Re: [TLS] Resolution AEAD Cipher length and padding

"Joseph Salowey (jsalowey)" <> Mon, 21 July 2014 15:11 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 30F241A0252 for <>; Mon, 21 Jul 2014 08:11:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ryf3-zXU21qg for <>; Mon, 21 Jul 2014 08:11:00 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 588601A0217 for <>; Mon, 21 Jul 2014 08:11:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=4248; q=dns/txt; s=iport; t=1405955460; x=1407165060; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=t9WR8rqWT1G/ZMlvOQGaB89Z2KO9KFOa7dQVXUMs1YM=; b=RYitr/jzywWKYMcoKEChHRfvq7Pp+eUOXm6XYp70oKx6Q3WNZxNUIcEI JXAPxYnPXOazemfC9hNLBRt57yOhLL6v/Gb641lJ81hSE7CkNM57+I7Ge dw6kFItoVUfXSArOQjbnzRogMf3HksTH6hSV5l8EPhJUiK50qU/T+ORv3 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.01,701,1400025600"; d="scan'208,217"; a="62697999"
Received: from ([]) by with ESMTP; 21 Jul 2014 15:10:59 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id s6LFAxKI015323 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 21 Jul 2014 15:10:59 GMT
Received: from ([]) by ([fe80::200:5efe:]) with mapi id 14.03.0123.003; Mon, 21 Jul 2014 10:10:59 -0500
From: "Joseph Salowey (jsalowey)" <>
To: Alfredo Pironti <>
Thread-Topic: [TLS] Resolution AEAD Cipher length and padding
Thread-Index: AQHPpPHPs4RxOBnIA0miMPTuChlIcJuq8TQAgAAErQA=
Date: Mon, 21 Jul 2014 15:10:58 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_C012B5C952DC478985F493BE4CF8F12Fciscocom_"
MIME-Version: 1.0
Cc: "<>" <>
Subject: Re: [TLS] Resolution AEAD Cipher length and padding
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 21 Jul 2014 15:11:08 -0000

On Jul 21, 2014, at 7:54 AM, Alfredo Pironti <<>> wrote:

It's not clear to me what this resolution is about; could you please elaborate (or give pointers)?
Is this about AEAD ciphers built on top of block-encrypt then mac? To some extent, current GCM and CCM ciphers are already expanding the cipher text length by the tag length, so I must be missing the point here. Thanks.

[Joe] to clarify:  current AEAD cipher modes (GCM, CCM)  do not expand the cipher text through padding, their cipher text length is the same as the clear text length.  With the current construction you cannot support an AEAD mode build out of an AES-CBC cipher because the cipher text length would not be the same as the clear text length.  This resolution would change the construction to support AEAD ciphers that perform padding.


On Mon, Jul 21, 2014 at 4:41 PM, Joseph Salowey (jsalowey) <<>> wrote:
At the interim meeting we decided to fix the specification of AEAD to support ciphers that pad and expand the cipher text length.  Please respond to this message by Friday, July 25 if you have an objection.


[for the chairs]
TLS mailing list<>