Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).

Martin Thomson <martin.thomson@gmail.com> Wed, 01 March 2017 21:18 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C961F1296BF for <tls@ietfa.amsl.com>; Wed, 1 Mar 2017 13:18:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GLwdkcVqRWGB for <tls@ietfa.amsl.com>; Wed, 1 Mar 2017 13:18:22 -0800 (PST)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0A6F127076 for <tls@ietf.org>; Wed, 1 Mar 2017 13:18:22 -0800 (PST)
Received: by mail-qk0-x235.google.com with SMTP id n186so89876874qkb.3 for <tls@ietf.org>; Wed, 01 Mar 2017 13:18:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vrCITNjcd07mVfW48E4dyb9ZT0FeLYXbjNqQymK8pAM=; b=nOSw+LES7Hn4IE3qnSnU2cr5N87fh/JMcaEWSgZAGbNVJfXM2ydtWYuCcvod+6Y3Ei Svqadgsre21VVe3YAcb2/5u9C593pT7dSTsduhl81SY4zvQspaiBiF6Cx3Bqody88w0V J05zf/XIxzKVGRVN4PDYLTplulPCilod1OTw6GRd2GuoAasq8KC5yqLMjG3V5X9fYnXN ZlDzZcTlq27O/DjMiFIjkwmEv9gzMq+GdTEhYJEHrbwEKoPn1NwSpM1iquZDIIm0qGAb VNjWlSHnejSlQALXnZ+tOWdpD2jWajHdU+Z0NwVco9kMHhfTSqj2boSN+8+op3kaQYG/ zH9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vrCITNjcd07mVfW48E4dyb9ZT0FeLYXbjNqQymK8pAM=; b=p51+Up6YdEbL6BK1YllwUVoCIfu2muD1sNf98dEQyC5bj58l475x8PTdMEjSIg4dZT t9Qejr9/zxZibyeYe0uNVDXl52T0UPa2JLhC272HrvmaP4jivJQ+GSCph0aANIySfYwk H21RHEYR3d67F/CrF6XgoNf1VKXR31aPTVO3uw7MhOzWgeCUzGVnHtgowjONzUaGh8J/ J1UV/DFTn3Lr0wm3k6onCA3PO/GH6fAwUr3Rhkg0BQ9tUMsOmbVcYPGTRhAG+4Zrh7jT NzUNfUasSW5UBC+jLTevj9H1KYkTyp75Gh0sfTTUl4pDlV3DshS6GWbCEPWlDsllL8XA 5Rmw==
X-Gm-Message-State: AMke39kSFc99hCjRevon/ern8m4fe6G+LrfdyfEaMHWwof4PnsmZuKhSh3pW4jp666ewd0zAsTDwcbWeT49C+Q==
X-Received: by 10.200.46.208 with SMTP id i16mr12941392qta.13.1488403101872; Wed, 01 Mar 2017 13:18:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Wed, 1 Mar 2017 13:18:21 -0800 (PST)
In-Reply-To: <D4DC7F7F.3122D%qdang@nist.gov>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CY4PR09MB1464243342F19FCBE48C37E7F3550@CY4PR09MB1464.namprd09.prod.outlook.com> <26137F3B-5655-44CA-877E-7168CE02DBF1@azet.org> <D4DC341D.311E1%qdang@nist.gov> <2572E3FC-0139-4946-A12D-9D9509C402F1@azet.org> <D4DC4473.311F2%qdang@nist.gov> <D4DC8CDB.8A84E%kenny.paterson@rhul.ac.uk> <D4DC48E2.31204%qdang@nist.gov> <CACsn0cmf1AN1roDpQykoVJgqC-rhvauVwSEvokG9wiCNkk==yw@mail.gmail.com> <D4DC7F7F.3122D%qdang@nist.gov>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 02 Mar 2017 08:18:21 +1100
Message-ID: <CABkgnnVyYGqacWfOWhnO6WRnPebNV=T9+gLnnyo-+hkCN=SvGg@mail.gmail.com>
To: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/75CvBmXIoGAkzFPIg9kWRx9GJlw>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 21:18:23 -0000

On 2 March 2017 at 05:44, Dang, Quynh (Fed) <quynh.dang@nist.gov> wrote:
> OK. What is the percentage ? Even all records were small, providing a
> correct number would be a good thing. If someone wants to rekey a lot often,
> I am not suggesting against that.

It will vary greatly depending on circumstance.  Most of the time the
record size matches the MTU.  Other times it matches the write size,
which can be only a small number of octets.  For bulk transfers it can
approach the record maximum.  All on the same connection sometimes.

I really don't know what you are suggesting here.  The point is the
accounting in terms of records doesn't really give you any insight
into the number of blocks.