Re: [TLS] Choice of Additional Data Computation
Martin Thomson <mt@lowentropy.net> Mon, 27 April 2020 00:13 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31AFF3A044A for <tls@ietfa.amsl.com>; Sun, 26 Apr 2020 17:13:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=Ko+x80UJ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=lkNiz6z1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QpXC4G7OuTx2 for <tls@ietfa.amsl.com>; Sun, 26 Apr 2020 17:13:56 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E19B83A0437 for <tls@ietf.org>; Sun, 26 Apr 2020 17:13:55 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 1B49B5C0056 for <tls@ietf.org>; Sun, 26 Apr 2020 20:13:55 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Sun, 26 Apr 2020 20:13:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=HpHCggnbTmGWlop19l//ZC7uOQXPsCL bp6GqpnXPGt8=; b=Ko+x80UJsJyE4t8JIf7TaX1hj5UH/qK72+sUSHUlHk5dDz5 xqJGnbu1ok+RUuADpcFCsQbrJ8hxhL3+YsWjwqHcLLPFshY74r7ofUi+B9XPF+ke 09fnWzknHErwoL8LZXWfv/d8njAPgZ6pz4oRfZwfVufct5yElzgHXRZ+iLR94YxX iPgurXcA2DRo68AqgnBreN+BSZ6zuYtiZilq8oUcsWcgZGLyzeWngkKrT/LWd7g+ vTSnSoRzgO6+6m/FX7cId8wl1IX89pYX3NwbsDFKFNjk2/l3jmNnBEkdmsz3smk2 Y8TzCvY71j87QxiCDLuamOqzfPE4RtRmp4N3Olg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=HpHCgg nbTmGWlop19l//ZC7uOQXPsCLbp6GqpnXPGt8=; b=lkNiz6z1WWQBEdN/rk79RT MC9vu5+uep/nvF9vuTzI4Blg3Pz8w8ZvT1BjaxTHERSVL6xn5QmxRHHfR39AnI1s VFfoztYAAWlIMwTvwEnJOK1HEfjz771qIObrfICDt0lLZ1Nr/moH+e5XIbh9LmRm i7j5EH4F8V6qeUxTLZ2x+yWSqBZcS/MYPC6aegn95D98mK0mOZ8LrlpsRdrBwSnr t0Sb+aSTLOflXx2dJhQzC6pFf7xiVotdjmG64o21UpQgcxNNG0RL42xUEtBg+5gc oBYvaOmOMTVx1/DMgxnTrixhdaAzr0jiUagxFkGVukYGZ1WvpP8thtIO+rY8PYKw ==
X-ME-Sender: <xms:wiOmXv8_9ED-IHCnmkEyQ_Es5RmPG1oFRsy6ORRn67qqwEBcuDFMwA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrheekgdefvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuffhomhgrihhnpehirggtrhdrohhrghenucevlhhush htvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhht rhhophihrdhnvght
X-ME-Proxy: <xmx:wiOmXtmxVmWgK4b0U6xgQ9fKmxh4rrRcMKUy9GM_9ZyJNhfaerAfNg> <xmx:wiOmXiLhHB2CxmC_mMB1Ea22-57UyoxstHhh-mA2jgv450OtVH78ng> <xmx:wiOmXrrQuajSbMCG1Nrn2YD3v95GjaTjmBWdR9I3ppH3X-xmV2RG_g> <xmx:wyOmXrgL1u1EJrOVl7D39Wz2WBbhebmEVXUgE-kTSsFt6UrQi05N9g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D3364E00C7; Sun, 26 Apr 2020 20:13:54 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-351-g9981f4f-fmstable-20200421v1
Mime-Version: 1.0
Message-Id: <a18b8223-ca9e-4a06-97fc-448865023376@www.fastmail.com>
In-Reply-To: <CACLV2m4-Qcx-xKWP201VCY73HVyjCzHVCb6PrntnBWhA8fBQYg@mail.gmail.com>
References: <AM0PR08MB371694E826FA10D25F2BA53EFAD00@AM0PR08MB3716.eurprd08.prod.outlook.com> <93042b37-37e1-5b6a-3578-a750054d0507@gmx.net> <AM0PR08MB3716541F4825F8D43DC3D308FAD00@AM0PR08MB3716.eurprd08.prod.outlook.com> <CACLV2m4-Qcx-xKWP201VCY73HVyjCzHVCb6PrntnBWhA8fBQYg@mail.gmail.com>
Date: Mon, 27 Apr 2020 10:13:31 +1000
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/J74lhfH5S-Je-cOFVbSJjFzFuUg>
