[TLS] Comments on nonce construction and cipher text size restriction.
"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Tue, 24 May 2016 15:20 UTC
Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35B9312D8BE for <tls@ietfa.amsl.com>; Tue, 24 May 2016 08:20:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c0R5i22Wj9I7 for <tls@ietfa.amsl.com>; Tue, 24 May 2016 08:20:20 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0097.outbound.protection.outlook.com [23.103.201.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F325012D8B4 for <tls@ietf.org>; Tue, 24 May 2016 08:20:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4rPpe76OhIcJpAvcht6ShoIzeJwn1NqiXCOmkgwCG+o=; b=IlWnXJkeSYdQ0GQk4AmOakGq95C1OxL1dPEkVOsjkC5Q2uNnO8S/pp+LW2piJ33q7uxllhfA4zpj5jPjITiIK3M4al+mtHILfUQ9uy4BT4lCCMcKRdgoueNH2mW6kFchLtcjmOaGYjaJpWqKHxZhQPWOSywN2Cbd00hN/IM/+2Y=
Received: from BN1PR09MB124.namprd09.prod.outlook.com (10.255.200.27) by BN1PR09MB123.namprd09.prod.outlook.com (10.255.200.25) with Microsoft SMTP Server (TLS) id 15.1.501.7; Tue, 24 May 2016 15:20:18 +0000
Received: from BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) by BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) with mapi id 15.01.0501.012; Tue, 24 May 2016 15:20:18 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Comments on nonce construction and cipher text size restriction.
Thread-Index: AQHRtc/HWUjUunA/c0agQBPElmd3kA==
Date: Tue, 24 May 2016 15:20:17 +0000
Message-ID: <D369E95C.267A5%qdang@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=nist.gov;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.109.185]
x-ms-office365-filtering-correlation-id: 53a68397-2c9e-4b4b-93c8-08d383e6ea3e
x-microsoft-exchange-diagnostics: 1; BN1PR09MB123; 5:AQzxylsnMVIM+9LBrefMe2WkkAECgfBrlOOnlOcSmXJMDloVbGieQ3+fTFteSDnmPVmZvzSlAjxHV2sP9+oTaTFF42Y6pKl1tijilNQicwt37EU5XQSjUufkeIqPsm7tqn68NfF2eYhEbfmFf6v/lw==; 24:K2DR3tH8VPx0PGybWGfeaceUqVl4rDFoeQj4Pd2E1G0LlABOMkbTLQz4k+3Wd3TBRHYXeBBxSjXlhJgfx/SaqrEOz/s/FsyFJHY+zDVBMiY=; 7:EhF3fhWH8I6/8RsIzoGozQPM0DmVc/LJ6N5CERx/kppN0HcQr4TflG5YukBy+g7SYx5SU2sYlGY7eB/9VYI3IZwcVwMuBuiXekS9M+RV6pTI9na8obedUB3DB+ieRsLpj5azD0ShPY7cSetXVbouAPJ4lIDZoUfLohcuOVPoqyEg4oBuCtDk+CQAaSQQLVnC
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB123;
x-microsoft-antispam-prvs: <BN1PR09MB1235B95C81029AD5EE93299F34F0@BN1PR09MB123.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026); SRVR:BN1PR09MB123; BCL:0; PCL:0; RULEID:; SRVR:BN1PR09MB123;
x-forefront-prvs: 09525C61DB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(83506001)(102836003)(6116002)(10400500002)(2900100001)(3280700002)(5001770100001)(3660700001)(3846002)(5002640100001)(5004730100002)(586003)(8676002)(107886002)(122556002)(189998001)(54356999)(229853001)(2906002)(4001350100001)(5008740100001)(92566002)(1220700001)(8936002)(11100500001)(81166006)(36756003)(106116001)(99286002)(2501003)(77096005)(86362001)(16236675004)(87936001)(50986999)(66066001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB123; H:BN1PR09MB124.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_D369E95C267A5qdangnistgov_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2016 15:20:17.8651 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB123
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/V9MbTv63wf-4nVhbtD2VFD75eM0>
Subject: [TLS] Comments on nonce construction and cipher text size restriction.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2016 15:20:27 -0000
Hi Eric, 1. For this text: "plus the length of the output of the signing algorithm. " in the last paragraph of Section 4.8.1, did you mean "plus the output of the signing algorithm." ? 2. "The length (in bytes) of the following TLSCiphertext.fragment. The length MUST NOT exceed 2^14 + 256. An endpoint that receives a record that exceeds this length MUST generate a fatal "record_overflow" alert. " . There could be a cipher that generates ciphertext longer than plaintext in some cases plus the tag. If the tag was 256 bits, then this requirement would disallow that cipher unnecessarily when a record size is 2^14. 3. "The padded sequence number is XORed with the static client_write_iv or server_write_iv, depending on the role." I think the ivs are not needed. 4. The current way nonce is specified would disallow ciphers that use any other ways of generating the nonce such as random nonces. Regards, Quynh.
- [TLS] Comments on nonce construction and cipher t… Dang, Quynh (Fed)
- Re: [TLS] Comments on nonce construction and ciph… Martin Thomson
- Re: [TLS] Comments on nonce construction and ciph… Ilari Liusvaara
- Re: [TLS] Comments on nonce construction and ciph… Colm MacCárthaigh
- Re: [TLS] Comments on nonce construction and ciph… Dang, Quynh (Fed)
- Re: [TLS] Comments on nonce construction and ciph… Dang, Quynh (Fed)
- Re: [TLS] Comments on nonce construction and ciph… Ilari Liusvaara
- Re: [TLS] Comments on nonce construction and ciph… Martin Thomson
- Re: [TLS] Comments on nonce construction and ciph… Dang, Quynh (Fed)
- Re: [TLS] Comments on nonce construction and ciph… Eric Rescorla
- Re: [TLS] Comments on nonce construction and ciph… Quynh Dang
- Re: [TLS] Comments on nonce construction and ciph… Eric Rescorla
- Re: [TLS] Comments on nonce construction and ciph… Quynh Dang