Re: [TLS] Data volume limits

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Tue, 15 December 2015 22:01 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 423071B2B58 for <tls@ietfa.amsl.com>; Tue, 15 Dec 2015 14:01:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.509
X-Spam-Level:
X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d7-xJMztr88J for <tls@ietfa.amsl.com>; Tue, 15 Dec 2015 14:01:55 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B4641B2B50 for <tls@ietf.org>; Tue, 15 Dec 2015 14:01:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9368; q=dns/txt; s=iport; t=1450216915; x=1451426515; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=t32nTBGgUAFIvVeFZOkngyqavOkydO86GYtHi0xSKpg=; b=acU1S2NrC6XNftKcPk871preFl6tUqkxRJE7O3F8vG9XSxKL3ZLzFwk/ 5gpXMV6DLcZAfOwLlc2EgU16vnM016GwTzbWuD81zVmhujkp23iILQbRo T+2j5+IUdw84vIQs7jAUt5Z8OZG+1T4Dk6EAgBiFg5LFno3RytfyKTERn 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AUAgD9jHBW/4YNJK1egm5MUm0GvVMBD?= =?us-ascii?q?YFjhg0CHIEuOBQBAQEBAQEBgQqENAEBAQQjClwCAQgOAwQBASgDAgICMBQJCAI?= =?us-ascii?q?EARIIiCereZF0AQEBAQEBAQEBAQEBAQEBAQEBAQEBGIZWhH2EKwpcgmaBSQWIM?= =?us-ascii?q?4pTg3YBjUCdIAEfAQFCgg4ggVZygypCgQgBAQE?=
X-IronPort-AV: E=Sophos;i="5.20,434,1444694400"; d="scan'208,217";a="217057116"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Dec 2015 22:01:54 +0000
Received: from XCH-RTP-006.cisco.com (xch-rtp-006.cisco.com [64.101.220.146]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id tBFM1rDV028973 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 15 Dec 2015 22:01:54 GMT
Received: from xch-rtp-006.cisco.com (64.101.220.146) by XCH-RTP-006.cisco.com (64.101.220.146) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 15 Dec 2015 17:01:53 -0500
Received: from xch-rtp-006.cisco.com ([64.101.220.146]) by XCH-RTP-006.cisco.com ([64.101.220.146]) with mapi id 15.00.1104.009; Tue, 15 Dec 2015 17:01:53 -0500
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Data volume limits
Thread-Index: AQHRN321+GNchELNkkOmU2Gwkrt9SJ7MlZaA
Date: Tue, 15 Dec 2015 22:01:52 +0000
Message-ID: <e007baa2f53249d49917e6023e578bc0@XCH-RTP-006.cisco.com>
References: <CABcZeBNR76DqPo0Mukf5L2G-WBSC+RCZKhVGqBZq=tJYfEHLUg@mail.gmail.com>
In-Reply-To: <CABcZeBNR76DqPo0Mukf5L2G-WBSC+RCZKhVGqBZq=tJYfEHLUg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.98.2.55]
Content-Type: multipart/alternative; boundary="_000_e007baa2f53249d49917e6023e578bc0XCHRTP006ciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/9Czdy8bco3gu6xeUwyp52Mc7EAA>
Subject: Re: [TLS] Data volume limits
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2015 22:01:57 -0000

Might I enquire about the cryptographical reason behind such a limit?

Is this the limit on the size of a single record?  GCM does have a limit approximately there on the size of a single plaintext it can encrypt.  For TLS, it encrypts a record as a single plaintext, and so this would apply to extremely huge records.

Or is this a limit on the total amount of traffic that can go through a connection over multiple records?  If this is the issue, what is the security concern that you would have if that limit is exceeded?

Thank you.

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Eric Rescorla
Sent: Tuesday, December 15, 2015 4:15 PM
To: tls@ietf.org
Subject: [TLS] Data volume limits

Watson kindly prepared some text that described the limits on what's safe
for AES-GCM and restricting all algorithms with TLS 1.3 to that lower
limit (2^{36} bytes), even though ChaCha doesn't have the same
restriction.

I wanted to get people's opinions on whether that's actually what we want
or whether we should (as is my instinct) allow people to use ChaCha
for longer periods.

-Ekr