IETF Logo Mail Archive

Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)

Yoav Nir <ynir.ietf@gmail.com> Wed, 15 February 2017 17:30 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7069B129614 for <tls@ietfa.amsl.com>; Wed, 15 Feb 2017 09:30:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9VcxJTMoKKTL for <tls@ietfa.amsl.com>; Wed, 15 Feb 2017 09:30:09 -0800 (PST)
Received: from mail-wr0-x243.google.com (mail-wr0-x243.google.com [IPv6:2a00:1450:400c:c0c::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35278129572 for <tls@ietf.org>; Wed, 15 Feb 2017 09:30:09 -0800 (PST)
Received: by mail-wr0-x243.google.com with SMTP id k90so31931520wrc.3 for <tls@ietf.org>; Wed, 15 Feb 2017 09:30:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=+P9AJ22m0W1uR0IeGX8lhwirkFyNvSm4ddY0ivyy1EE=; b=l2G2/eWiTmKtTmyxMJSTgK9UaOIK9so4V60VJ3ZOpTEc3AcnpdRXaS50KcxbDxYcGC qv7br8TfEkdxbnIeyI2kLOclKMQSn24igR3IZGxSDiumkoFdyUwpRV4vO+na7+81lZX3 hD4dW5iVqSvoMHchS9QAgoce5GQ2Ds5EK+N80A+Q72tH5xaC7kuPTyPJvVAoV5G8WRzA vVqLw9DQsV63yRrscmU6+gG1eTh1sXdLrEQ7oBgPWMl9EuVPj5KaAsPki+SxrkztY4/U JKzftGXBCVfFNBDGhOs9Q7G/pTDzwOFpwXz88chAj6uVkmBlVrkiVQLtwOatYJLrE7pm 8//w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=+P9AJ22m0W1uR0IeGX8lhwirkFyNvSm4ddY0ivyy1EE=; b=SY48zTCMPCRNCuXwtkVS5UVHnAJbFliqWNjpDlvd57rUVsZHAgKbESB0ylN5nKQZlD IjUQWzbDsmM17ka+HILoTN4NDMV+lZuWpL/Dm0BzWOELxeb7X13O93CYgQhflWmY3DRx GVQNikqoVKq896ls+B7P3U5m4BjMpkhSGrK//L6yy2vZfPVGaTsqtc5Z8zPCDlO+6yWl Do4HHNS7TXUN/dkpRnEdNezRj5VCRpBShgszbt4enLoWn99dLGRYhySBfOXGUZ7QLCkl pMYp9ij4JLJsqrAc+PzI7YithUjhqzbBCuLAppSNlc7NWLSKYdPzla2L+qwznNeMS3hE YwRA==
X-Gm-Message-State: AMke39mLWnnr/OPzc77/wBxYxjUiUqxDc7QC3xFk0cLaRVgntwzWQ7wHUFBuE32d473QUA==
X-Received: by 10.223.161.130 with SMTP id u2mr35286995wru.127.1487179807685; Wed, 15 Feb 2017 09:30:07 -0800 (PST)
Received: from [192.168.137.219] ([176.13.243.119]) by smtp.gmail.com with ESMTPSA id i73sm212628wmd.11.2017.02.15.09.30.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Feb 2017 09:30:06 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <4639F8A9-1DD7-48E5-ABE4-2658311E0C33@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_89B8EC13-4F33-4FF1-AD79-19F8A4074C04"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Wed, 15 Feb 2017 19:30:04 +0200
In-Reply-To: <CABkgnnURRPNEGEFKJvBJ=of=pqSD6CLJ+M3CB5KepEQA38XeHQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CABkgnnVrFGHe0eKREXbG_pv=y18ouopZsE2c5+Czz0HAGko6rg@mail.gmail.com> <D4C331C7.86224%kenny.paterson@rhul.ac.uk> <VI1PR8303MB0094D686941D99290BB431FCAB590@VI1PR8303MB0094.EURPRD83.prod.outlook.com> <D4C73D19.2FB4B%qdang@nist.gov> <D4C85054.2FDA4%qdang@nist.gov> <be49d59e37339cbaea8fef9bdb2a8971@esat.kuleuven.be> <D4C8AE28.30145%qdang@nist.gov> <CY4PR09MB1464278F1845979862CA9C8EF3580@CY4PR09MB1464.namprd09.prod.outlook.com> <BD6FC1F4-F2ED-46F8-9E53-862B69D9C00A@gmail.com> <e7c9bc1fb1b57333bacbe2def2687d18@esat.kuleuven.be> <D4C9AB9C.302D5%qdang@nist.gov> <CDDC7812-27AF-4566-AE33-6DF829FEB81E@rhul.ac.uk> <CABkgnnX78HnPnudEYOciS-VgJ4opYQX56OQ1R4yYvqxOQkO7Bg@mail.gmail.com> <859B3094-61BF-40B3-9473-4220E830D70F@gmail.com> <CABkgnnURRPNEGEFKJvBJ=of=pqSD6CLJ+M3CB5KepEQA38XeHQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DQ6G5cnkJfJQD-nGCPkTrre5_xo>
Cc: IRTF CFRG <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2017 17:30:10 -0000

> On 15 Feb 2017, at 19:25, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> On 16 February 2017 at 04:20, Yoav Nir <ynir.ietf@gmail.com> wrote:
>> No, not really, but TLS is not just the web, and there are connections that
>> last for a long time and transfer large amounts of data. Think datacenter
>> synchronization. At packet-sized records 24 million records amounts to 36
>> GB. That is considerably larger than a 4 GB software update I downloaded
>> over HTTPS a few years ago, but not out of the ballpark.
> 
> I realize that's going to require updates pretty often (once you open
> up the CWND), but I don't think that it is frequent enough to be a
> concern.
> 
> I well know that HTTP gets used at these volumes more often than
> people realize.  I'd rather recommend ChaCha for those niche uses
> though if the rate was sufficiently high.

And now I’ve lost you. A moment ago I thought you were concerned that people would fail to implement KeyUpdate. Are you now suggesting that it be removed entirely from TLS 1.3?

There’s no getting around the fact that AES-GCM is faster on certain processors than ChaCha, and speed is likely to be a major concern for exactly the same systems that use the high data volumes.

Yoav

v2.23.0 | Report a Bug | By Email