IETF Logo Mail Archive

Re: [TLS] Choice of Additional Data Computation

Felix Günther <mail@felixguenther.info> Sat, 16 May 2020 09:53 UTC

Return-Path: <SRS0=Z5TF=66=felixguenther.info=mail@cdc02.comdc.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6DE23A0863 for <tls@ietfa.amsl.com>; Sat, 16 May 2020 02:53:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.252
X-Spam-Level:
X-Spam-Status: No, score=0.252 tagged_above=-999 required=5 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mSI7WEv-kHoI for <tls@ietfa.amsl.com>; Sat, 16 May 2020 02:53:40 -0700 (PDT)
Received: from cdc02.comdc.de (cdc02.comdc.de [136.243.4.87]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 083F93A07A5 for <tls@ietf.org>; Sat, 16 May 2020 02:53:39 -0700 (PDT)
Received: from cdc02.comdc.de (cdc02.comdc.de.local [127.0.0.1]) by cdc02.comdc.de (Postfix) with ESMTP id EF0DC4F206D9 for <tls@ietf.org>; Sat, 16 May 2020 11:53:36 +0200 (CEST)
Received: from [192.168.178.40] (160.94.254.84.ftth.as8758.net [84.254.94.160]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mail@felixguenther.info) by cdc02.comdc.de (Postfix) with ESMTPSA id CF17C4F206D8 for <tls@ietf.org>; Sat, 16 May 2020 11:53:36 +0200 (CEST)
References: <AM0PR08MB371694E826FA10D25F2BA53EFAD00@AM0PR08MB3716.eurprd08.prod.outlook.com> <93042b37-37e1-5b6a-3578-a750054d0507@gmx.net> <AM0PR08MB3716541F4825F8D43DC3D308FAD00@AM0PR08MB3716.eurprd08.prod.outlook.com> <CACLV2m4-Qcx-xKWP201VCY73HVyjCzHVCb6PrntnBWhA8fBQYg@mail.gmail.com> <a18b8223-ca9e-4a06-97fc-448865023376@www.fastmail.com> <6b074b76-2977-fbc1-99d7-f9acb79466e3@felixguenther.info> <CABcZeBNzGr+R5BivpyBXRnO8y+Hnr2RTWeyifw9gFZrgG1C8ZQ@mail.gmail.com>
From: Felix Günther <mail@felixguenther.info>
Autocrypt: addr=mail@felixguenther.info; keydata= xsDiBE04qkIRBADtFenVz1DuqethtPkoKAazBeKjyrr5Znbi8mQT1gOrkuli6i0/umf2uJ9V uI6NgjR0uM68UFGIHZlAoWk5Nfo8BTkYsdXl4R08pePmwRwwtq9LALZrGkeLeQtOFdLJt7G2 iQgqq2XpZc9AXW3/+j0I6MmsWMQKCkCA1s6IRLtH+wCgk85oP1adRYaEpi82Z3oG7vztEOkE AMccj8RgnjWcbB13HxxRk2C/4mgLEmCBWO3nmcCPZP5t/5GZSe7Kt5HQoygjxxcro/2e+9wF YsYwLUpHKMOjyvtcU0jLtIv0m6I+GQ3HOz89erVpa7G7EUoEsbQ7FEuyW4mVEaQZ3XE1Mxvp /3Ca1rBJjoxXhxKaDJYWsc5fdO6RA/44xXLdiE2f6NDoTJY7Z97VXUnJskpDNnwePOJyX4GT DwII2kl6JSYOAmkcOpINOSVsS0XDLZpBuKqsibUF/t53BkNfR/aF/BzIUJ5dykqrHvi75aQb ltSum1+kIo8Q6ZI+MzAAwmbqLfuRHZP5y0fjxdHLhfMrvacrNHnaoUWrVc0oRmVsaXggR8O8 bnRoZXIgPG1haWxAZmVsaXhndWVudGhlci5pbmZvPsKTBBMRAgA8AhsjBgsJCAcDAgYVCAIJ CgsEFgIDAQIeAQIXgBYhBCuuSm95RkYbcAFhs1KvAgDT8XAOBQJdE93OAhkBACEJEFKvAgDT 8XAOFiEEK65Kb3lGRhtwAWGzUq8CANPxcA5VLACfRCZFjMy2oVl6MKcxqSLOqxpYcmUAniNH