IETF Logo Mail Archive

Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Sat, 25 February 2017 14:28 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E0AA129FF6 for <tls@ietfa.amsl.com>; Sat, 25 Feb 2017 06:28:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1_iq1RqJpXZH for <tls@ietfa.amsl.com>; Sat, 25 Feb 2017 06:28:43 -0800 (PST)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0139.outbound.protection.outlook.com [23.103.201.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15892129FE1 for <tls@ietf.org>; Sat, 25 Feb 2017 06:28:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Od3Ef4DCLz8hNSHvVNx4JVtf0Mky28hWGoN9Y+UJaF0=; b=0euVVzJtewUt/61bEEikJmV8WCKJ2Oa0ELUIbJVpXQhm7dSBC0wapO/IC6WmZNUBAq7d1oh1a77edOWvSwmM9nn3avLVnnuG0r4DXOcaANKPRkl9hx1R0SBf4o/u3ZsSnwmt4nbs27mJ1nzmaFPJD4Q4kgirxQ5nxL0rRG0FNDA=
Received: from CY4PR09MB1464.namprd09.prod.outlook.com (10.173.191.22) by CY4PR09MB1464.namprd09.prod.outlook.com (10.173.191.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.919.13; Sat, 25 Feb 2017 14:28:40 +0000
Received: from CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) by CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) with mapi id 15.01.0919.020; Sat, 25 Feb 2017 14:28:40 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
Thread-Index: AQHSj3N1z8IXvDyfJEuMUkRo/k0w1A==
Date: Sat, 25 Feb 2017 14:28:40 +0000
Message-ID: <CY4PR09MB1464243342F19FCBE48C37E7F3550@CY4PR09MB1464.namprd09.prod.outlook.com>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com>
In-Reply-To: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.222.69]
x-ms-office365-filtering-correlation-id: f4717a3b-d5fa-4dc8-7c92-08d45d8a9830
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY4PR09MB1464;
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1464; 7:aFdcPV0BTTlXJbSHfbMQU4d5FIcE57SmcmMXLypSaAfsDrXI2ss3tQGU4ehsxoiTtYPluFI9XNxIqqRWYlLo6hYl41Jw+JXst0MhQFbHAP5se+UJmUAWXQMp8y2qjZQpGuWJb3eXlDpJxYEziF3lKUwTabUsHoKYu5itf5FtA7y04OlyJXvr0mlOSqVdsd1qAjcAenEcqxmPM2g/yhD5sjEe+die/s/P9su4gXFMUc42cgHzFIQcSp6x+4UAOkGoezL0s9hWzVyio4/Wdi7DiOL/gQERAOqlPHlcfAItiiZFQGCAFFGAJ0CuaAGVLQJ9fDgHraDrJkasNdTOUewFbA==
x-microsoft-antispam-prvs: <CY4PR09MB14649679EF771591928AD5FEF3550@CY4PR09MB1464.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(166708455590820)(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123562025)(20161123564025)(20161123558025)(20161123555025)(6072148); SRVR:CY4PR09MB1464; BCL:0; PCL:0; RULEID:; SRVR:CY4PR09MB1464;
x-forefront-prvs: 02296943FF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39850400002)(39410400002)(39450400003)(39840400002)(39860400002)(189002)(199003)(377454003)(102836003)(5660300001)(3846002)(2950100002)(6116002)(81166006)(6436002)(6506006)(53936002)(19627405001)(7906003)(7696004)(74316002)(7736002)(229853002)(68736007)(2900100001)(8676002)(81156014)(8936002)(86362001)(97736004)(92566002)(54356999)(76176999)(50986999)(55016002)(99286003)(77096006)(38730400002)(105586002)(106116001)(53546006)(101416001)(106356001)(122556002)(6246003)(3280700002)(6606003)(606005)(4326007)(66066001)(2906002)(25786008)(189998001)(33656002)(3660700001)(236005)(9686003)(54896002)(6306002)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1464; H:CY4PR09MB1464.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR09MB1464243342F19FCBE48C37E7F3550CY4PR09MB1464namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Feb 2017 14:28:40.3925 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1464
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Sih8S_pdQaaQ58YSwZb24di4vNk>
Cc: IRTF CFRG <cfrg@irtf.org>
Subject: Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Feb 2017 14:28:50 -0000

Hi Sean, Joe, Eric and all,


I would like to address my thoughts/suggestions on 2 issues in option a.


1) The data limit should be addressed in term of blocks, not records. When the record size is not the full size, some user might not know what to do. When the record size is 1 block, the limit of 2^24.5 blocks (records) is way too low unnecessarily for the margin of 2^-60.  In that case, 2^34.5 1-block records is the limit which still achieves the margin of 2^-60.


2) To achieve the margin of 2^-57 as the current text says, the limit number should be 2^36 blocks.


Regards,

Quynh.


________________________________
From: Cfrg <cfrg-bounces@irtf.org> on behalf of Sean Turner <sean@sn3rd.com>
Sent: Friday, February 10, 2017 12:07 AM
To: <tls@ietf.org>
Cc: IRTF CFRG
Subject: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)

All,

We’ve got two outstanding PRs that propose changes to draft-ietf-tls-tls13 Section 5.5 “Limits on Key Usage”.  As it relates to rekeying, these limits have been discussed a couple of times and we need to resolve once and for all whether the TLS WG wants to:

a) Close these two PRs and go with the existing text [0]
b) Adopt PR#765 [1]
c) Adopt PR#769 [2]

Please indicate you preference to the TLS mailing list before Feb 17.  Note that unless there’s clear consensus to change the text will remain as is (i.e., option a).

J&S

[0] https://tlswg.github.io/tls13-spec/#rfc.section.5.5
[1] https://github.com/tlswg/tls13-spec/pull/765
[2] https://github.com/tlswg/tls13-spec/pull/769
_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email