Re: [TLS] Resolution AEAD Cipher length and padding

Alfredo Pironti <alfredo@pironti.eu> Mon, 21 July 2014 15:03 UTC

Return-Path: <alfredo@pironti.eu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE5C1A01AF for <tls@ietfa.amsl.com>; Mon, 21 Jul 2014 08:03:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gRxr-uEgk9GC for <tls@ietfa.amsl.com>; Mon, 21 Jul 2014 08:03:35 -0700 (PDT)
Received: from mail-oa0-x22c.google.com (mail-oa0-x22c.google.com [IPv6:2607:f8b0:4003:c02::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E563D1A01C6 for <tls@ietf.org>; Mon, 21 Jul 2014 08:02:49 -0700 (PDT)
Received: by mail-oa0-f44.google.com with SMTP id eb12so7644187oac.31 for <tls@ietf.org>; Mon, 21 Jul 2014 08:02:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pironti.eu; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=utiOqTjDNF8lVQrpSwo9kToKNNN8LhXIAPmuXRVnTRU=; b=YrtCCY5JBE/KI4Q6vrVwOUZf9mbzjZLFZb+TjtK4ADvOBtjsja7yZXQ9iAp5orIcw8 EX0fT9mTDEXZPzIjJ4qacw6prhLmJxGu2aoqn2LFDYhFwuMB85AivvEJj4U9dkZCyYXT dDwdG/zMkyuXoPI+ved6wFu6X3y/QCiGu8eXk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=utiOqTjDNF8lVQrpSwo9kToKNNN8LhXIAPmuXRVnTRU=; b=Nf6oA7ykVKiN+s6/mFTmggrLsCmJLLxNXxyPE6ch23C3OXUmZRuIZsjjlAxzejqa/i bWA7yWE3WeGm517H75QMhoTAMr/aV3LLTScH+QQ5lWgX3uqbQr12GZUTdkv9yyXQRuMi 8pVY6EKPRbUFeddEmSWetsuMxM72JBs/CNThCfR4f4H9HYr7RGjvNvj9uxCSXmJnMX5y LpNKeFDUUEQmH/9bxbKNptM6XDQTF+UD0BPPVrj92J/bs9Ko3yhAdrbxNGVXOsc5C5RM ayqgSjNOA9XuBR146o0CSaV/dx0aL0oip0ny4OR/IVIx+v1/qui8JXZjSFqOUlUlRPsa kB4g==
X-Gm-Message-State: ALoCoQnPxZPix38F4McWmkZlYwfb/Jfu7QQKNvfpLc66bDFCKsUMuwEca8Hs+95oLLuIxsvWZbyW
MIME-Version: 1.0
X-Received: by 10.60.146.228 with SMTP id tf4mr38212348oeb.37.1405954969399; Mon, 21 Jul 2014 08:02:49 -0700 (PDT)
Received: by 10.76.25.42 with HTTP; Mon, 21 Jul 2014 08:02:49 -0700 (PDT)
X-Originating-IP: [128.93.188.195]
In-Reply-To: <CABcZeBOym3EZYZ1qk0xq1fZ0kS=u4jO7Cqz-m0k5Mci1SKu7UQ@mail.gmail.com>
References: <2F856D8D-44B1-4319-8D61-556F3C3ADE01@cisco.com> <CALR0ui+Q+tk46Yef-OCGEX4z7y6duFfFb4xq=3t3aAE6eX8_CA@mail.gmail.com> <CABcZeBOym3EZYZ1qk0xq1fZ0kS=u4jO7Cqz-m0k5Mci1SKu7UQ@mail.gmail.com>
Date: Mon, 21 Jul 2014 17:02:49 +0200
Message-ID: <CALR0uiLOnNnk8UboAHyh=u5MRAnnghZwP0T4BnVLMk03YwTUbA@mail.gmail.com>
From: Alfredo Pironti <alfredo@pironti.eu>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary=047d7b5d98ef858cea04feb566a6
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/TIJc7He6WSdHshD0eelcdMF6edM
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Resolution AEAD Cipher length and padding
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 15:03:39 -0000

Thanks for the clarification. I'm fine with the proposed change.


On Mon, Jul 21, 2014 at 4:59 PM, Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Mon, Jul 21, 2014 at 7:54 AM, Alfredo Pironti <alfredo@pironti.eu>
> wrote:
>
>> It's not clear to me what this resolution is about; could you please
>> elaborate (or give pointers)?
>> Is this about AEAD ciphers built on top of block-encrypt then mac? To
>> some extent, current GCM and CCM ciphers are already expanding the cipher
>> text length by the tag length, so I must be missing the point here. Thanks.
>>
>
> if you have a cipher mode (as you say, CBC is an example) which expands the
> plaintext by a non-deterministic amount (specifically an amount which can't
> be determined by the receiver prior to decryption) the  it doesn't work to
> have
> the length be part of additional data.
>
> See:
> https://github.com/tlswg/tls13-spec/issues/67
>
> -Ekr
>
>
>>
> Best,
>> Alfredo
>>
>>
>> On Mon, Jul 21, 2014 at 4:41 PM, Joseph Salowey (jsalowey) <
>> jsalowey@cisco.com> wrote:
>>
>>> At the interim meeting we decided to fix the specification of AEAD to
>>> support ciphers that pad and expand the cipher text length.  Please respond
>>> to this message by Friday, July 25 if you have an objection.
>>>
>>> Thanks,
>>>
>>> Joe
>>> [for the chairs]
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>>
>>
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>>
>