Re: [TLS] Data limit for GCM under a given key.
Eric Rescorla <ekr@rtfm.com> Sat, 07 November 2015 01:14 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 728E51AD333 for <tls@ietfa.amsl.com>; Fri, 6 Nov 2015 17:14:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id twLCSZB7rA_X for <tls@ietfa.amsl.com>; Fri, 6 Nov 2015 17:14:25 -0800 (PST)
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com [IPv6:2607:f8b0:4002:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E603F1ACECD for <tls@ietf.org>; Fri, 6 Nov 2015 17:14:24 -0800 (PST)
Received: by ykba4 with SMTP id a4so202504418ykb.3 for <tls@ietf.org>; Fri, 06 Nov 2015 17:14:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=oIN8IeJxDk7egV1cmsBGq30dWHAvtBlfVXtzIxHNBPo=; b=MpYExKdQK7YSFCVNP/0r207JH5bgHdY44jeoBgwjEfn+azOLEqw6Y7XuvQStOnEVRl TCFLarLFiVR2GTydM8mlOJtav9mg9iFtIRfJQ7bJNABQk2bjby7RZoxW7B59JebZXTav Bv9Mh45WcVEp5uFpZC/flfQLqMvCFOQMNWZ9HajkpnhhgczBTsbkZyO6Go389Pa+GSQa 5eY0ap7NSCqiOskz4ycJVLwxhFl2kWxQm5zo0bxMTuG9w6+oBRRXih9xQRnfqjSscti9 QBQsA+XF+ruuE0FDVf/+xtPU2QzceNhvVgSpHpiJ05otZeMJ2yzdIeD/tOKyegO9YW8+ E7DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=oIN8IeJxDk7egV1cmsBGq30dWHAvtBlfVXtzIxHNBPo=; b=a9BmFOMf8R5fC+UoUXqXyaqmqXevE5+JvVFzEBPY90FCvrGAky2sDVyKuHZaHNMh8y +ASs6IjEev+U9svTRdQKVch3ct+NWJIPkbMkE7jfHJixC0S965ZaSubwUWC/7Qd4sPos 2MSHHgES00/Lw2mhgNoqRT0DZuNRLCXfv4ucvKaqOrQ+ik66yrYoCwIvltgq+Ljhk6YU IZvKRGIyszReSFLXWDuv0NAdFS+ow53n3d9fsYgXKbxpnoxGahTjNhe2nCXAUIHxR0Yy I+uXZ6laSp9MQKxMzp5bcgLFr5923Q5Z/EpqQp8tY45w9cnCPU5cpJBl/XbJtZijQHpU dZqQ==
X-Gm-Message-State: ALoCoQnc+Fz2OOYrcSBzpmJTX3jhIgdKmJadMuqgCrY2M2wL/qcSPpCKwQaxm3rgmXgx5mbtmDCf
X-Received: by 10.13.212.8 with SMTP id w8mr15918353ywd.192.1446858864152; Fri, 06 Nov 2015 17:14:24 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.221.203 with HTTP; Fri, 6 Nov 2015 17:13:44 -0800 (PST)
In-Reply-To: <CAHOTMV++hODJgstmROMv6BPUveDQgH=+KoN8UKCecRxtQQ+N9g@mail.gmail.com>
References: <CABcZeBODjk8rapgbNTST8bmFFVzKqB4tJyrvje-CTgk1=gfqFw@mail.gmail.com> <CABkgnnV+QrjcXJdZwwAGW-SpX0Z0_JroEVT-kMJgUAVe7DDQUw@mail.gmail.com> <CABcZeBOrL=TosONYfM_QPPYfT5N4VH7yR4hFw3Qt8W4V0uznkw@mail.gmail.com> <CABkgnnXis0mwqcsd1D0S61kqL6kvq9=ZU0BRbwbLH7Jesj0Y-w@mail.gmail.com> <CABcZeBNpV3uqOF4YohiCrtq03hR7LPnPGdny6yWB+zysVufiqA@mail.gmail.com> <CABkgnnWVJeeBuMitweCj=nOSB5cA-R-6btdQeWp0Bdnomd2XtQ@mail.gmail.com> <CAMfhd9V4WVxKbJh6KkNdVFGBGKh=tG5kC_7sPthOwhrrUi5eoQ@mail.gmail.com> <CABcZeBOc_9i83j4rjxve8PuBPWdd8eCVN2wQth3G0=T_xz1UKg@mail.gmail.com> <811734cd29d64adc98c5388870611575@XCH-ALN-004.cisco.com> <CABcZeBNZJkrVsA9UEN-ywpzUOZy4wJ=2=QDg-KhjNUCvMKi=HA@mail.gmail.com> <CABcZeBNOJNwL9Akbhnpd2fg8rk80BNYRkODRpqDb9nk2K_m1mg@mail.gmail.com> <BN1PR09MB124321AF53FE4EB4F47AFE9F32C0@BN1PR09MB124.namprd09.prod.outlook.com> <CACsn0ckVoXHvLWMwC4ksv3Rr305uL-_7UDNFT+0RnbkjDs2Vxw@mail.gmail.com> <BN1PR09MB124B270CE55528F10656DECF32C0@BN1PR09MB124.namprd09.prod.outlook.com> <BN1PR09MB124A4974829B07CC2E8CC68F32A0@BN1PR09MB124.namprd09.prod.outlook.com> <CACsn0ckKjzXsOEWzbY-rQ6gYW8ze_hB2f=gzie2pjfM9wPuQWg@mail.gmail.com> <BN1PR09MB124DAC88D9D7F09FFD1B964F32A0@BN1PR09MB124.namprd09.prod.outlook.com> <CACsn0cksvHSbd+MfjurHKLM0_imO5TRcK0PS6UXojLtRBBE_EQ@mail.gmail.com> <CAHOTMV++hODJgstmROMv6BPUveDQgH=+KoN8UKCecRxtQQ+N9g@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 06 Nov 2015 17:13:44 -0800
