IETF Logo Mail Archive

Re: [TLS] DTLS 1.3 AEAD additional data

Thomas Fossati <Thomas.Fossati@arm.com> Thu, 23 April 2020 12:00 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C660B3A198E for <tls@ietfa.amsl.com>; Thu, 23 Apr 2020 05:00:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.719
X-Spam-Level:
X-Spam-Status: No, score=-2.719 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=LdoYeV2T; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=LdoYeV2T
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFtgFYrQYwrP for <tls@ietfa.amsl.com>; Thu, 23 Apr 2020 05:00:15 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60063.outbound.protection.outlook.com [40.107.6.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6A743A0A3E for <tls@ietf.org>; Thu, 23 Apr 2020 05:00:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AnDW2QWgLWxkZgMbqitPuhH6gw7g1bhZ6DAAcJYVeUY=; b=LdoYeV2TmWIguLkCuMAN3Av0Mr1rR51TU3rJuKZcT50E1xaMa6R/2ZXx8+zr3S/XA707J/Ev7jLsu1nuRv5QNaH7kkZoTpNwSEamKx+nszBnzIaSm8ajL57tKSQdd5r7HMW0a+qkVa2gq7H5oZyjNtlGyT7l4rannCJm/EAnDsg=
Received: from DB6PR07CA0106.eurprd07.prod.outlook.com (2603:10a6:6:2c::20) by AM0PR08MB3412.eurprd08.prod.outlook.com (2603:10a6:208:dc::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Thu, 23 Apr 2020 12:00:11 +0000
Received: from DB5EUR03FT044.eop-EUR03.prod.protection.outlook.com (2603:10a6:6:2c:cafe::42) by DB6PR07CA0106.outlook.office365.com (2603:10a6:6:2c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.9 via Frontend Transport; Thu, 23 Apr 2020 12:00:11 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT044.mail.protection.outlook.com (10.152.21.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.19 via Frontend Transport; Thu, 23 Apr 2020 12:00:11 +0000
Received: ("Tessian outbound d63670e9da8f:v53"); Thu, 23 Apr 2020 12:00:11 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 32d80d0190cb60ca
X-CR-MTA-TID: 64aa7808
Received: from ad1928893607.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id ABC29D97-AB94-4A24-BCB0-5920799030FF.1; Thu, 23 Apr 2020 12:00:06 +0000
Received: from EUR01-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id ad1928893607.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 23 Apr 2020 12:00:06 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K5zUftqc24RPqwCWpf7/7qxCTAphvfM3tPRsOsLiwGLW+KX5WdwT+fYtKPXmhuey2ZOFF4C8HJyJEqYkXBWwIAyrxAcBBri64Wt5TY0Zf5Hsa7C9BbO8SenAj30zy/FtPY5og+dS73XSmVuMgoaqcM2tQysdaS5eIedCWOGdNcQDa0q1dtNN87ooPwDuv6HK63BMk0DMnCcbI2J41EkOnKRm9eRi1mwhbe/Bv0eyOrN6c3Cc7eNhDQbJgB8KPV2T6/S2V5lAL0vW5iVeqGDmDfxfNq070DhOn3E61Gcvl6pK/EZwQPcGQzeFI52a/lFaXEtIx6HL2DX+cpzkgHsciQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AnDW2QWgLWxkZgMbqitPuhH6gw7g1bhZ6DAAcJYVeUY=; b=oHIj5uHPnu3ReWe0XV3TmsFzYYlCjLODbdN9g8egx8bCaPW1LSmKyiRPfBWYFiXn6EYM34yAEoLAaMxrvkpYTjcePADpU9IdaiEoiKXtMoGDS56XG8y443cLO7Vzs0EEb7yqOleh2EvsyjFd1n70G/xe+1xkJ0MqjIptQXBj6vST9wy4patYIwKVPZUozMd54L7Nw4s/2mvklq/RRkcZ+m8dkWk9fVOJlZsk7lLGv/xEm0CX6nDUq8Z0MTpJeZMauf5Y9gXOPOK7mPLJFusyaaMJa/a0MVVSKEGURpMxmx+NVuulFN1lnsn1cTiSugClf3tHDkzptRBsFkoW5OnorQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AnDW2QWgLWxkZgMbqitPuhH6gw7g1bhZ6DAAcJYVeUY=; b=LdoYeV2TmWIguLkCuMAN3Av0Mr1rR51TU3rJuKZcT50E1xaMa6R/2ZXx8+zr3S/XA707J/Ev7jLsu1nuRv5QNaH7kkZoTpNwSEamKx+nszBnzIaSm8ajL57tKSQdd5r7HMW0a+qkVa2gq7H5oZyjNtlGyT7l4rannCJm/EAnDsg=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (2603:10a6:20b:73::23) by