Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769).

That is not how HTTP works. Lots of records are small because they result
from small writes.

On Mar 1, 2017 6:48 AM, "Dang, Quynh (Fed)" <quynh.dang@nist.gov> wrote:

>
>
> From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
> Date: Wednesday, March 1, 2017 at 9:38 AM
> To: 'Quynh' <Quynh.Dang@nist.gov>, Aaron Zauner <azet@azet.org>
> Cc: IRTF CFRG <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>
> Subject: Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs
> (#765/#769).
>
> Hi,
>
> On 01/03/2017 14:31, "TLS on behalf of Dang, Quynh (Fed)"
> <tls-bounces@ietf.org on behalf of quynh.dang@nist.gov> wrote:
>
> From: Aaron Zauner <azet@azet.org>
> Date: Wednesday, March 1, 2017 at 9:24 AM
> To: 'Quynh' <Quynh.Dang@nist.gov>
> Cc: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>, IRTF
> CFRG <cfrg@irtf.org>
> Subject: Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs
> (#765/#769).
>
>
>
>
>
> On 01 Mar 2017, at 13:18, Dang, Quynh (Fed) <quynh.dang@nist.gov> wrote:
> From: Aaron Zauner <azet@azet.org>
> Date: Wednesday, March 1, 2017 at 8:11 AM
> To: 'Quynh' <Quynh.Dang@nist.gov>
> Cc: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>, IRTF
> CFRG <cfrg@irtf.org>
> Subject: Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs
> (#765/#769).
>
> On 25 Feb 2017, at 14:28, Dang, Quynh (Fed) <quynh.dang@nist.gov>
> wrote:
> Hi Sean, Joe, Eric and all,
> I would like to address my thoughts/suggestions on 2 issues in option
> a.
> 1) The data limit should be addressed in term of blocks, not records.
> When the record size is not the full size, some user might not know
> what to do. When the record size is 1 block, the limit of 2^24.5
> blocks (records) is way too low unnecessarily for
> the margin of 2^-60.  In that case, 2^34.5 1-block records is the
> limit which still achieves the margin of 2^-60.
>
> I respectfully disagree. TLS deals in records not in blocks, so in the
> end any semantic change here will just confuse implementors, which
> isn't a good idea in my opinion.
>
> Over the discussion of the PRs, the preference was blocks.
>
>
>
> I don't see a clear preference. I see Brian Smith suggested switching to
> blocks to be more precise in a PR. But in general it seems to me that
> "Option A" was preferred in this thread anyhow - so these PRs aren't
> relevant? I'm not sure that text on key-usage
> limits in blocks in a spec that fundamentally deals in records is less
> confusing, quite the opposite (at least to me). As I pointed out
> earlier: I strongly recommend that any changes to the spec are as clear
> als possible to engineers (non-crypto/math people)
> -- e.g. why the spec is suddenly dealing in blocks instead of records
> et cetera. Again; I really don't see any reason to change text here - to
> me all suggested changes are even more confusing.
>
>
>
>
> Hi Aaron,
>
>
> The  technical reasons I explained are reasons for using records. I don’t
> see how that is confusing.
>
>
> If you like records, then the record number = the total blocks / the
> record size in blocks: this is simplest already.
>
>
> That formula does not correctly compute how many records have been sent on
> a connection, because the record size in blocks is variable, not constant.
> You can modify it to get bounds on the total number of records sent, but
> the bounds are sloppy because some records only consume 2 blocks (one for
> encryption, one for masking in GHASH) while some consume far more.
>
> It's simpler for an implementation to count how many records have been
> sent on a connection .... by using the connection's sequence number. This
> puts less burden on the implementation/implementer.
>
>
> I think the record size is configurable and it does not change regularly
> in the same session (or connection).  Somebody corrects me here!
>
> Quynh.
>
>
>
> Cheers
>
> Kenny
>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>