Re: [TLS] Encryption of TLS 1.3 content type

Juho Vähä-Herttua <juhovh@iki.fi> Mon, 28 July 2014 21:23 UTC

Return-Path: <juhovh@iki.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F2101A02E4 for <tls@ietfa.amsl.com>; Mon, 28 Jul 2014 14:23:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.821
X-Spam-Level:
X-Spam-Status: No, score=-0.821 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id groBCZy0GFvB for <tls@ietfa.amsl.com>; Mon, 28 Jul 2014 14:23:56 -0700 (PDT)
Received: from gw03.mail.saunalahti.fi (gw03.mail.saunalahti.fi [195.197.172.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CDA51A02D0 for <tls@ietf.org>; Mon, 28 Jul 2014 14:23:56 -0700 (PDT)
Received: from [10.168.252.42] (85-76-53-79-nat.elisa-mobile.fi [85.76.53.79]) by gw03.mail.saunalahti.fi (Postfix) with ESMTP id B6C7E20027; Tue, 29 Jul 2014 00:23:50 +0300 (EEST)
Content-Type: text/plain; charset=gb2312
Mime-Version: 1.0 (1.0)
From: =?utf-8?Q?Juho_V=C3=A4h=C3=A4-Herttua?= <juhovh@iki.fi>
X-Mailer: iPhone Mail (11D257)
In-Reply-To: <CAAF6GDcnmyc5n0XfeunrV9GvQdhO1cePdXKwYNWRpnS8bQ4ZHA@mail.gmail.com>
Date: Tue, 29 Jul 2014 00:23:50 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <49AFE121-7421-4FCE-B3D8-46B75581F5B2@iki.fi>
References: <DD255E31-FA87-40CE-AF13-0F43A7DD54CF@cisco.com> <CACsn0cnt-ry182AjOyTTZGteifs7VyRPYHaj-xDCBOf0D53w9A@mail.gmail.com> <CAAF6GDfK7awipoMT_PPyKnTe-fF1=KY1Be8kUMSYrXN0Wzb=tg@mail.gmail.com> <1406537753.2413.12.camel@dhcp-2-127.brq.redhat.com> <CAAF6GDcKqymNMnVa50Q7kSTgHrWcM1-qMNGyxU-NcjXMnCD3gQ@mail.gmail.com> <1406560456.7750.20.camel@dhcp-2-127.brq.redhat.com> <CAAF6GDcnmyc5n0XfeunrV9GvQdhO1cePdXKwYNWRpnS8bQ4ZHA@mail.gmail.com>
To: =?GB2312?Q?Colm_MacC=A8=A2rthaigh?= <colm@allcosts.net>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/eW1WRLRMOdX0R6MaWzedVYaqVuc
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Encryption of TLS 1.3 content type
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jul 2014 21:23:58 -0000

> On 29.7.2014, at 0.15, Colm MacCárthaigh <colm@allcosts.net> wrote:
> 
> On Mon, Jul 28, 2014 at 8:14 AM, Nikos Mavrogiannopoulos
> <nmav@redhat.com> wrote:
>> On the contrary, all _new_ ciphers are stream (GCM, CCM)
> 
> Now you've got me scratching my head, because both GCM and CCM are
> authentication modes for block ciphers, not stream.

They are both authenticated counter modes for block ciphers, which means they behave like stream ciphers. Even though the output from the cipher comes in blocks, all redundant bytes in the end can be dropped, unlike in CBC mode. 

Therefore 2 byte alert encrypted with GCM or CCM is still 2 bytes plus the authentication tag. I believe this is what Nikos meant.


Juho