IETF Logo Mail Archive

Re: [TLS] Integrity bounds in DTLS

Thomas Fossati <Thomas.Fossati@arm.com> Tue, 19 May 2020 10:50 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 526AF3A00C0 for <tls@ietfa.amsl.com>; Tue, 19 May 2020 03:50:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=nKa14+Np; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=nKa14+Np
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S25AtcCjjIRC for <tls@ietfa.amsl.com>; Tue, 19 May 2020 03:50:53 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20064.outbound.protection.outlook.com [40.107.2.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D7403A0064 for <tls@ietf.org>; Tue, 19 May 2020 03:50:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=09joqU35pcdj1WZKAMLQHA6KHhNAk4RB5VjsqxrpV4k=; b=nKa14+Np6O3pAIlCmQaB3mICPw2JHwchzf0ynTfD9dDLIPpKh+NrQYXU8pg7puh7ZdCu9ViJQdUcmcVeVrQsx/tvrONTxSyfx+z3NDPoAjYyDTgxogx93yHN41+paoqcuZUfalqMJu6k4pSw6F/aeYbuUJB6CBN7YZccdrJexsM=
Received: from AM6PR05CA0027.eurprd05.prod.outlook.com (2603:10a6:20b:2e::40) by AM6PR08MB4898.eurprd08.prod.outlook.com (2603:10a6:20b:cd::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.24; Tue, 19 May 2020 10:50:51 +0000
Received: from AM5EUR03FT049.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:2e:cafe::aa) by AM6PR05CA0027.outlook.office365.com (2603:10a6:20b:2e::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.26 via Frontend Transport; Tue, 19 May 2020 10:50:51 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT049.mail.protection.outlook.com (10.152.17.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.19 via Frontend Transport; Tue, 19 May 2020 10:50:48 +0000
Received: ("Tessian outbound 14e212f6ce41:v57"); Tue, 19 May 2020 10:50:48 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 190a6b0f6cc0353a
X-CR-MTA-TID: 64aa7808
Received: from 737f61058d1d.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 606DED2E-F7C4-4456-B8B6-2619A69E1C1A.1; Tue, 19 May 2020 10:50:42 +0000
Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 737f61058d1d.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 19 May 2020 10:50:42 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K/BfnKL5g8MS0tmqANi1yRHXCPvIZ6WK6Eq6DMRI2u3e26S6nvp1bR39fIMDXuZTja8BX0otAUAYMbkYfEd694OiRbglxA+WKbPYeWfronkDYZ4utQ2zP6makOaPzn6d/yFrFyPv2NZs6SVtOAHRwdQEijS9CkKP4paNQbXqj+2XZ75tKKSKKI9wi6654HD/dV8z6GdNFsXV6O94DvY0jS7Wm1zrdr404Or6hN/nhJm2aEwvOYX+BR4rMCok+cD+J+WBNAV8K920sWccTJJHhEzDd5bju3kzFW5R2iYehEZBtRdUQOoe4vzg5fFRPEF5a/xl+QsLFnmUa4dr7Xp/KA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=09joqU35pcdj1WZKAMLQHA6KHhNAk4RB5VjsqxrpV4k=; b=IBpoYnQTrnveVfbvA908exIAkUmgNC1F9TR/EzYvy+t6Wq6YsMZRX7WJteemiTKRFr9rNJ/ohAU+y4K9GxWx1UKEageaNJ+zx/j25M3GC5hfqWVIDhj5ZdKVkE6AzchcxOEuqzxD9QdpXkxQmqSMa4dwjAV5xD6VxoWrjmhhByzM7jfiAlCw4yo7Wmo5N//3W+qRJza7oW75viDdf4Oy/kIHrBfCBNYzAK1dew/Jzcue+gHZilCI8Zb5sxutor/HoGz80ezAIIWPcTGg2OKmx3rA5LmL3sHjQUMXHrWAShGNkYv1TmehhKdNFDdT6wYIv/RxAuwsOL37zk+mwpviXg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=09joqU35pcdj1WZKAMLQHA6KHhNAk4RB5VjsqxrpV4k=; b=nKa14+Np6O3pAIlCmQaB3mICPw2JHwchzf0ynTfD9dDLIPpKh+NrQYXU8pg7puh7ZdCu9ViJQdUcmcVeVrQsx/tvrONTxSyfx+z3NDPoAjYyDTgxogx93yHN41+paoqcuZUfalqMJu6k4pSw6F/aeYbuUJB6CBN7YZccdrJexsM=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (2603:10a6:20b:73::23) by