IETF Logo Mail Archive

Re: [TLS] Clarifications and questions: TLS1.3 - Static RSA and AEAD

Michael StJohns <msj@nthpermutation.com> Tue, 27 May 2014 17:39 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2150B1A0535 for <tls@ietfa.amsl.com>; Tue, 27 May 2014 10:39:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pOo7Fu1v-v5D for <tls@ietfa.amsl.com>; Tue, 27 May 2014 10:39:30 -0700 (PDT)
Received: from mail-pa0-f51.google.com (mail-pa0-f51.google.com [209.85.220.51]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83E441A04F8 for <tls@ietf.org>; Tue, 27 May 2014 10:39:30 -0700 (PDT)
Received: by mail-pa0-f51.google.com with SMTP id kq14so9468959pab.24 for <tls@ietf.org>; Tue, 27 May 2014 10:39:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=599oKEikxNddRXMJnew1RCUJid8n67bPv5jOG+mRhrg=; b=R/9nQA2Nxz7OITHMKFW8eo79gNx2g+2peICvWtKrbAi19labHnXFZUXTKuIHIlbAiT +43dfPqsf0UcdvFHlP+ETQ9W2ABdigQOPVWT4sqk8rrdSouZ6fLYNH9Jwt3xbAxo5mfS VpHdQYtP0fKBaU0Zck5O7SxUvezSvc5+UTcm/CH8VHu+Q79uXhrt8Bk8PktAkSj51poU GkkmZaWaOyr0mPpZtbPQQdET6peE1CNDlgzE4lkRbjWf6UTs/Hanh9l6+d3PnyWykSLh uecWGw8hJacshZXNtGr/NJD/M3jTzstx+ESs7HL+6Ozws6zlUWXSPsDmp2kEp0IThnwi RZrQ==
X-Gm-Message-State: ALoCoQnSXlnJHJ7X/ggUaDxE0kPWdbEx9D9T//aVN8iuMKx8iPulLtmccELet6l26FsZiRpNqe4B
X-Received: by 10.68.193.100 with SMTP id hn4mr38515984pbc.50.1401212367382; Tue, 27 May 2014 10:39:27 -0700 (PDT)
Received: from [192.168.1.102] (c-68-34-113-195.hsd1.md.comcast.net. [68.34.113.195]) by mx.google.com with ESMTPSA id ih6sm24337104pbc.22.2014.05.27.10.39.25 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 27 May 2014 10:39:26 -0700 (PDT)
Message-ID: <5384CDD5.5040306@nthpermutation.com>
Date: Tue, 27 May 2014 13:39:33 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>, Eric Rescorla <ekr@rtfm.com>
References: <5383F02F.4050706@nthpermutation.com> <CABcZeBPU8gQtpVOyD5KO28bv3Ggjf-7p1wj8uU8NztnFMfPJ6Q@mail.gmail.com> <53840318.10902@nthpermutation.com> <CABcZeBNCjddKRR=ayBr1LmOeMCv93aYZAquOHhqKHGLnDO81xg@mail.gmail.com> <CFAA0D03.15C36%uri@ll.mit.edu> <5384B735.3090904@nthpermutation.com> <CFAA3BA8.15C97%uri@ll.mit.edu>
In-Reply-To: <CFAA3BA8.15C97%uri@ll.mit.edu>
Content-Type: multipart/alternative; boundary="------------020605050906040000000701"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/dDJ4qqj9yDdcFiDIqXgkGirQkMg
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Clarifications and questions: TLS1.3 - Static RSA and AEAD
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 May 2014 17:39:32 -0000

On 5/27/2014 12:58 PM, Blumenthal, Uri - 0558 - MITLL wrote:
>
>     You want cryptographic isolation between the key material produced
>     from the master secret and the iv material produced from the IV,
>     and the current spec doesn't do that.  See my last message to
>     EKR.  One way to create this isolation is to derive the random IV
>     data from a key that is different from the master secret - either
>     a subkey derived from the master secret, or from a second key
>     derived from the premaster.
>
>
> You want the separation to be on a higher level.
>
> I'd be happy with either one of the above.
>
>       A second way to create the isolation is to not generate the IV
>     data from a key value and instead simply use an entropy expansion
>     function on the client_random and server_random to generate the IVs.
>
>
> Should be fine too, assuming at least one *_random is good enough.
>

That latter is my preference.

v2.23.0 | Report a Bug | By Email