IETF Logo Mail Archive

Re: [TLS] Comments on nonce construction and cipher text size restriction.

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Tue, 24 May 2016 17:46 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0905F12D120 for <tls@ietfa.amsl.com>; Tue, 24 May 2016 10:46:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QcB3fTyRIHAH for <tls@ietfa.amsl.com>; Tue, 24 May 2016 10:46:50 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0119.outbound.protection.outlook.com [23.103.200.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD89F12D613 for <tls@ietf.org>; Tue, 24 May 2016 10:46:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=EtG5XjcZvF2knYNL69e+EIJSqb0AF8MNR8SaBcx+iQ8=; b=r3h80ZLKrzZ/EZqyczKudxmlLpJJ2Rv/8qQ1DxRXr/7RbBkpMWvXDhIQVNNw6fRkqCSCB7Ohqz6qDVdPewoEsQbL9OOo+UU/7W4foCcWDQ2yKxIkzCv0oGXMYkcjab4Rb9cayhlFfQ8s2vM+Fdqb3SzfET9X5nq0TQVhfFaAFlk=
Received: from BN1PR09MB124.namprd09.prod.outlook.com (10.255.200.27) by BN1PR09MB121.namprd09.prod.outlook.com (10.255.200.145) with Microsoft SMTP Server (TLS) id 15.1.501.7; Tue, 24 May 2016 17:46:49 +0000
Received: from BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) by BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) with mapi id 15.01.0501.012; Tue, 24 May 2016 17:46:49 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: Martin Thomson <martin.thomson@gmail.com>, "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
Thread-Topic: [TLS] Comments on nonce construction and cipher text size restriction.
Thread-Index: AQHRtc/HWUjUunA/c0agQBPElmd3kJ/IQt6A///W7AA=
Date: Tue, 24 May 2016 17:46:48 +0000
Message-ID: <D36A0B54.267BA%qdang@nist.gov>
References: <D369E95C.267A5%qdang@nist.gov> <CABkgnnVAVYDuWUV0EJ=9iJ69KOwYxR=tzRRB+A96qwKmco8qEg@mail.gmail.com>
In-Reply-To: <CABkgnnVAVYDuWUV0EJ=9iJ69KOwYxR=tzRRB+A96qwKmco8qEg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=nist.gov;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.109.185]
x-ms-office365-filtering-correlation-id: 539cdba0-cf1b-45a8-4ecd-08d383fb61f3
x-microsoft-exchange-diagnostics: 1; BN1PR09MB121; 5:ssWkqAlI1tnyCi91vjNw3OVR8rhkRUwqyWNs2EuRKqBdKKX9iK6+Vl6AIcOFaqebhTq2s/k8QVM1Cq4Z2VMehl1QeiDOaK4Qf+8FqhTfj4ZCQERdX0cNYH/lquj+8oHeMZVzRC1zy53YbqiTWJHiCg==; 24:7u+Y7ipZpRzTJozpdRZlGu3WkyNsuEXT9dNt5mdGgSVm9oyjhMdAxhhAmG6D/v/UhyM7jv6TxSALSmQOHS9zWRXLXd0RzjEW/UN26DIjExY=; 7:9rehaKM3U49PygR/STHCKanIbd0fRH7HQ4jfDm1nKxYtJ0vW0Uuf59PgIwB5idVTJQHbUzP15lL9wiGpm0XpnK+dOD/L5oP2bgos7EvPiBFFS4ufA2lOpLis6FsMEwFOsX00ylGnTfAWBQwBik3Tjv5EKrzHh1DZ4Bw1D2DHdbqzqVdA/PbmuIpnD5WQBpwt
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB121;
x-microsoft-antispam-prvs: <BN1PR09MB1211D5C324DDA19E97C7C2EF34F0@BN1PR09MB121.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:BN1PR09MB121; BCL:0; PCL:0; RULEID:; SRVR:BN1PR09MB121;
x-forefront-prvs: 09525C61DB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(24454002)(83506001)(1220700001)(19580395003)(4001350100001)(19580405001)(87936001)(77096005)(3660700001)(5008740100001)(10400500002)(586003)(66066001)(122556002)(5001770100001)(54356999)(3846002)(8936002)(92566002)(2950100001)(8676002)(102836003)(3280700002)(2900100001)(6116002)(2906002)(50986999)(5004730100002)(5002640100001)(76176999)(189998001)(4326007)(99286002)(86362001)(4001450100002)(11100500001)(106116001)(81166006)(36756003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB121; H:BN1PR09MB124.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <8FD08589E5BF7C4CB995F7F6C2A894E8@namprd09.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2016 17:46:48.9143 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB121
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/AVIcKmffFu4CsGDSWCiABsOS3hE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Comments on nonce construction and cipher text size restriction.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2016 17:46:55 -0000


On 5/24/16, 12:13 PM, "Martin Thomson" <martin.thomson@gmail.com> wrote:

>On 24 May 2016 at 08:20, Dang, Quynh (Fed) <quynh.dang@nist.gov> wrote:
>> 1. For this text:  "plus the length of the output of the signing
>>algorithm.
>> " in the last paragraph of Section 4.8.1, did you mean "plus the output
>>of
>> the signing algorithm.² ?
>
>The text is correct.  It is talking about the length of the structure,
>not its contents.

>
>> 2. "The length (in bytes) of the following TLSCiphertext.fragment. The
>> length MUST NOT exceed 2^14 + 256. An endpoint that receives a record
>>that
>> exceeds this length MUST generate a fatal "record_overflow" alert. " .
>>There
>> could be a cipher that generates ciphertext longer than plaintext in
>>some
>> cases plus the tag. If the tag was 256 bits, then this requirement would
>> disallow that cipher unnecessarily when a record size is 2^14.
>
>The value 256 is octets, not bits.  If you are aware of a need for an
>authentication tag longer than 256 octets, now would be a great time
>to tell all of us.

My misreading of the text. Thanks.
>
>
>> 3. "The padded sequence number is XORed with the static client_write_iv
>>or
>> server_write_iv, depending on the role.² I think the ivs are not needed.
>
>We discussed this at quite some length.  I originally took your
>position, but the IVs add an extra layer of safety at very little
>cost.

I don¹t see any extra layer here.

>

v2.23.0 | Report a Bug | By Email