IETF Logo Mail Archive

Re: [TLS] KeyUpdate and unbounded write obligations

Adam Langley <agl@imperialviolet.org> Thu, 18 August 2016 19:10 UTC

Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9FF312D794 for <tls@ietfa.amsl.com>; Thu, 18 Aug 2016 12:10:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWww_YrrO1cO for <tls@ietfa.amsl.com>; Thu, 18 Aug 2016 12:10:50 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61B1A12D122 for <tls@ietf.org>; Thu, 18 Aug 2016 12:10:50 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id v123so25823329qkh.2 for <tls@ietf.org>; Thu, 18 Aug 2016 12:10:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=SA/iNS54Bo67wXljCNAW32IteOHR0+eF7P7fnC3dSBg=; b=h30nnAD/YQ4qCEiALQZAzDoIBbjcB3W5ocZyVSU+HcWU6eU+Tfrrad385Y3HmyaZ0L qhmBeRjea1vFBpmFxqiXdOwHdccM+qDC8PYCMJjtRjfpmW3dtK5PvTprdF5tRRP/0OVR UuK5Uou/u27w0rwXTr0SFpx1lQ3KaSWzoxT0ixKIz4oPN9NsEgchG0QGLGQd8NotPgp1 /RtcBn08PufySmkUFOAwDC2R6Uc0F6vO9KvdTOd/iB9MF0Of8KOwwXihWi7Nit+Ngyrr /+ayHYI9l9RaZkgxZWC2i8vF77O5V/1G8KF6tpnmvFkqva3CG5ytTVi8RvtE24blL6Fe WoCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=SA/iNS54Bo67wXljCNAW32IteOHR0+eF7P7fnC3dSBg=; b=RKbdZr0H9L3sRU/I3oqhHN31myJ0JeHFOsX5H+49zJs0Bkg1T3H4cGq+j68eUnnbd6 m7eqD16M9PYvN/BNKumCDb89yoqIkqrLBPA+g18ajQ5OQroVrxM2Z0KnGu/6o+Hu2IEm unsGuJoXRruoJjAdRy+CZc+mcmpSXUlaIOceZ4glgxqvBXEbStMQnqwDMYqLvAumrcz4 iKqBwEcCvVTKaGrTk3wgZASKoj1wkOBFM5tfrUpfG4OfND5xEI/83Uu/QmFHS81loH/k er81DAa+OPgCWc8UVvmsZHvmLJ+GVU+Pdk+bMBP1gf4SGH58ceOhtz3D3/435b6zFQeZ Wq5w==
X-Gm-Message-State: AEkoouuId6w89KXKCiYlb7Zjfg9sqX7/oISftPRZI8KC96x1+KHRqZhhuYx1LGnElRJRkUEMu42YjcgQz6JJFA==
X-Received: by 10.55.58.68 with SMTP id h65mr4602693qka.210.1471547449493; Thu, 18 Aug 2016 12:10:49 -0700 (PDT)
MIME-Version: 1.0
Sender: alangley@gmail.com
Received: by 10.200.36.199 with HTTP; Thu, 18 Aug 2016 12:10:48 -0700 (PDT)
In-Reply-To: <CAF8qwaC_NGmx4pW=HwsqWTnvZysFhXayHJ1wPVAakWHo7nunxA@mail.gmail.com>
References: <CAF8qwaDgGHGmuBwhZEz9-=Ss2bfzNAYWfmnbMqQDxTQnMUpH7g@mail.gmail.com> <93086b3c-ca1b-4c37-67e1-efbf417a8b58@akamai.com> <CAF8qwaDfWdCCQpD8z8iY0BMJjbrf8qi-qf5X7mSe8m+hNZu-FQ@mail.gmail.com> <CAMzhQmPB0GXZzh+g=-TMmAp9HQxpZUPcht4zi3_K7WW_ouGg6A@mail.gmail.com> <CAF8qwaC_NGmx4pW=HwsqWTnvZysFhXayHJ1wPVAakWHo7nunxA@mail.gmail.com>
From: Adam Langley <agl@imperialviolet.org>
Date: Thu, 18 Aug 2016 12:10:48 -0700
X-Google-Sender-Auth: hNDWa5yUYnzfCHoeJEThbqfTx5k
Message-ID: <CAMfhd9UOOXLRmNjJogikQHa8QJx+HSLO-WuwJhgKKgAA-5TeBQ@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Content-Type: multipart/alternative; boundary="001a1148b7c6ff4de4053a5d56aa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dDwYiI9WI-79NjyN3uNeA7SKdSk>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] KeyUpdate and unbounded write obligations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 19:10:52 -0000

On Thu, Aug 18, 2016 at 11:55 AM, David Benjamin <davidben@chromium.org>
wrote:

> It seems desired_minimum_receive_generation can only be
> current_receive_generation or current_receive_generation + 1. In that
> case, a boolean should be sufficient and saves 7 bytes.
>

Given that simplification, is there a purpose for current_receive_generation?
It seems that scheme might be equal to a "please_echo" flag.


Cheers

AGL

v2.23.0 | Report a Bug | By Email