ecOrDmHcK3hfLPUIRCtR0mDPzsNNBE04qkIQEAD1M2gM5rQ9UIBa+323DToxTD4PQ+gCGSXW OU0TN41q0sNCp/ph6Ec6C2OmADy2m6UMlSr+jc03XkmxQHV6XqhCN7rjijCqEQUPxXTY2zdk rqEaAFEa6mnpErCDvQXjPi6QrAJLvz2tl3Bqry35ffs1FQ/jVjnfuSB83ZHUEUsHQDX1Bvna exqd4FRKAYte7f1vEOsei6eguMyK0lrXQBNFy5GfLx4nMC5cjyUJRE2MI9YlWNc3eCz7PqwD 95uvaKctBPrpYhBmLlDfUE3I8Z5pqL7u3shul+SGqdscBMOrq+0zyUJ6b6uxhzcy03VbiNBn n0AIjeJ67cyi4yg3hbmanRuMHqg2I7VNNgPdlRgF5XshNfjuVqDsD0w/MHBtEZ160A3XJTkc O/uaBp16L+gWXALj+EPXyRiO4cRTEqIKiiRllo9AQxMqMGkeGumFKyVNeX+1aYwkGhWyB52C FbJ/f2jxk5MGxBDXAfCE70Nz5/BP9DYHDqN1lLPBBUkbXeGD+4LoerGFh+Ioe2yIy6qdvk4g zSqRZrdD9e1FyWiSTx6VOMdgggz4cF2LbGPKzwP7WBU8jyzg3A9ECNzmb+QBfLNutuD6n5lV 7cglMTgz+F5KEvOygWtmiugTZPfyu9NayJ2j/zMlkLEn4ksBHynwFgpgEl6X+key9EXBJhs4 QwADBg/+P3Tm8Bn8wmUusSVDp5XBTZcgGEWaw61BxWaHcJnDRC5cwDUBCxB7cosslJ8EQ/wu PPz9j2Y827zCa+HDTg/HSjs2zrI4S6+/gLJDNpnAka+fSUjhRqNLvLiaAYWR3UCY+LX/h6X1 inibLzxWU5xJ7+Zpybj4wIgAwN6A0vEnMStmA4xAlV1LPitVhpZOhMT8NW9EWS4RmBk2e8i/ wbjo4Jm2edEW/VdAOi7Fqna07zIYFD4HEFleqte3J5XPXB44EhUfJxTGL2QZFDkz301+tm4i dHXfzZb1hiGqJWC+a9YSwtkVGgauHzDXJWTLHDogaKRaWTCrxMsZWUCKoDwAQ1ln1sklU6fn uV3oO/PxzxS8em9KlRu3djeN/QYlsOeWPi/dmsjFwjdGZQgZ/QJANKmqtQemmArCIE9IstFF Cu4bDuPMukyq7tqv7Z+E1AHcYtKbKCKR1hdE5+YgirQnmD+tktIVDUZmYvdLympL2wlCHQpk RQT7U+3MChhRin1u1HkmjelvICfoz+BI2VI0NTBrYRqLp/Ld8G7UpPUBiCe0vNXImvZD9Z3z kyMX9r0YjlfyWae89IAn+h9Ij9tGMurI2Pp+souvO0VX25xaEpChB3iIT2p7bzgpip1CrgFl SE7gnaeXatZsSq6gV70AJ0hUEi5GgIcRSut4wbS13KbCSQQYEQIACQUCTTiqQgIbDAAKCRBS rwIA0/FwDqNgAJ9h3wSRXwbvSK4+TIAcxlnxbyVZSgCgkSUHgTNTyiliLBDDTYdG9b+pi4k=
To: tls@ietf.org
Message-ID: <61cb07cb-9a9d-f3d4-c466-343cdae386ed@felixguenther.info>
Date: Sat, 16 May 2020 11:53:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBNzGr+R5BivpyBXRnO8y+Hnr2RTWeyifw9gFZrgG1C8ZQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV using ClamSMTP
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YE1uAmPFL_59E-5h9fHn0sLE_B0>
Subject: Re: [TLS] Choice of Additional Data Computation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 May 2020 11:21:10 -0000

Hi,

On 2020-05-15 22:04 +0200, Eric Rescorla <ekr@rtfm.com> wrote:
> Actually, the full epoch is included in the overall sequence number and
> hence used to generate the nonce.
> 
> https://tools.ietf.org/html/draft-ietf-tls-dtls13-37#section-4
> 
> Does that help?

Sorry, I forgot about reading this difference in how the record sequence
number is constructed in DTLS (vs. TLS, and also QUIC). Yes, this should
effectively separate the nonce spaces between the different epochs /
epoch keys, and implicitly authenticate the epoch through the nonce.

Cheers,
Felix

v2.35.0 | Report a Bug | By Email | System Status