IETF Logo Mail Archive

Re: [TLS] Comments on

Watson Ladd <watsonbladd@gmail.com> Mon, 17 February 2014 15:45 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1D8A1A03F6 for <tls@ietfa.amsl.com>; Mon, 17 Feb 2014 07:45:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 73-M373SP7Ma for <tls@ietfa.amsl.com>; Mon, 17 Feb 2014 07:45:52 -0800 (PST)
Received: from mail-yh0-x236.google.com (mail-yh0-x236.google.com [IPv6:2607:f8b0:4002:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id AE6F01A04DE for <tls@ietf.org>; Mon, 17 Feb 2014 07:45:51 -0800 (PST)
Received: by mail-yh0-f54.google.com with SMTP id z6so14184953yhz.13 for <tls@ietf.org>; Mon, 17 Feb 2014 07:45:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=e6X925jWEtn+abSSc0H2BhDNd/i4G3h2xEDjXJXtaSw=; b=lMmVR/b6TJW3K0WiKuMqRKxpED+tiMFH7OsFnOu/V5/Xdcf8Gk3DeFXy6RUdRNTke1 dP1OoxocPkN81ftLYSd1rRYZDLfuM5dgs65RBVkcOUdHqoATBpJ38ulUHZodekAkHdSG 8GiEHfdvZzL0SNPMyw6q0KfHAM7aQbsJqDVHBNv7lg6KCpnq8nehC0odRDlUy+NMF3VE ishu/v2GWVJqy1yz8qdsF3tcQOd1tRctFfn0Yv44D21fUIughgAEmU3icfmLpuPQeaV/ wYSggBI9UFHyKsV0djpQQ0SqxtegsCQzU/iB8gaciDHDLnEN/xGBK9oGh3Qv+DpvHdKL gCqQ==
MIME-Version: 1.0
X-Received: by 10.236.130.138 with SMTP id k10mr23513945yhi.31.1392651949063; Mon, 17 Feb 2014 07:45:49 -0800 (PST)
Received: by 10.170.92.85 with HTTP; Mon, 17 Feb 2014 07:45:48 -0800 (PST)
In-Reply-To: <1392624588.30995.10.camel@dhcp-2-127.brq.redhat.com>
References: <nnha83nwy9.fsf@bacon.lysator.liu.se> <CAL9PXLyWhqSdG5YRyrOprW5wgCYCwHn7_a=R2sb+mN-irkMYbA@mail.gmail.com> <nna9dum6fk.fsf@bacon.lysator.liu.se> <CAL9PXLyC98rc73x7o4gDeu-UBz1k0VP_qTdbCqgSSObuKf9+LA@mail.gmail.com> <nnsirlldyf.fsf@bacon.lysator.liu.se> <CAL9PXLzgHqguYfKwhiVyjDeSCUkqwbsoujAcz8UPN0FQyfaodg@mail.gmail.com> <1392624588.30995.10.camel@dhcp-2-127.brq.redhat.com>
Date: Mon, 17 Feb 2014 07:45:48 -0800
Message-ID: <CACsn0cncSn61Z3FkbcF_S32mah=3DtNkygHMB31+_UgQr6n5Ag@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/K4NdjOQWkZg8e6jQ-tpoCWEpIVs
Cc: Niels Möller <nisse@lysator.liu.se>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Comments on
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2014 15:45:55 -0000

On Mon, Feb 17, 2014 at 12:09 AM, Nikos Mavrogiannopoulos
<nmav@redhat.com> wrote:
> On Fri, 2014-02-14 at 14:49 -0500, Adam Langley wrote:
>
>> > By streaming, I don't advocate you do the decryption in a pipe line;
>> > that's clearly a dangerous habit. Usecase is more like on one machine
>> > running
>> >   src-machine$ tar -cf - foo-dir | aead-encrypt | send
>> This use of streaming is fine by my criteria, assuming that
>> "aead-encrypt" is chunking the input into different blocks and
>> applying the AEAD to each block. This is perfectly fine with a
>> one-shot(*), AEAD API at the core.
>
> I'd pretty much agree with the chunked approach, but I now realize that
> it is more hard to get it right than the streaming one. In the chunked
> approach one would need to implement sequence numbers (could be implicit
> as additional data) and a termination block. So both approaches have
> quite some disadvantages. The streaming approach allows for misuse of
> the API which may cancel the benefits of AEAD, and the chunked approach
> requires the developer to create a safe protocol over AEAD.
>
> If the idea is for AEAD to be used by an average developer, it seems we
> need even a higher abstraction than that; even for such a simple
> use-cases.

Let's back up a bit. The assumption is that we are sending a file over
the network, and we want to encrypt and authenticate it. If we have an
encrypted and authenticated channel all is good. Alternatively, we can
encrypt the entire file as one big chunk and decrypt on receipt.  I've
still not found a case where one of these doesn't work.

Sincerely,
Watson Ladd
>
> regards,
> Nikos
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.23.0 | Report a Bug | By Email