCNNWiv42VsnqyEjTtqkOOfLGbO7wNwQS8XH RKoUoGrYovZm2jAsyXO4mGLB94SAwdfCGjwNr9ekTGrmf22bMBmzKRI701Y600mjxZUm Kvjnwj2uAVkJCA59LZpaMVP+4qCbjR5Jksbujx7YXNgPN5epKQTTe6O/12TpXkvVDwjt JfLLnMTtpKVwnJyWPpBQZf+PysvAzpMCscTI8GRpT8C2DWfbGtfyzmJoCtjiZd+co0By ykCw==
X-Gm-Message-State: ALoCoQkt4YT5Z4xb2bHIqZg64XtbddEbwi2GNw0PC9OuVUnTYACQLBiBOfn6MXHmSZgmgtLrVll5
MIME-Version: 1.0
X-Received: by with SMTP id f12mr17207511qkh.87.1429895428100; Fri, 24 Apr 2015 10:10:28 -0700 (PDT)
Received: by with HTTP; Fri, 24 Apr 2015 10:10:28 -0700 (PDT)
X-Originating-IP: [2601:8:b300:a5:1443:ca81:e5b1:e93e]
Date: Fri, 24 Apr 2015 10:10:28 -0700
Message-ID: <CAOgPGoC14uhjrZAQvDHFQrJoyoVNELpNNd4+Hh==zwf9ipyY5g@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1147f3f40ee96b05147b79d6"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/6WULznOXo_ERx1bJ2qlDV2bdoYA>
Subject: [TLS] Consensus for AEAD IV
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2015 17:10:30 -0000

The general consensus on the list seems to prefer to derive "IV" and use it
to make the AEAD nonce less predictable. Most folks seemed to be OK with
this approach.    In Dallas, there was significant support for using the
derived "IV" as a per session XOR mask for the counter.  If you have
objections to this approach please respond on the list by May 1, 2015 .