Re: [TLS] Late DLS 1.3 issue
Christopher Wood <caw@heapingbits.net> Thu, 14 October 2021 22:53 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F2893A1825 for <tls@ietfa.amsl.com>; Thu, 14 Oct 2021 15:53:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=SLwb8oAE; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=id4BD3sM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00T9K5d6PYqb for <tls@ietfa.amsl.com>; Thu, 14 Oct 2021 15:53:37 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CE3E3A1176 for <tls@ietf.org>; Thu, 14 Oct 2021 15:53:37 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 5626B5C0101 for <tls@ietf.org>; Thu, 14 Oct 2021 18:53:34 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Thu, 14 Oct 2021 18:53:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=I67aX/wvhhmvezPJq9mXsijINzG4Db+ zob+klZDddO0=; b=SLwb8oAE6BLNNNz16BXoStrBJDqDpQ6gfmoSbQAvr90jj03 djHlSBP7J9auikGF0uq1LyvXSzTxCl+omYAkOObM2IdFLBICKQ7L+XN6cKv3OJXx Aq4jwWZ/9BSsfx3IROjQS2IhR6bUKI8dsV0GoqzCN3mDNJo1+koFx6crxx/VmNrf UjJCfdyqGyeBMPlM7It/4u2FnUJzmtevqapDXjZWGNCn2ZgaodI2feKoA0pSjcO4 shiHsdFwyVfw4ZhEJS3r2fnraCj8AUXsk3oldrf6CWDvKmi+vWaD2/K5q6pXP/ol 9e0Worisfm8P0Gs8AiVabVMw5H+83aO64WrojQw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=I67aX/ wvhhmvezPJq9mXsijINzG4Db+zob+klZDddO0=; b=id4BD3sMMSD2+HE3p9RZac n2HdS4aBlswvb/12Re/OiuUpR5kjcV/LRKNVgmiazGb8Jt9ywuuU34Q1mQ/f4Lxg 7QCwG+iB7051jgxjeNFMUAqs5iHTC+7JMzdNw7DKkmwM+6loT4U7kBjHnZTtTXIP juePDZqtbm4ILUSCwH0EKMj3Lq1iI0P+Yilzmf0j4Z4ykw9Y8euysNfrXO7wo3Xz loJBLXpftW2q9n4EjcajtcEPKt/Mp9bnsJxy1KyBhoihdGHOl1oWpg/fNsxh1yvh 3f4qnCmuLkDSNj8oQCKWts3QUhHnruYc6sLslQ8BPMWTiNUxdD8UqV8jeuHKLJrQ ==
X-ME-Sender: <xms:7rRoYVg8GpaoZ2q18iuNHEfuiU73A7c7MGF6FEUpe2D1VUSsJ8sc-g> <xme:7rRoYaDdeLQ6eY_Mm9GP2KLZkSn9vOFVvgSKH0IVXxwet1dKjnyLwPOOAZ8OfdNBC 89zUNERhLbU3NRhHiI>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvddufedguddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpefgveeggeffvd eugeevvefgveffleduleffgeejudffhfefkeeguedugedtvefftdenucffohhmrghinhep ihgvthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:7rRoYVF1dHXqtLcJ_CXwvft-Iwf6pLyEump6kZN7-1yk612WzMXwng> <xmx:7rRoYaQljE1GhIkKiz8YKX0BgPE2LP_xZqMlcPZ2PhEaIg12F_8Vbg> <xmx:7rRoYSwj8RWl6q9X04G3um1etSlzUrFxQuMrX6KkZ9KPVSn4JCNwzw> <xmx:7rRoYR_a5JHkVqCMk4Depm49jhsfqgc8Gdens5k_7Ie0HgHAv0YGaQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 300DE3C0246; Thu, 14 Oct 2021 18:53:34 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1345-g8441cd7852-fm-20211006.001-g8441cd78
Mime-Version: 1.0
Message-Id: <8e219b1d-2d19-46bc-8843-422f249b9ac5@www.fastmail.com>
In-Reply-To: <4e03b1c2-ee90-4418-b9d0-a48d8658d290@www.fastmail.com>
References: <3e98642a-a232-471f-aacc-2f7a723be320@www.fastmail.com> <2dc51976-ee00-449c-b954-23b53d3607b7@www.fastmail.com> <CABcZeBM_Kx1fL4KU-9F9X3YjgDv2K4idDWXoLAfv9=-LbDLXjw@mail.gmail.com> <7e32945e-af12-4d85-9739-473b64df40a0@www.fastmail.com> <4e03b1c2-ee90-4418-b9d0-a48d8658d290@www.fastmail.com>
Date: Thu, 14 Oct 2021 15:53:14 -0700
From: Christopher Wood <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YSKCRNZRk9qnBShdgSznZgbn608>
Subject: Re: [TLS] Late DLS 1.3 issue
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Oct 2021 22:53:49 -0000
The PR's been updated to correct the editorial bug and clarify that the epoch is truncated. We could also go with Martin's suggestion to make the epoch 48 bits, yielding a 96-bit per-record sequence number. Or something else. Please have another look. Thanks, Chris On Wed, Oct 6, 2021, at 4:30 PM, Christopher Wood wrote: > On Tue, Oct 5, 2021, at 8:36 PM, Martin Thomson wrote: >> On Wed, Oct 6, 2021, at 12:58, Eric Rescorla wrote: >>> This isn't dispositive, but note that TLS 1.3 doesn't include the epoch >>> in its nonce at all. >> >> That strengthens the gut instinct some, as does the fact that QUIC >> doesn't either. But neither of those protocols is exactly the same as >> DTLS. DTLS doesn't place a hard end on any given epoch. TLS does. >> QUIC's continuous packet number space creates a hard limit, even if >> that limit isn't a single value. That suggests that some analysis >> would be helpful. >> >> I'm less concerned about analysis than I am about getting the >> specification bit right. > > FWIW, the intent of the change was to indeed truncate the epoch, as > this is the variant that seems safest. I think you caught a couple > places where that wasn't captured quite right, which we can fix. > > Best, > Chris > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Late DLS 1.3 issue Christopher Wood
- Re: [TLS] Late DLS 1.3 issue Martin Thomson
- Re: [TLS] Late DLS 1.3 issue Eric Rescorla
- Re: [TLS] Late DLS 1.3 issue Martin Thomson
- Re: [TLS] Late DLS 1.3 issue Ilari Liusvaara
- Re: [TLS] Late DLS 1.3 issue Christopher Wood
- Re: [TLS] Late DLS 1.3 issue Christopher Wood
- Re: [TLS] Late DLS 1.3 issue Christopher Wood