AM6PR08MB4056.eurprd08.prod.outlook.com (2603:10a6:20b:ae::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.25; Tue, 19 May 2020 10:50:41 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::5e0:a53a:d4d6:2e8d]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::5e0:a53a:d4d6:2e8d%6]) with mapi id 15.20.3000.034; Tue, 19 May 2020 10:50:41 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Martin Thomson <mt@lowentropy.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Integrity bounds in DTLS
Thread-Index: AQHWH3Q+28AJtbzAZkuwzrqD1G3GRqicPrYAgAwoNgCAALI5gIAEA5WAgAJLzQA=
Date: Tue, 19 May 2020 10:50:41 +0000
Message-ID: <B3ADE8B6-3B5B-4113-90A1-630535DA2A5F@arm.com>
References: <0a9e740f-c20a-4def-9a61-d256cbcbf07c@www.fastmail.com> <cb6dab6a-54dc-484d-80a4-ec16a25fcdea@www.fastmail.com> <c1097fbc-40aa-493b-9857-992fecc48107@www.fastmail.com> <DC178CFB-BE24-4F05-8FEC-9984F7C2AB47@arm.com> <27770324-68f7-4156-8c19-cd37c9503a11@www.fastmail.com>
In-Reply-To: <27770324-68f7-4156-8c19-cd37c9503a11@www.fastmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
Authentication-Results-Original: lowentropy.net; dkim=none (message not signed) header.d=none;lowentropy.net; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: b9e1dc21-4d31-420c-c1b2-08d7fbe27daa
x-ms-traffictypediagnostic: AM6PR08MB4056:|AM6PR08MB4898:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <AM6PR08MB4898E867B7A34E896F2C17B49CB90@AM6PR08MB4898.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 040866B734
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: a2zJxQ4I3fvumFtxr+cdcNa/todqY7vZBFnyfoTEfFeYw20HGKwqfRRr4jePay7dcfPxsgdVa0DTQliJXBju0bzlKwtWTf/cQBsZ0xsHlafc8SwR/WauxrKDsTJ2G8EpGA8GblLsDKBZ5LhREysC6PSn7c4kzcgg6UNbGY6Esj4r716/odvRs/Rw4E9egrLLLp8wHwesDoVPGJRFH17Bq5z2v8fY1f9bWgKJM2Z0hJXCgFxGbaCSlBfdpvfpZl60vtET3fGHAl9k5Fn21YE2KixXBDnAvmz8c0K5vCM1/G08g3GmaLY6s33cdt5fKJYh2vP7X2dcnd5KJQjokbic4b4CaKM1dyq76bNW++6XE+GHfdOp1DQAq1/7qPBchUQx5mMoxHo8B9568OXakODmGy1DBQD1L+HhpeAyo1woWlE/LoQ5xwhzbVnXM3hXjHWC
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB4231.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(376002)(366004)(136003)(346002)(396003)(4326008)(6512007)(2616005)(53546011)(6506007)(76116006)(91956017)(8676002)(316002)(71200400001)(8936002)(66476007)(2906002)(26005)(186003)(36756003)(110136005)(64756008)(66446008)(66556008)(66946007)(6486002)(86362001)(478600001)(33656002)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: qfcbR39epDpoNSjfCybxSCO2LIAZobcDUPeAddyAmm7BR2H2WQ34/HZW1gApEaBYfTBENdcAbdnGZXSwMOzdyABshgj+R4/yqdTwBPWBuVqSI+8lUrBwxlOIYfBYue+DRtDplurbX9EdFHbXy6zX4ZteiYlVcTIn58x1a2UvTD6+Zp9670YsCWb+uUgcko/PDgeqhSDKH1rzDOyMwBMrfJcnIvh1Z8dbX3YQ/2gRfjz5u3vADJdnt7pNkwqg7labQb2tPtuqjYYS4aHmSvEOLB32sOn44Hv0SlVHIq+tGUS2IhyzGlY4RZwyZp/RLJm01KOUnx+C2PcVyiz68JzMDEF7CP5+PiKeA5ZRKEfWQbfDHr4e6ZV030a3NInzH2WyYojN0C8xVh3yhCbCNxQ+ra1jdORB1w5gkaTf+me72eHL1/zpv1O6A2GezMAxq/TsNdtkTSA1Bo4LZiWfpmMNEUoW8kpzast2pMLQ2g0uGVw=
