Re: [TLS] Consensus call on Implicit IV for AEAD
Yoav Nir <ynir.ietf@gmail.com> Sat, 18 April 2015 04:10 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7297C1A89C4 for <tls@ietfa.amsl.com>; Fri, 17 Apr 2015 21:10:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ajzGpHXOmu-K for <tls@ietfa.amsl.com>; Fri, 17 Apr 2015 21:10:40 -0700 (PDT)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BBE11A8982 for <tls@ietf.org>; Fri, 17 Apr 2015 21:10:40 -0700 (PDT)
Received: by wiax7 with SMTP id x7so45983425wia.0 for <tls@ietf.org>; Fri, 17 Apr 2015 21:10:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=UEJI45spYriZqrFlZJFbteH7xdlc1mLTi1UaJOwqC/w=; b=KUjdL0zK15YCKJEKjDuiXigHQYED+YXVT2IUpHlslb5QkrjxYWt8Q8VVdjW/sH8CaC WD6jk7/4msa08LQaL65o3XjWgnQW3Lq6Zohll9gGjCx1IBNd8hU/Ej/7KiCHwyHh2vnJ p8TDGJMBie7GNTdZEFlgmRhyCnF6/s6BFEQyeHv37D3iRidq5d6/kLElPrcOJEHci7WG rttodWIiBkrv57tgfdThHFiDHvsypO1BynA9AYYyUgajErFoXfVvQDdpeZPOLf98cjbu EoqPRDtjrGtKn8EHS58XLb61DP2r3Y4dxRsXJF4HRhT8ENinjz04AC61YxW7v5rQL38i +uEQ==
X-Received: by 10.194.86.135 with SMTP id p7mr11507847wjz.89.1429330238967; Fri, 17 Apr 2015 21:10:38 -0700 (PDT)
Received: from [192.168.1.17] ([46.120.13.132]) by mx.google.com with ESMTPSA id fa8sm5245394wib.14.2015.04.17.21.10.37 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 17 Apr 2015 21:10:38 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_FF5AB20A-DEAE-4041-99B5-09F91BBD0EA0"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CAOgPGoCW-znnh5VFobCFjZafxEOcwsaHZ_eByTwpCpmqfgX=6Q@mail.gmail.com>
Date: Sat, 18 Apr 2015 07:10:36 +0300
Message-Id: <29B76887-46EE-4AA1-9BD9-FB322D63C92D@gmail.com>
References: <CAOgPGoCW-znnh5VFobCFjZafxEOcwsaHZ_eByTwpCpmqfgX=6Q@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/VpOLnmL8Ky6KchcUyUk2HtX4UBU>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Consensus call on Implicit IV for AEAD
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2015 04:10:42 -0000
Hi Making AEAD implicit on the record works for me. As far as using all zeros for the salt, it doesn’t make a lot of difference for ChaCha20-Poly1305, but it might make some for AES-GCM. Here’s a link to a post on the ipsec list that explains it better than I can: http://www.ietf.org/mail-archive/web/ipsec/current/msg09751.html <http://www.ietf.org/mail-archive/web/ipsec/current/msg09751.html> Yoav > On Apr 3, 2015, at 11:34 PM, Joseph Salowey <joe@salowey.net> wrote: > > In the interim meeting we had consensus to use an implicit IV for AEAD. The proposal was to use the record sequence number and pad with zeros as described in pull request 155 (https://github.com/tlswg/tls13-spec/pull/155/files <https://github.com/tlswg/tls13-spec/pull/155/files>). This was also discussed in the IETF-92 meeting in Dallas along with options to change the offset. The consensus was to stay with the original proposal. We are posting to the mailing list to confirm this consensus. If you have comments, please reply by April 17, 2015. > > Thanks, > > S&J > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Consensus call on Implicit IV for AEAD Joseph Salowey
- Re: [TLS] Consensus call on Implicit IV for AEAD Martin Thomson
- Re: [TLS] Consensus call on Implicit IV for AEAD Daniel Migault
- Re: [TLS] Consensus call on Implicit IV for AEAD Brian Smith
- Re: [TLS] Consensus call on Implicit IV for AEAD Dave Garrett
- Re: [TLS] Consensus call on Implicit IV for AEAD Eric Rescorla
- Re: [TLS] Consensus call on Implicit IV for AEAD Ilari Liusvaara
- Re: [TLS] Consensus call on Implicit IV for AEAD Tom Ritter
- Re: [TLS] Consensus call on Implicit IV for AEAD David Leon Gil
- Re: [TLS] Consensus call on Implicit IV for AEAD Eric Rescorla
- Re: [TLS] Consensus call on Implicit IV for AEAD Yoav Nir
- Re: [TLS] Consensus call on Implicit IV for AEAD Tom Ritter
- Re: [TLS] Consensus call on Implicit IV for AEAD Yoav Nir
- Re: [TLS] Consensus call on Implicit IV for AEAD Daniel Migault
- Re: [TLS] Consensus call on Implicit IV for AEAD Martin Thomson
- Re: [TLS] Consensus call on Implicit IV for AEAD Daniel Migault
- Re: [TLS] Consensus call on Implicit IV for AEAD Ilari Liusvaara
- Re: [TLS] Consensus call on Implicit IV for AEAD Martin Thomson
- Re: [TLS] Consensus call on Implicit IV for AEAD Ilari Liusvaara
- Re: [TLS] Consensus call on Implicit IV for AEAD Michael Hamburg
- Re: [TLS] Consensus call on Implicit IV for AEAD Brian Smith
- Re: [TLS] Consensus call on Implicit IV for AEAD Yoav Nir