Re: [TLS] Reducing record expansion overhead allowance

"StJohns, Michael" <msj@nthpermutation.com> Sun, 20 July 2014 16:21 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 330741B2C7A for <tls@ietfa.amsl.com>; Sun, 20 Jul 2014 09:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U0pHUNGQF2YQ for <tls@ietfa.amsl.com>; Sun, 20 Jul 2014 09:21:36 -0700 (PDT)
Received: from mail-qa0-f42.google.com (mail-qa0-f42.google.com [209.85.216.42]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F198F1B2828 for <tls@ietf.org>; Sun, 20 Jul 2014 09:21:35 -0700 (PDT)
Received: by mail-qa0-f42.google.com with SMTP id j15so4540575qaq.29 for <tls@ietf.org>; Sun, 20 Jul 2014 09:21:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=En6Mfcc66o+WRTsqkG7fizTDISWEyeRVnQH8XMz9BGU=; b=Fu6Wz+QJC6LZtPrPsH/N/Pnh8qoU5V6YIYQ753WF8wIHYfcP6xVIE44rk9A2IJ/zGH kJx4boj+eU0o+pebeiUGQnra8j4Dg0T9g38HRMcaSeBRB6yNNThtc1QNVNxguaH9goLE ZZybWvI/3aYfZ2S8tyluieuY41TQVxiTZ9I1obOUOpz1D4YQ/jgf7SHUJx7T2v5eMi08 oLd5aSBFDl1RlORY+aj3lKcv13btGS1A27QRIhiC0kkliVWHWP4xFM+SrvcxWSRGuwgN vCaHD4e3Zwps5+5MQwNMM/ZYo2o227PgaIKeyV+qdv5cJSm9BqpTh0OpMZ7CxlljhOLr TJrw==
X-Gm-Message-State: ALoCoQnbgfhl0MZGDFdi4BH3iTAtAAFUDhVtVHvEvQRgF6LfVaGuHAItCldFTQCzg8NBo3CTcWF0
MIME-Version: 1.0
X-Received: by 10.224.11.130 with SMTP id t2mr32157645qat.101.1405873293543; Sun, 20 Jul 2014 09:21:33 -0700 (PDT)
Received: by 10.140.108.75 with HTTP; Sun, 20 Jul 2014 09:21:33 -0700 (PDT)
X-Originating-IP: [172.56.29.108]
In-Reply-To: <CABcZeBMzYbHL8STfZJRRAr+wJrknH_SeBKcM5jj7QFNCv1RkYg@mail.gmail.com>
References: <CABcZeBODbabpOUgb431X3Xz_fB1KK8wn8-SMJgYZVE2V3oCLow@mail.gmail.com> <CANeU+ZCX4wGOPytP3qO80Q+6yq=TFCM0Xi9SMmxdMrveDv8ZCA@mail.gmail.com> <CABcZeBMt++Oc4-UNiXuHX=mY0CEw_DorNLCdRLBsKdj5gu=oBg@mail.gmail.com> <CANeU+ZA8zgU2FK5KOK2i9G0eVGPb5XVVq2PRUNVdMDA0BH285A@mail.gmail.com> <CABcZeBMzYbHL8STfZJRRAr+wJrknH_SeBKcM5jj7QFNCv1RkYg@mail.gmail.com>
Date: Sun, 20 Jul 2014 12:21:33 -0400
Message-ID: <CANeU+ZBPvGJHjtUX0DE0peD==b=Si+ByTao2PgpSYKxc8egO-Q@mail.gmail.com>
From: "StJohns, Michael" <msj@nthpermutation.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary=001a11c1d96a42e20b04fea262cd
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/LQHi4zUpQH8lRE5RsdAf6ZRDGRk
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Reducing record expansion overhead allowance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jul 2014 16:21:38 -0000

So then not really a TLS issue, but has to be supported by each application
and is transparent to TLS?   Ok - Thanks.

On Sunday, July 20, 2014, Eric Rescorla <ekr@rtfm.com> wrote:

> On Sun, Jul 20, 2014 at 9:08 AM, StJohns, Michael <msj@nthpermutation.com
> <javascript:_e(%7B%7D,'cvml','msj@nthpermutation.com');>> wrote:
>
>> You mean as part of the plain text?
>
>
> From the perspective of the AEAD algorithm, yes.
>
> -Ekr
>
>
>>
>> On Sunday, July 20, 2014, Eric Rescorla <ekr@rtfm.com
>> <javascript:_e(%7B%7D,'cvml','ekr@rtfm.com');>> wrote:
>>
>>> On Sun, Jul 20, 2014 at 7:52 AM, StJohns, Michael <
>>> msj@nthpermutation.com> wrote:
>>>
>>>> The only other thing that hasn't been mentioned that was discussed at
>>>> the interim in Denver is padding for traffic analysis resistance. That
>>>> could hit 1k in size.  But since there's no proposal that's just a guess on
>>>> size.
>>>
>>>
>>> I believe the consensus here was to have padding be done separately.
>>>
>>> -Ekr
>>>
>>>
>>>>
>>>> On Saturday, July 19, 2014, Eric Rescorla <ekr@rtfm.com> wrote:
>>>>
>>>>>  https://github.com/tlswg/tls13-spec/issues/55
>>>>>
>>>>> In TLS 1.2, we had the following maximum values:
>>>>>
>>>>> TLSPlaintext: 2^{14}
>>>>> TLSCompressed: 2^{14} + 1024
>>>>> TLSCiphertext: 2^{14} + 2048
>>>>>
>>>>> These overhead values allow for expansion in these transforms
>>>>> due to potential bad compression overhead or padding, etc.
>>>>>
>>>>> Wan-Teh Chang points out that we no longer have compression
>>>>> so there's no need to allow for 1024 bytes of expansion there.
>>>>>
>>>>> Minimally we should reduce the TLSCiphertext overhead to
>>>>> 2^{14} + 1024. Do people believe that we will have AEAD
>>>>> ciphers with 1024 bytes of expansion or should we reduce
>>>>> it further? I'm inclined to not re-judge that and just leave it
>>>>> at 2^{14} + 1024.
>>>>>
>>>>> Thoughts?
>>>>> -Ekr
>>>>>
>>>>>
>>>
>