Message-ID: <CABcZeBN749=rdOD3fsqwV3hj1X538G_-hbh2QvSmbMj6qWwOvA@mail.gmail.com>
To: Tony Arcieri <bascule@gmail.com>
Content-Type: multipart/alternative; boundary="001a114fa4a4a384dd0523e91489"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Zipq13cd7RBnPyH9Z3PU63hqd7Y>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Data limit for GCM under a given key.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Nov 2015 01:14:26 -0000
Update: we discussed this extensively in Yokohama and based on Watson's feedback and offline comments from David McGrew, the consensus was that we needed to add some sort of rekeying mechanism to support long-lived flows. Expect a PR on this next week. Note: We'll still need guidance to implementations on when to re-key, but we don't expect to have a hard protocol limit. -Ekr On Fri, Nov 6, 2015 at 4:59 PM, Tony Arcieri <bascule@gmail.com> wrote: > On Friday, November 6, 2015, Watson Ladd <watsonbladd@gmail.com> wrote: > >> On Wed, Nov 4, 2015 at 3:43 PM, Dang, Quynh <quynh.dang@nist.gov> wrote: >> > I did not talk under indistinguishability framework. My discussion was >> about confidentiality protection and authentication. >> >> What is the definition of "confidentiality protection" being used here? >> > > I too am confused by Quynh's statement. Indistinguishability is the modern > bar for confidentiality and authentication. > > Quynh, are you talking about anything less than IND-CCA2? If you are, that > is less than the modern bar I would personally consider acceptable. > > > -- > Tony Arcieri > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
- [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Colm MacCárthaigh
- Re: [TLS] Version in record MAC David Benjamin
- Re: [TLS] Version in record MAC Martin Thomson
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Martin Thomson
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Martin Thomson
- Re: [TLS] Version in record MAC Russ Housley
- Re: [TLS] Version in record MAC Adam Langley
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC David McGrew (mcgrew)
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Ilari Liusvaara
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Adam Langley
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Eric Rescorla
- [TLS] Collision issue in ciphertexts. Dang, Quynh
- Re: [TLS] [Cfrg] Collision issue in ciphertexts. Watson Ladd
- Re: [TLS] [Cfrg] Collision issue in ciphertexts. Dang, Quynh
- [TLS] Data limit for GCM under a given key. Dang, Quynh
- Re: [TLS] Data limit for GCM under a given key. Watson Ladd
- Re: [TLS] Data limit for GCM under a given key. Dang, Quynh
- Re: [TLS] Data limit for GCM under a given key. Watson Ladd
- Re: [TLS] Data limit for GCM under a given key. Tony Arcieri
- Re: [TLS] Data limit for GCM under a given key. Eric Rescorla
- Re: [TLS] Data limit for GCM under a given key. Yoav Nir
- Re: [TLS] Data limit for GCM under a given key. Dave Garrett
- Re: [TLS] Data limit for GCM under a given key. Eric Rescorla
- Re: [TLS] Data limit for GCM under a given key. Eric Rescorla
- Re: [TLS] Data limit for GCM under a given key. Eric Rescorla
- Re: [TLS] Data limit for GCM under a given key. Dave Garrett
- Re: [TLS] Data limit for GCM under a given key. Dang, Quynh
- Re: [TLS] Data limit for GCM under a given key. Quynh Dang
- Re: [TLS] Data limit for GCM under a given key. Yoav Nir