IETF Logo Mail Archive

[TLS]Additional Data in TLS 1.3

devi prasad <dprasadm@gmail.com> Thu, 15 August 2024 14:44 UTC

Return-Path: <dprasadm@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55E30C15155C for <tls@ietfa.amsl.com>; Thu, 15 Aug 2024 07:44:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywai5hQCg3mk for <tls@ietfa.amsl.com>; Thu, 15 Aug 2024 07:44:11 -0700 (PDT)
Received: from mail-oa1-x33.google.com (mail-oa1-x33.google.com [IPv6:2001:4860:4864:20::33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DABB8C1519B8 for <tls@ietf.org>; Thu, 15 Aug 2024 07:44:11 -0700 (PDT)
Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-2689e7a941fso751126fac.3 for <tls@ietf.org>; Thu, 15 Aug 2024 07:44:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723733050; x=1724337850; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=0SRT261TGrXp2G/YCb6uEk0bHNSttTZjkQKYBAGHMSs=; b=KQie0gYzrwMYeB5rTpg/s11qqaw4a0sZJFX+nAIWNkE5apqCiyZiboN6Owh2gsnjyX QAfRVj7mdcODsUMe1hQ6Ku9l0QAPfNre7Xp1oWcBrH22VtsSw/jTRexiNjEfO0pq1LRm gao6e7lQfuYZphpYqaHjkiFwsHvSC8fL4GJcCgV4OJWFjggDzaHt/gr1c127dFWJj8OA 5XqNdCZGo5HY8t/RvCRErA1CchycFB1NsmVQEtGYT6OMvVfMuYX1keNgzT2sgutiRSb+ IGC59ynUuU3Po/Zt5lIdYnH/SWDPxTXNRTFYxaYa7WkY1Pn3vDTr7wR+ARCorcyUmH7d BJZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723733050; x=1724337850; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=0SRT261TGrXp2G/YCb6uEk0bHNSttTZjkQKYBAGHMSs=; b=jE8l37e7r9dLZdksGrLkRlLCxFt6qHaUL/q0IkoZ2mw25qdpyb6le1eqwLP6+4h1f2 nfd//XyOmrXNpwXxjG7bGUHHLxKusaVKqC57cXsuwq2BUizegUCXDF3U7QPbP1cTEH8T qzOc3E/axAlrLZm6HGFH5z4cIVlshyxujQsmqhjuV/0odI92oAD5/PpfVFb8aNUaekY7 8/l6vKmayNK/tyzfTUOiGASdtYSQq2WKbJv2zab5qoUgvX/iT13F7GSiMyNSBSFZ/x22 lGSQfZ3CwNVeHEOsUahwYuOo3hbYdqGus930nxARuwjR7Ha2Pg1QnrUvgZnln8YoInXA ZM0A==
X-Gm-Message-State: AOJu0YyaxrfJ/LsdF9fjfAtFBOOudtssEbJusJfXe4Kr/v6GKJ6rGVpd 8UHoiGzvNuXspfoRu/OWQdFmhVAjFvN9TMtbSMTRMjf1fRK43u7wraNFk5/qcseY4Zzt2HIBlZs 4uPmrRBorV6nG/iJlHqRs2dx9MK/fJvBZ
X-Google-Smtp-Source: AGHT+IEmytKyiXNwYiI6hegbGWEBBFDK8+t19np9iF5NYNVLgx8Ur4FrVG+lDnXcdVlBrvSYOTd5C96d3hUOXXGwbxU=
X-Received: by 2002:a05:6870:311f:b0:261:1339:1cb9 with SMTP id 586e51a60fabf-26fe5bf8218mr7866392fac.35.1723733050298; Thu, 15 Aug 2024 07:44:10 -0700 (PDT)
MIME-Version: 1.0
From: devi prasad <dprasadm@gmail.com>
Date: Thu, 15 Aug 2024 20:13:58 +0530
Message-ID: <CAO2B13Q3SvhXCJYZpYri2X4GTomdZYvJcSNY5g+CFqYZbRd2kA@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000269adb061fb9e07a"
Message-ID-Hash: QBQEOUN4H73EKGS3CS5TYGRN3DF4PGIL
X-Message-ID-Hash: QBQEOUN4H73EKGS3CS5TYGRN3DF4PGIL
X-MailFrom: dprasadm@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Additional Data in TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/F1yi0ylZnzrTSsSYlGvzMBdsJg8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I've been reading about TLS 1.3, referring to RFC 8446, simply out of
technical curiosity.


While trying to figure out a few details from the mail archive, I couldn't
find conversations about the decision to include "additional data" (AD) in
the AEAD scheme. Trawling through the drafts I noticed something
interesting - AD went from being an empty input to being the record header,
from draft 24 to draft 25, in the span of about 15 days.

It's obvious I've no access to the technical conversations that must have
happened.

Can someone help me understand the reasons for including AD only in the
last few iterations of the draft. Why was AD an empty input, initially? Are
there any threads on the mailing list that I've missed?

Thank you very much.
Devi Prasad


Here's the reference for the text in drafts 24 and 25:

draft-ietf-tls-tls13-24, February 15, 2018

page 82

Section 5.2. Record Payload Protection

"... the additional data input is empty (zero length)."

draft-ietf-tls-tls13-25, March 02, 2018

page 82

5.2.  Record Payload Protection.

"... and the additional data input is the record header.

  I.e.,

     additional_data = TLSCiphertext.opaque_type ||

                       TLSCiphertext.legacy_record_version ||

                       TLSCiphertext.length

... "

v2.39.1 | Report a Bug | By Email | System Status