Re: [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)

Sean Turner <sean@sn3rd.com> Fri, 10 March 2017 02:24 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A78A128AB0 for <tls@ietfa.amsl.com>; Thu, 9 Mar 2017 18:24:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sGA6g9rim_2S for <tls@ietfa.amsl.com>; Thu, 9 Mar 2017 18:24:51 -0800 (PST)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9523512944B for <tls@ietf.org>; Thu, 9 Mar 2017 18:24:44 -0800 (PST)
Received: by mail-qk0-x230.google.com with SMTP id y76so149372710qkb.0 for <tls@ietf.org>; Thu, 09 Mar 2017 18:24:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=U6LBCog31s4ivf+Z+ydpGgC6wr1LlEd0L6pWB1eUjTU=; b=Cwx3XJbL9usQaMUgxu5mXoao7sr8ZMe2PJhWLp4KJK5xp65aDPgIUVfezpiyzA8Eru iClY2HiWo5lSt7pxs1oKPJdjOmZXMu2XHISPf5YKO+wpdt7NUifPhNovQ1TQgkXkpjlW NAm0YAGFg2WyirS4X+bT5B+408fkFggdndMZw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=U6LBCog31s4ivf+Z+ydpGgC6wr1LlEd0L6pWB1eUjTU=; b=XciftpUi36gR3oUBkXb9J3Nl1Den/yNPVg+rah1WaclcGtbCiQL0z5A9ZpgD0hkDFP XNWH8u32PSjeH3bvdt8AxNMG3LqvDMEIXetSy6Xc9W6FvZlqpskOWhbibN2Q9bLWnRbp uMGQrDAvpWzeGJaGF2Z624foPX/kUxjCgDJglIPGzPkBuROvKKQhCaUpSLCN1SMgQefo lhuNoelZRyLjkuSZI74qZJe7kWJzRhp2AGWjilI/hU33MWdEH7X3T5wAKVVpEzRb7tqd GH4i5G5K1FpDNJKs61euG9Dd9RJ4JuHXuyKMtumKyUTspTEINqe0/qjJ0M4DHAQmryXL wxNQ==
X-Gm-Message-State: AFeK/H2vBHyimHzwzTWfkhwGWJbhfapk1mBq8XAUzCmcbGGP4ZuqA0lyIgHDSwSDRFnyXQ==
X-Received: by 10.55.185.70 with SMTP id j67mr18117091qkf.4.1489112319996; Thu, 09 Mar 2017 18:18:39 -0800 (PST)
Received: from [172.16.0.18] ([96.231.228.203]) by smtp.gmail.com with ESMTPSA id f21sm5546309qtg.3.2017.03.09.18.18.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Mar 2017 18:18:39 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com>
Date: Thu, 9 Mar 2017 21:18:37 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <E4077608-45D0-489A-B447-B33BC48B2984@sn3rd.com>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com>
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YVX_9QBk4l9ci-n7pIh-Vru66sU>
Cc: IRTF CFRG <cfrg@irtf.org>
Subject: Re: [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2017 02:24:54 -0000

After many emails about the wording for s5.5 Limits on Key Usage, it’s time to judge consensus on whether or not to make any changes to that section.  The important thing is that the SHOULD implement the key update from s4.5.3 was never in question.  There was no consensus to change the actual GCM limits on key usage; again the text related to ChaCha20/Poly1305 never really was in question.  The discussion has wound down to whether it was better to count records or bytes/blocks for the GCM limit calculation.  We didn’t see any strong consensus to change this description.  Therefore, we see no consensus to change the text in s5.5.  ekr please close PR#765 and PR#769.

J&S

> On Feb 10, 2017, at 12:07 AM, Sean Turner <sean@sn3rd.com> wrote:
> 
> All,
> 
> We’ve got two outstanding PRs that propose changes to draft-ietf-tls-tls13 Section 5.5 “Limits on Key Usage”.  As it relates to rekeying, these limits have been discussed a couple of times and we need to resolve once and for all whether the TLS WG wants to:
> 
> a) Close these two PRs and go with the existing text [0]
> b) Adopt PR#765 [1]
> c) Adopt PR#769 [2]
> 
> Please indicate you preference to the TLS mailing list before Feb 17.  Note that unless there’s clear consensus to change the text will remain as is (i.e., option a).
> 
> J&S
> 
> [0] https://tlswg.github.io/tls13-spec/#rfc.section.5.5
> [1] https://github.com/tlswg/tls13-spec/pull/765
> [2] https://github.com/tlswg/tls13-spec/pull/769