Re: [TLS] Fully encrypted and authenticated headers (was Re: Encrypting record headers: practical for TLS 1.3 after all?)

"Valery Smyslov" <svanru@gmail.com> Fri, 04 December 2015 12:57 UTC

Message-ID: <22CF6E6F4D484DE5B3031B0EAD612F52@buildpc>
From: Valery Smyslov <svanru@gmail.com>
To: Bryan Ford <brynosaurus@gmail.com>
References: <56586A2F.1070703@gmail.com> <FB2973EF-F16C-404A-980D-CA0042EC4AEB@gmail.com> <565DBC63.5090908@gmail.com> <565DC935.2040607@gmail.com> <CADqLbz+HqnaFKbi4bOVRqSSmOWDhi2hQDaVCxaNgQ+O1XjkqFA@mail.gmail.com> <565E1517.3060209@gmail.com> <CADqLbzJeKWVdcaA5U0vf19X4Wj3DweeJ+B0dRebsnYVy8L8=iQ@mail.gmail.com> <9BDDC23D-1039-4C75-BF32-57330317BCAB@gmail.com> <7F6CAD8F92F54AD5A4F6B14D5F471740@buildpc> <071D813D-E2DD-48B6-8A53-52DC919F7401@gmail.com>
Date: Fri, 04 Dec 2015 15:57:27 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0BF2_01D12EAC.7963A0C0"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LWI4jir9vXGzwat8UO0SBhjO9zI>
Cc: tls@ietf.org
Subject: Re: [TLS] Fully encrypted and authenticated headers (was Re: Encrypting record headers: practical for TLS 1.3 after all?)
Precedence: list

    As far as I understand your proposal makes impossible to use this trick, 
    if we consider packets loss and reordering.


  Actually, if I’m understanding correctly how you’re doing this per-datagram rekeying, I think it still should be compatible with the hash-table-based approach I proposed.  Assuming you’re using some key derivation function that takes a master key and sequence number as input and produces a per-datagram key, the receiver just needs to pre-compute the per-datagram keys for the sequence numbers within the current window, and encrypt the sequence numbers with those respective per-datagram keys, in order to populate its hash table.  I don’t think anything breaks at least.
I would say that the hash-table-based approach would work in theory.
In practice it either implies too much burden on the receiver or would fail
in some situations. Consider, for example, situation when the sender 
skips large amount of sequence numbers (say 2^32) for some reason.
It would be difficult for receiver to build such a hash table.

Regards,
Valery Smyslov.

