IETF Logo Mail Archive

[TLS] Comments on nonce construction and cipher text size restriction.

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Tue, 24 May 2016 15:20 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35B9312D8BE for <tls@ietfa.amsl.com>; Tue, 24 May 2016 08:20:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c0R5i22Wj9I7 for <tls@ietfa.amsl.com>; Tue, 24 May 2016 08:20:20 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0097.outbound.protection.outlook.com [23.103.201.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F325012D8B4 for <tls@ietf.org>; Tue, 24 May 2016 08:20:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4rPpe76OhIcJpAvcht6ShoIzeJwn1NqiXCOmkgwCG+o=; b=IlWnXJkeSYdQ0GQk4AmOakGq95C1OxL1dPEkVOsjkC5Q2uNnO8S/pp+LW2piJ33q7uxllhfA4zpj5jPjITiIK3M4al+mtHILfUQ9uy4BT4lCCMcKRdgoueNH2mW6kFchLtcjmOaGYjaJpWqKHxZhQPWOSywN2Cbd00hN/IM/+2Y=
Received: from BN1PR09MB124.namprd09.prod.outlook.com (10.255.200.27) by BN1PR09MB123.namprd09.prod.outlook.com (10.255.200.25) with Microsoft SMTP Server (TLS) id 15.1.501.7; Tue, 24 May 2016 15:20:18 +0000
Received: from BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) by BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) with mapi id 15.01.0501.012; Tue, 24 May 2016 15:20:18 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Comments on nonce construction and cipher text size restriction.
Thread-Index: AQHRtc/HWUjUunA/c0agQBPElmd3kA==
Date: Tue, 24 May 2016 15:20:17 +0000
Message-ID: <D369E95C.267A5%qdang@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=nist.gov;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.109.185]
x-ms-office365-filtering-correlation-id: 53a68397-2c9e-4b4b-93c8-08d383e6ea3e
x-microsoft-exchange-diagnostics: 1; BN1PR09MB123; 5:AQzxylsnMVIM+9LBrefMe2WkkAECgfBrlOOnlOcSmXJMDloVbGieQ3+fTFteSDnmPVmZvzSlAjxHV2sP9+oTaTFF42Y6pKl1tijilNQicwt37EU5XQSjUufkeIqPsm7tqn68NfF2eYhEbfmFf6v/lw==; 24:K2DR3tH8VPx0PGybWGfeaceUqVl4rDFoeQj4Pd2E1G0LlABOMkbTLQz4k+3Wd3TBRHYXeBBxSjXlhJgfx/SaqrEOz/s/FsyFJHY+zDVBMiY=; 7:EhF3fhWH8I6/8RsIzoGozQPM0DmVc/LJ6N5CERx/kppN0HcQr4TflG5YukBy+g7SYx5SU2sYlGY7eB/9VYI3IZwcVwMuBuiXekS9M+RV6pTI9na8obedUB3DB+ieRsLpj5azD0ShPY7cSetXVbouAPJ4lIDZoUfLohcuOVPoqyEg4oBuCtDk+CQAaSQQLVnC
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB123;
x-microsoft-antispam-prvs: <BN1PR09MB1235B95C81029AD5EE93299F34F0@BN1PR09MB123.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026); SRVR:BN1PR09MB123; BCL:0; PCL:0; RULEID:; SRVR:BN1PR09MB123;
x-forefront-prvs: 09525C61DB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(83506001)(102836003)(6116002)(10400500002)(2900100001)(3280700002)(5001770100001)(3660700001)(3846002)(5002640100001)(5004730100002)(586003)(8676002)(107886002)(122556002)(189998001)(54356999)(229853001)(2906002)(4001350100001)(5008740100001)(92566002)(1220700001)(8936002)(11100500001)(81166006)(36756003)(106116001)(99286002)(2501003)(77096005)(86362001)(16236675004)(87936001)(50986999)(66066001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB123; H:BN1PR09MB124.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_D369E95C267A5qdangnistgov_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2016 15:20:17.8651 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB123
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/V9MbTv63wf-4nVhbtD2VFD75eM0>
Subject: [TLS] Comments on nonce construction and cipher text size restriction.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2016 15:20:27 -0000

Hi Eric,

1. For this text:  "plus the length of the output of the signing algorithm. " in the last paragraph of Section 4.8.1, did you mean "plus the output of the signing algorithm." ?

2. "The length (in bytes) of the following TLSCiphertext.fragment. The length MUST NOT exceed 2^14 + 256. An endpoint that receives a record that exceeds this length MUST generate a fatal "record_overflow" alert. " . There could be a cipher that generates ciphertext longer than plaintext in some cases plus the tag. If the tag was 256 bits, then this requirement would disallow that cipher unnecessarily when a record size is 2^14.

3. "The padded sequence number is XORed with the static client_write_iv or server_write_iv, depending on the role." I think the ivs are not needed.



4. The current way nonce is specified would disallow ciphers that use any other ways of generating the nonce such as random nonces.



Regards,

Quynh.

v2.23.0 | Report a Bug | By Email