Subject: Re: [TLS] Choice of Additional Data Computation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2020 00:13:59 -0000
On Sat, Apr 25, 2020, at 01:56, chris - wrote: > However, the formal > models of [1,2] assume reliable transport (i.e., TCP): failure to > deliver packets in order is deemed an attack. Therefore, the > definitions would need to be changed in order to account for the case > of DTLS. (I'm not sure if this has been studied.) My hunch is that the > same design pattern (i.e., "authenticate everything on the wire") would > be called for, but I've not seen formal evidence either way. A few of the submissions to QUIPS addressed this question for QUIC (which has a similar construction to DTLS) and concluded that this was broadly OK. What changes is the degree to which we rely on the strength of the AEAD for prevention of spoofing. (I'm sorry, but I can't find the paper that was most directly applicable, perhaps Felix can help out. https://eprint.iacr.org/2020/114.pdf does a pretty good job, though it is a broader treatment.)
- [TLS] Choice of Additional Data Computation Hannes Tschofenig
- Re: [TLS] Choice of Additional Data Computation Achim Kraus
- Re: [TLS] Choice of Additional Data Computation Hannes Tschofenig
- Re: [TLS] Choice of Additional Data Computation chris -
- Re: [TLS] Choice of Additional Data Computation Hanno Becker
- Re: [TLS] Choice of Additional Data Computation Eric Rescorla
- Re: [TLS] Choice of Additional Data Computation chris -
- Re: [TLS] Choice of Additional Data Computation Hanno Becker
- Re: [TLS] Choice of Additional Data Computation Eric Rescorla
- Re: [TLS] Choice of Additional Data Computation chris -
- Re: [TLS] Choice of Additional Data Computation Eric Rescorla
- Re: [TLS] Choice of Additional Data Computation Thomas Fossati
- Re: [TLS] Choice of Additional Data Computation Eric Rescorla
- Re: [TLS] Choice of Additional Data Computation chris -
- Re: [TLS] Choice of Additional Data Computation Eric Rescorla
- Re: [TLS] Choice of Additional Data Computation Hanno Becker
- Re: [TLS] Choice of Additional Data Computation Thomas Fossati
- Re: [TLS] Choice of Additional Data Computation chris -
- Re: [TLS] Choice of Additional Data Computation Hanno Becker
- Re: [TLS] Choice of Additional Data Computation Eric Rescorla
- Re: [TLS] Choice of Additional Data Computation Martin Thomson
- Re: [TLS] Choice of Additional Data Computation Hannes Tschofenig
- Re: [TLS] Choice of Additional Data Computation Martin Thomson
- Re: [TLS] Choice of Additional Data Computation Hanno Becker
- Re: [TLS] Choice of Additional Data Computation Felix Günther
- Re: [TLS] Choice of Additional Data Computation Hanno Becker
- Re: [TLS] Choice of Additional Data Computation Eric Rescorla
- Re: [TLS] Choice of Additional Data Computation Felix Günther
- Re: [TLS] Choice of Additional Data Computation Hanno Becker
- Re: [TLS] Choice of Additional Data Computation Felix Günther
- Re: [TLS] Choice of Additional Data Computation Felix Günther