Re: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?

Alexandre Anzala-Yamajako <anzalaya@gmail.com> Wed, 16 March 2016 16:59 UTC

Return-Path: <anzalaya@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE50612D52E for <tls@ietfa.amsl.com>; Wed, 16 Mar 2016 09:59:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a1e_C78_gB8q for <tls@ietfa.amsl.com>; Wed, 16 Mar 2016 09:59:32 -0700 (PDT)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D82112D513 for <tls@ietf.org>; Wed, 16 Mar 2016 09:59:32 -0700 (PDT)
Received: by mail-wm0-x230.google.com with SMTP id l68so196680254wml.0 for <tls@ietf.org>; Wed, 16 Mar 2016 09:59:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IysNwp1LbeExvVNdoAqSq0ID03Cg5EJP5g/2wzP+C7U=; b=lU3utKJuRlV6ZpzOcUD2t/+mtmRPLTD2PO4pHe8Nsvgn1wPYKOAhp1pmdkg2OdaJJZ feehoL4SgEplESFVkbyHHEUutjP4vlajzWQ7gH0U1zuAxTLtYuxJE/np8spCCgoTNJIP yyhgU9mHTygz89XX1jbyFmhmmQa/e81oUKLKAUqsISjGpNVkHh8AyPkicgRFzt7xIgjH EbmCh0W39hYL/0Pb9qGwRksQMzCeLIf6yqAyEYQ+/Vr7EiBHBq6Xs9B4eNGTbpQBl2Tv LBw+UZjJURAR883Xj6937HAncYCfqHTl0KVr7BKr60/uPq4RrDQJXa0lomdfoiWh9/WU JUIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IysNwp1LbeExvVNdoAqSq0ID03Cg5EJP5g/2wzP+C7U=; b=C7UtYFZptc+joMMb6ahI2dmbvzXWF2g4e4ynWrwxRbZO4/pEt61ipJla+rymxAghc2 CXMgCfL7UIxLd5VJ1z8S9soEn0d4t438HngPQyIwPwTnULzd/w6cKGK55jCKqZqXpGtK kabQhEbDfs5AgN+sdOcL6GHCLxkehVCRq5kfZmHz+uavBqIgR4lTLXK8PHL1gidOuR4G T8EG17nzFeBCCiP9Q1m8DFXYb4fXubvyvarXQbDGn8Q7hDkhXjHZqcMH7xndv4urmLav 0dkYzwSWXV/ilNQArN4YXKie0DTKiO9C9adDbtfL4/5//b/Gw0pNyKxEyIScALSUi45p YSIQ==
X-Gm-Message-State: AD7BkJJVh6zUg0ffS+dmgOzvVm6qfZpuf8V5UHUjy1tyqvZ69yc8XaswwsrMNsMxtcI0VYey3eSuqKVtMRCoiw==
X-Received: by 10.28.88.15 with SMTP id m15mr29882287wmb.60.1458147570592; Wed, 16 Mar 2016 09:59:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.28.140 with HTTP; Wed, 16 Mar 2016 09:58:51 -0700 (PDT)
In-Reply-To: <CA+cU71mRGgRqFvT85ascQ6FmSuubNSifVLpw131GHBO5qf2M7g@mail.gmail.com>
References: <CAAF6GDekw3stfYGd1q+Zzde--g5M0h9ZTWrVLVJxEwp+frQTHQ@mail.gmail.com> <CA+cU71mRGgRqFvT85ascQ6FmSuubNSifVLpw131GHBO5qf2M7g@mail.gmail.com>
From: Alexandre Anzala-Yamajako <anzalaya@gmail.com>
Date: Wed, 16 Mar 2016 17:58:51 +0100
Message-ID: <CAHE9jN2pMFocMwFFocFApRh2eb2PUrdYOP5ibzr7yYhtQVoa-A@mail.gmail.com>
To: Tom Ritter <tom@ritter.vg>
Content-Type: multipart/alternative; boundary=001a1144294cf9b183052e2d6f62
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/WyID52Bmz8BbNPTU9uzA-rt9-aI>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2016 16:59:34 -0000

IMO, the layer creating the plaintext shouldn't have to pad it for security
that's the job of the TLS layer.
the TLS library should be parameterized by a size range and any plaintext
larger than the range would get chunked up to smaller pieces while anything
smaller would be padded.
The actual value of the range could then be left to be chosen by the caller
since this has an impact not only in security but also in performance.
IIRC this how things are done in MiTLS (https://mitls.org/)


-- 
Alexandre Anzala-Yamajako