Re: [TLS] Data volume limits

"Scott Fluhrer (sfluhrer)" <> Tue, 15 December 2015 22:01 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 423071B2B58 for <>; Tue, 15 Dec 2015 14:01:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.509
X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id d7-xJMztr88J for <>; Tue, 15 Dec 2015 14:01:55 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8B4641B2B50 for <>; Tue, 15 Dec 2015 14:01:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=9368; q=dns/txt; s=iport; t=1450216915; x=1451426515; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=t32nTBGgUAFIvVeFZOkngyqavOkydO86GYtHi0xSKpg=; b=acU1S2NrC6XNftKcPk871preFl6tUqkxRJE7O3F8vG9XSxKL3ZLzFwk/ 5gpXMV6DLcZAfOwLlc2EgU16vnM016GwTzbWuD81zVmhujkp23iILQbRo T+2j5+IUdw84vIQs7jAUt5Z8OZG+1T4Dk6EAgBiFg5LFno3RytfyKTERn 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AUAgD9jHBW/4YNJK1egm5MUm0GvVMBD?= =?us-ascii?q?YFjhg0CHIEuOBQBAQEBAQEBgQqENAEBAQQjClwCAQgOAwQBASgDAgICMBQJCAI?= =?us-ascii?q?EARIIiCereZF0AQEBAQEBAQEBAQEBAQEBAQEBAQEBGIZWhH2EKwpcgmaBSQWIM?= =?us-ascii?q?4pTg3YBjUCdIAEfAQFCgg4ggVZygypCgQgBAQE?=
X-IronPort-AV: E=Sophos;i="5.20,434,1444694400"; d="scan'208,217";a="217057116"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Dec 2015 22:01:54 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id tBFM1rDV028973 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 15 Dec 2015 22:01:54 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 15 Dec 2015 17:01:53 -0500
Received: from ([]) by ([]) with mapi id 15.00.1104.009; Tue, 15 Dec 2015 17:01:53 -0500
From: "Scott Fluhrer (sfluhrer)" <>
To: Eric Rescorla <>, "" <>
Thread-Topic: [TLS] Data volume limits
Thread-Index: AQHRN321+GNchELNkkOmU2Gwkrt9SJ7MlZaA
Date: Tue, 15 Dec 2015 22:01:52 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_e007baa2f53249d49917e6023e578bc0XCHRTP006ciscocom_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [TLS] Data volume limits
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Dec 2015 22:01:57 -0000

Might I enquire about the cryptographical reason behind such a limit?

Is this the limit on the size of a single record?  GCM does have a limit approximately there on the size of a single plaintext it can encrypt.  For TLS, it encrypts a record as a single plaintext, and so this would apply to extremely huge records.

Or is this a limit on the total amount of traffic that can go through a connection over multiple records?  If this is the issue, what is the security concern that you would have if that limit is exceeded?

Thank you.

From: TLS [] On Behalf Of Eric Rescorla
Sent: Tuesday, December 15, 2015 4:15 PM
Subject: [TLS] Data volume limits

Watson kindly prepared some text that described the limits on what's safe
for AES-GCM and restricting all algorithms with TLS 1.3 to that lower
limit (2^{36} bytes), even though ChaCha doesn't have the same

I wanted to get people's opinions on whether that's actually what we want
or whether we should (as is my instinct) allow people to use ChaCha
for longer periods.