AM6PR08MB4293.eurprd08.prod.outlook.com (2603:10a6:20b:be::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Thu, 23 Apr 2020 12:00:04 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::b08c:a849:e63d:6150]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::b08c:a849:e63d:6150%7]) with mapi id 15.20.2921.032; Thu, 23 Apr 2020 12:00:04 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Martin Thomson <mt@lowentropy.net>, "TLS@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] DTLS 1.3 AEAD additional data
Thread-Index: AQHWF+iN1gKILcDltkmRr5OfopCaAaiD3VMAgAB8FQCAAE7VmIAAawyAgAAHdS6AAB8+AIAACQCRgACPx4CAANufAA==
Date: Thu, 23 Apr 2020 12:00:03 +0000
Message-ID: <D26E7BCB-1985-44BB-A462-CFE6DC7A7F86@arm.com>
References: <AM6PR08MB3318911C71C0DDB90480694A9BD50@AM6PR08MB3318.eurprd08.prod.outlook.com> <CABcZeBMs+o4BU5VhqJKmQvnkEe9RkQXRv7Ej6pVD1-e1vdMoyA@mail.gmail.com> <CABcZeBM9Ri=Rz5kbWn08Vk-Y14MVSALwB1Bd9QV=HfWoq3XqSA@mail.gmail.com> <AM6PR08MB33184161239B6383EA7D776C9BD20@AM6PR08MB3318.eurprd08.prod.outlook.com> <CABcZeBM4wVkH_pdTZMakyV9Y=tk8PNDknHTFhjwX-sw3GOOaZw@mail.gmail.com> <AM6PR08MB3318D6A11587449627F6EA679BD20@AM6PR08MB3318.eurprd08.prod.outlook.com> <CABcZeBNcODKehe217nr2jSedy6N6Gun+QYcksFp2Oqv6gLrzzw@mail.gmail.com> <AM6PR08MB3318717D21E69A2373AC1ACE9BD20@AM6PR08MB3318.eurprd08.prod.outlook.com> <8371994b-799c-4196-a3cd-4b0f71e24b5e@www.fastmail.com>
In-Reply-To: <8371994b-799c-4196-a3cd-4b0f71e24b5e@www.fastmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.36.20041300
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: cc552cb8-4e31-4100-ffbc-08d7e77de038
x-ms-traffictypediagnostic: AM6PR08MB4293:|AM6PR08MB4293:|AM0PR08MB3412:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <AM0PR08MB341281940AD4F36EDB7AE08E9CD30@AM0PR08MB3412.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:9508;
x-forefront-prvs: 03827AF76E
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB4231.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(366004)(39860400002)(396003)(346002)(376002)(8676002)(2616005)(5660300002)(8936002)(2906002)(86362001)(26005)(110136005)(53546011)(33656002)(81156014)(6506007)(186003)(316002)(478600001)(91956017)(36756003)(66476007)(66556008)(64756008)(71200400001)(6512007)(6486002)(66446008)(66946007)(4326008)(76116006); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 5MXsUvzEnJtCfqUiOJY7xzmz423hVW8+zgGLngZuvSXriY4uGF7qPfCOEQgiNY1TvYms0wIPBNH373h1Y6gg/SVLdDwJ5AUJS/qS+daNSeZFiRcACWEcn3YuaSfp3ML3vFY2dKHSiVbHoYqDsywSCQZ8eydpTFfCRxvKho1dYNP9BdyAP9wDgf1eXEGAYXOG5CHGLz1UUsA3K4BTKqdgCIaRcWuCXBOQ7BU1RfVJJRuyoFpgTPDqCnpAX9jhcLz/MXus/J7JQmCNX3t5fY5pI38eeh7asEapeM9rPx87/VTZduBe//QoILrFsaJ5iB+qiqr+DGef9UWxvi5cW3ef5Dtkbe2oaNLFklxBKJALp04ByoFLXjOtYnWUcuZmqq8mftEp5CJJMe25658Wlu923c1D7Ei/1YMWFD5eJaFPHADD+QUz0GOMVi0MFbMPqMuO