[TLS] Encrypting record headers: practical for TL… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Henrick Hellström
Re: [TLS] Encrypting record headers: practical fo… Peter Gutmann
Re: [TLS] Encrypting record headers: practical fo… Henrick Hellström
Re: [TLS] Encrypting record headers: practical fo… Roland Zink
Re: [TLS] Encrypting record headers: practical fo… Henrick Hellström
Re: [TLS] Encrypting record headers: practical fo… Henrick Hellström
Re: [TLS] Encrypting record headers: practical fo… Roland Zink
Re: [TLS] Encrypting record headers: practical fo… Tony Arcieri
Re: [TLS] Encrypting record headers: practical fo… Watson Ladd
Re: [TLS] Encrypting record headers: practical fo… Henrick Hellström
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Henrick Hellström
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Bill Cox
Re: [TLS] Encrypting record headers: practical fo… Nikos Mavrogiannopoulos
Re: [TLS] Encrypting record headers: practical fo… Dave Garrett
Re: [TLS] Encrypting record headers: practical fo… Peter Gutmann
Re: [TLS] Encrypting record headers: practical fo… Peter Gutmann
Re: [TLS] Encrypting record headers: practical fo… Short, Todd
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Peter Gutmann
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Hubert Kario
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Viktor Dukhovni
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Fabrice Gautier
Re: [TLS] Encrypting record headers: practical fo… Jim Schaad
Re: [TLS] Encrypting record headers: practical fo… Yoav Nir
Re: [TLS] Encrypting record headers: practical fo… Hubert Kario
Re: [TLS] Encrypting record headers: practical fo… Aaron Zauner
Re: [TLS] Encrypting record headers: practical fo… Yoav Nir
Re: [TLS] Encrypting record headers: practical fo… John Mattsson
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
[TLS] Fully encrypted and authenticated headers (… Bryan A Ford
Re: [TLS] Fully encrypted and authenticated heade… Dmitry Belyavsky
Re: [TLS] Fully encrypted and authenticated heade… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Fabrice Gautier
Re: [TLS] Encrypting record headers: practical fo… Peter Gutmann
Re: [TLS] Fully encrypted and authenticated heade… Martin Thomson
Re: [TLS] Fully encrypted and authenticated heade… Viktor Dukhovni
Re: [TLS] Encrypting record headers: practical fo… Yoav Nir
Re: [TLS] Encrypting record headers: practical fo… Yoav Nir
Re: [TLS] Fully encrypted and authenticated heade… Dmitry Belyavsky
Re: [TLS] Fully encrypted and authenticated heade… Bryan Ford
Re: [TLS] Fully encrypted and authenticated heade… Bryan Ford
Re: [TLS] Encrypting record headers: practical fo… Bryan Ford
Re: [TLS] Encrypting record headers: practical fo… Bryan Ford
Re: [TLS] Encrypting record headers: practical fo… GUBALLA, JENS (JENS)
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Yoav Nir
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Hubert Kario
Re: [TLS] Encrypting record headers: practical fo… Yoav Nir
Re: [TLS] Encrypting record headers: practical fo… Eric Rescorla
Re: [TLS] Fully encrypted and authenticated heade… Eric Rescorla
Re: [TLS] Encrypting record headers: practical fo… Mike Copley
Re: [TLS] Fully encrypted and authenticated heade… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Fully encrypted and authenticated heade… Watson Ladd
Re: [TLS] Encrypting record headers: practical fo… Salz, Rich
Re: [TLS] Encrypting record headers: practical fo… Martin Rex
Re: [TLS] Encrypting record headers: practical fo… Stephen Farrell
Re: [TLS] Fully encrypted and authenticated heade… Eric Rescorla
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Salz, Rich
Re: [TLS] Encrypting record headers: practical fo… Eric Rescorla
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Salz, Rich
Re: [TLS] Encrypting record headers: practical fo… Martin Rex
Re: [TLS] Encrypting record headers: practical fo… Ilari Liusvaara
Re: [TLS] Encrypting record headers: practical fo… Fabrice Gautier
Re: [TLS] Encrypting record headers: practical fo… Dave Garrett
Re: [TLS] Encrypting record headers: practical fo… Peter Gutmann
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Salz, Rich
Re: [TLS] Encrypting record headers: practical fo… Eric Mill
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Martin Thomson
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Viktor Dukhovni
Re: [TLS] Fully encrypted and authenticated heade… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Encrypting record headers: practical fo… Bryan A Ford
Re: [TLS] Fully encrypted and authenticated heade… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Aaron Zauner
Re: [TLS] Encrypting record headers: practical fo… Salz, Rich
Re: [TLS] Encrypting record headers: practical fo… Aaron Zauner
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Fully encrypted and authenticated heade… Watson Ladd
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Fully encrypted and authenticated heade… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Aaron Zauner
Re: [TLS] Encrypting record headers: practical fo… Aaron Zauner
Re: [TLS] Encrypting record headers: practical fo… Martin Rex
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Encrypting record headers: practical fo… Peter Gutmann
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum
Re: [TLS] Fully encrypted and authenticated heade… Valery Smyslov
Re: [TLS] Fully encrypted and authenticated heade… Bryan Ford
Re: [TLS] Encrypting record headers: practical fo… GUBALLA, JENS (JENS)
Re: [TLS] Fully encrypted and authenticated heade… Valery Smyslov
Re: [TLS] Fully encrypted and authenticated heade… Jacob Appelbaum
Re: [TLS] Fully encrypted and authenticated heade… Jeff Burdges
Re: [TLS] Encrypting record headers: practical fo… Peter Gutmann
Re: [TLS] Encrypting record headers: practical fo… Jacob Appelbaum