Content-Type: text/plain; charset="utf-8"
Content-ID: <B61C6EE8863C7A44990A1C758C461117@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4056
Original-Authentication-Results: lowentropy.net; dkim=none (message not signed) header.d=none; lowentropy.net; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT049.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(136003)(346002)(396003)(376002)(39860400002)(46966005)(8936002)(6512007)(2616005)(82310400002)(316002)(6486002)(36906005)(336012)(81166007)(33656002)(110136005)(356005)(2906002)(86362001)(8676002)(53546011)(6506007)(82740400003)(70586007)(70206006)(47076004)(186003)(26005)(5660300002)(36756003)(4326008)(478600001); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 3f89a0f9-ad76-4af8-c371-08d7fbe2796c
X-Forefront-PRVS: 040866B734
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: mWHpr9QK12G2M5psdMop0wLAU3oOkJQL3qI7y7VHXo4MV/buEo83UG2ndpKqnZmFp/b6rWyDpyI/3hC+5qsx5lNBow54JHdhxDU/ojio5FZ3nEaG2cGfw06DaBnE+qW9lMcJpgnpOrOleByidhj5PQ5gV0B2fIBqdkcQQ5Sks4ZGTzjBmdsQ07ItyciSqBgfY/66n3zduiQJ6R5seDVQM4Up+Of8NoU4tNrKA/rad290OPsTkow17TmWdVZpuLgFOMCcQwhit6dYZ8zPRbBcjz+9e0vHnD4YTJmejJDE3G/7j2+eUbnDvwtjMuLpsOGJWmzEVc9oqehpiXtyW8XRS/ZT2XnYkPaKGdiHijIKJeWZ0NCQPq32ppf8BWhqy98woh/ldEbPwidVa8pHl/vRG9G4BP7htk9jiDCmcc2DAeRDys5XxrISLxnAYSynQ4/Rrnb2nl0bPQ61X2gdi5ErxvQMcI7+AdMwh8SDR2u4VALUDD2WQ25LLTXQ+QuSMn+QeAISDeY0yt/xA6tD5n+Vgg==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2020 10:50:48.5118 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b9e1dc21-4d31-420c-c1b2-08d7fbe27daa
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4898
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Sj02HjU_KuffUo7q-fNmPfG2sQU>
Subject: Re: [TLS] Integrity bounds in DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2020 10:50:57 -0000

On 18/05/2020, 01:47, "Martin Thomson" <mt@lowentropy.net> wrote:
> The question is whether it is clear that these limits apply to the use
> of AEADs in TLS more generally.  I think that is clear enough, but I
> doubt that people will pay any mind unless they are implementing TLS
> 1.3.

Yes, that's exactly my original point.  I'd like to maximise the chance
that the message doesn't get ignored: we have 1.2 deployments around
that are not likely to be forklifted to 1.3 soon and will have to
make them aware of the risk nonetheless.

> The problem with TLS 1.2 is that there is no option for key updates,
> unless you count renegotiation, which is often disabled.  When I added
> limits to NSS, all I could reliably do was make the connection
> terminate if the limit was hit (which is why the limits used are
> larger than advised in the spec).

Sure, protocol version as well as stack specific reactions will differ.

I guess my question is whether, to maximise coverage/visibility, it
makes sense to state the general problem together with version specific
behaviours in a separate doc?

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email