x-ms-exchange-antispam-messagedata: MWKJFmNDzSEhcI/NyAgcKrgrLIn/qtzbsq2J7Yj4dDNBPd4hDgfik7y8yjSgI7tBEgv1k3niAg2PzDEmqtW32d9JCA7STk8athn6aoWQFmkgcj3dkpcOd8N4RbQ2i/4ENZ+oXmjvuvGbt63DSpEBwg==
Content-Type: text/plain; charset="utf-8"
Content-ID: <CEE6130427BCD04CABD485A55E84D85B@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4293
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT044.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(136003)(39860400002)(376002)(346002)(396003)(46966005)(186003)(70206006)(70586007)(6506007)(478600001)(2616005)(6486002)(53546011)(36756003)(26005)(6512007)(86362001)(110136005)(4326008)(8936002)(356005)(82310400002)(8676002)(316002)(5660300002)(33656002)(81156014)(81166007)(2906002)(336012)(82740400003)(47076004); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 82a34dd0-01de-41c0-53d8-08d7e77ddbd2
X-Forefront-PRVS: 03827AF76E
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: T9Iz/kfzupzoRfRMC5CbXWs9QgYw562nuwuQN1Fxtnc9JMHcIXD8x0r1NJgvB/9XWK/OgQDNnsMmVBgEaKJzHOsoknKIAai1YA0cdK1/Yh+cIzzrK4nzR6OCyPC40AU7qeVAYz3QhLBfRx5WI/3d4Dscu5ey2DBpq8kKt7BMwmfcAIZ40vy0mz+FnpZHu0xlZEVZHgYVr36Tf3VSs6LWR9PvtEr+H8T/XUys9tsNISVaKLImITgrG64eLTA8eSvWt8effg/ioCsVpYfKBUsr87x8dyUpuXF4Zqe+qkTgZE/REh2cIEMpQIAMvOlHoEG2XJaOhKeZAoZWUhGtlCV0c4FPvkWYed5rpT4GDuajNyygLverTUlSKafWD0H0R4Ye9EFWuqTV8VQYLLDXRo7woavxxHnX0ujMvv4ZDJOarP7sIYGsvYo7uThFRrKv+yZ6eOqWQ8qtyxQxZrMRANpV9WE/WjiSx6bBYG2bKbPbjV2cFjEQ5hsN7ykMb4u6G7ML0q5b9IVY/orDE1p2LwGTiQ==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Apr 2020 12:00:11.4904 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: cc552cb8-4e31-4100-ffbc-08d7e77de038
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3412
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IHmc6YmDOhXb7rnUQkH2bvoUofg>
Subject: Re: [TLS] DTLS 1.3 AEAD additional data
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2020 12:00:18 -0000

Just one comment.

On 23/04/2020, 00:54, "Martin Thomson" <mt@lowentropy.net> wrote:
> But Hanno's proposal is a terrible thing to have to implement.  You
> have to assume that there is some way to recover which CID to use in
> decrypting any record.  You might save some datagram-local state, but
> that's awkward.  Stacks that I've worked on try very hard not to have
> state transmission between records for good reasons.  So this would be
> a fairly bad complication.

The cost of keeping per-datagram state on the receiving end seem very
low to me.  And that would be the only cost overall, because on the
sending side there's none.  And this is in contrast to the higher sender
complexity in the current draft.  Also, once you start keeping
per-datagram state, you might as well stash as much as possible in it
and for example compress sequence numbers as well as just the CID.

So, if that is the only blocker WRT Hanno's proposal, I'd be happy to
trade that off for the nice properties it comes with.

> Separately, I hope that no one would be contemplating trial decryption
> for this, which would be terrible.

Surely not.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email