IETF Logo Mail Archive

Re: [TLS] Choice of Additional Data Computation

Martin Thomson <mt@lowentropy.net> Mon, 27 April 2020 22:26 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 946713A0CDF for <tls@ietfa.amsl.com>; Mon, 27 Apr 2020 15:26:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=U3e9AUPr; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=jDBtjbD9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cXzIfWg8tWkT for <tls@ietfa.amsl.com>; Mon, 27 Apr 2020 15:26:05 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B49973A0D88 for <tls@ietf.org>; Mon, 27 Apr 2020 15:25:56 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 259DE652 for <tls@ietf.org>; Mon, 27 Apr 2020 18:25:56 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Mon, 27 Apr 2020 18:25:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=VdyC08D7axv+8FkUm3zNHXKciMEfWBa c7tis4OyoISQ=; b=U3e9AUPrtrLXYDdOjOs19CRHPlhta29Ii+VmlxCblW/MSGi ik/DaGhGK7/btlbFBbdcDu4/oQXlCqtOQthO4OkhpAPaJSjXJvY4/k9fYMtk155i qEzBiT3jKsFuXCpyXXcPQT/Js17WPh9XAmQljfS6fBy0YqdIK3R49ZgAiiv6dBOA 3iLPSkifsrb3gwju7v1zXcsBsOlfUSRZbjtR1AKgfCLtl94Jh0fftwzn91nfiJE2 e5ciao15GyygO7xVnN7A3zkXnNWYri0hFJk4efmeL4tJy6RKS/u+2z5qV+/+4czd y84JMPtueGwoHeFFlPYwO55KeQXaZopKq8bhTWw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=VdyC08 D7axv+8FkUm3zNHXKciMEfWBac7tis4OyoISQ=; b=jDBtjbD97JC8IHIT9ux8kW rfE9412actme5dgmHJVp69zBuKMLGRmcTsntqzTX73bFf0fTwegIF6r7mAErVKXq au/aXIJ7Qt0sP98/Lv/saTZ+CFI8BFC7jZoqJuPppzqV+xduPn8uzEdix/AipMJz JAULbx1hfkEvJAPiiW0Axcze3Q1tEVH7ec1dW2Mg7bqSBpkYW2rfmhECLaOAntpn BHaVp6gW+Mw6XObVvdGu2UdDIOlu5GfKoR6zieVnDF20nf9OScENSXzf3L36eemF d67BF74+BUBBoTec/ErDYU2QK91Yh3oLfUm0jtTu4LVZ+7eF1TfS+OOq33EWuZGg ==
X-ME-Sender: <xms:81unXvOWbD1nR9RZksXbU6BNNM7aXGCcwuSuDA9k2GVjQt6alwzlXw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedriedtgddtjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe hmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:81unXmkfhVH_WDZmuAVN9o81WYP1Nou99uaxIlk-ecgCqT4m3vwIow> <xmx:81unXh4Q-J6o1fm257QFW9ey9aZnZ6CiYhagFFWzXTWdmflJ1aIQ8w> <xmx:81unXp1nwZ3vTv0e_C35Kf37Ek3GObTg-GQ3iDhyVF47caw_xA1PRA> <xmx:81unXrsvy93OQWc0FtkKpPyjA6lB89sqTrVgYBQdv0vzt9a1cn2Pwg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 9A912E00AD; Mon, 27 Apr 2020 18:25:55 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-351-g9981f4f-fmstable-20200421v1
Mime-Version: 1.0
Message-Id: <530cd39e-64c9-4a3a-91cb-2a13e3106037@www.fastmail.com>
In-Reply-To: <AM0PR08MB37163F09F66FB8FEE2E3D010FAAF0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM0PR08MB371694E826FA10D25F2BA53EFAD00@AM0PR08MB3716.eurprd08.prod.outlook.com> <93042b37-37e1-5b6a-3578-a750054d0507@gmx.net> <AM0PR08MB3716541F4825F8D43DC3D308FAD00@AM0PR08MB3716.eurprd08.prod.outlook.com> <CACLV2m4-Qcx-xKWP201VCY73HVyjCzHVCb6PrntnBWhA8fBQYg@mail.gmail.com> <AM6PR08MB3318B6ABD411C8C476C3D10B9BD00@AM6PR08MB3318.eurprd08.prod.outlook.com> <CABcZeBOwK7m465LsbY3U+bHv0XA2rcGOTEBStTtTNkwAYvWeQA@mail.gmail.com> <CACLV2m5Md2+Ffc978ZJ+BeZwRgcXTV3xE0vXzmvNgnot_c71xQ@mail.gmail.com> <AM6PR08MB331862B6F143652F4B4C10EE9BD00@AM6PR08MB3318.eurprd08.prod.outlook.com> <CABcZeBMKoVrcN-=aTvy6py5bhOwOVrhgVLmtX2tthc=Oa54b_Q@mail.gmail.com> <CACLV2m7knyt-gQoQq2v1Kz-J62DPjCpb6faJFfDgJ-8mprHwxQ@mail.gmail.com> <CABcZeBMwQHdRuvcs5pmE59SCUj=cwWCtrBhyh9w_L0U1ZDoJ8Q@mail.gmail.com> <AM6PR08MB3318AFD0C1FC4011ED2A81919BD00@AM6PR08MB3318.eurprd08.prod.outlook.com> <CACLV2m7P-=ztPLt+eZjEpcZW=TbNj4wU6hOywhAyMx5ZRrahUw@mail.gmail.com> <AM6PR08MB33185190928734FAFCEDFFCE9BD10@AM6PR08MB3318.eurprd08.prod.outlook.com> <CABcZeBNtZrGRG1_z9V+fPsigmqehG_nvrCQ4_doSfAknYHyhOQ@mail.gmail.com> <AM0PR08MB37163F09F66FB8FEE2E3D010FAAF0@AM0PR08MB3716.eurprd08.prod.outlook.com>
Date: Tue, 28 Apr 2020 08:25:37 +1000
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dj0CHGddrxXDtnYCRTmmgyWWDIo>
Subject: Re: [TLS] Choice of Additional Data Computation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2020 22:26:13 -0000

On Mon, Apr 27, 2020, at 17:06, Hannes Tschofenig wrote:
> (*): Even if we optimize the CID away with cTLS the question about the 
> security implications will surface again. 

I think that cTLS is the answer to the size issue.  But there, the rule tends to be that removing from the wire doesn't also remove from the canonical value that is processed by the stack, so we might be able to send without a CID, but re-insert the value before processing.  As the canonical form, DTLS always including the value seems fine to me.

v2.23.0 | Report a Bug | By Email