IETF Logo Mail Archive

Re: [TLS] Data volume limits

Martin Thomson <martin.thomson@gmail.com> Wed, 16 December 2015 03:59 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FA6C1A6F71 for <tls@ietfa.amsl.com>; Tue, 15 Dec 2015 19:59:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OG1cXIU5e9wF for <tls@ietfa.amsl.com>; Tue, 15 Dec 2015 19:59:36 -0800 (PST)
Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FEF61A6F38 for <tls@ietf.org>; Tue, 15 Dec 2015 19:59:36 -0800 (PST)
Received: by mail-ig0-x232.google.com with SMTP id to18so31322264igc.0 for <tls@ietf.org>; Tue, 15 Dec 2015 19:59:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=htXwDfPIetXFXUDO2UkZW6fsyNNdVqeqnQrbnpwgzOU=; b=SlzkeurFTQjZC+rvDuBzRPsK2RsC3hezNKu9LMDD2eTuFJR5puVLSr0jIB9YdOz9Xg 3Mhz6r1A15Vywedz+UEnDntWzupMKnxcqtq9AMk4Vnn0+nDv84xwN0RCpzFnyq6utxBu WTK1BoSenYkmsLhQKYFP645Uy51TRtRztg2DnpKiMDUkpHjLToq8bB5CFWNVfM7rxG9S DEq+wRw/VpjeYNpqpzJA+Hs2m38g39jwqiscahFGzSPefgro5qcTZh14wI0EZ1V/ei/V PgnjWV1dPparbUoVtuUHkyrRNMih8uj8fRp8k+J264jIDMIlRCuBeI2sEXAp8mmg6sQn TAcA==
MIME-Version: 1.0
X-Received: by 10.107.169.29 with SMTP id s29mr40738644ioe.190.1450238375657; Tue, 15 Dec 2015 19:59:35 -0800 (PST)
Received: by 10.36.149.130 with HTTP; Tue, 15 Dec 2015 19:59:35 -0800 (PST)
In-Reply-To: <201512152257.01966.davemgarrett@gmail.com>
References: <CABcZeBNR76DqPo0Mukf5L2G-WBSC+RCZKhVGqBZq=tJYfEHLUg@mail.gmail.com> <CABkgnnU67_rsVEWKg_ckaYXcZhiXNEgku4ntaZTF3nTYSMZGsg@mail.gmail.com> <201512152257.01966.davemgarrett@gmail.com>
Date: Wed, 16 Dec 2015 14:59:35 +1100
Message-ID: <CABkgnnU0qXQBYY8P2U57K2XKq3fwscFuQxJmjk1Xn2hbUAHZ7g@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/f0d-Qsbwb64sRckMiLKzb_OQBXg>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Data volume limits
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2015 03:59:37 -0000

On 16 December 2015 at 14:57, Dave Garrett <davemgarrett@gmail.com> wrote:
> In fact, if we're OK with setting this rather low threshold, then we could even get rid of the rekey signal entirely and just have an automatic rekey after every 4GiB for all ciphers. That'd be one less complexity to deal with. Rekeys would be routine.

I don't like automatic rekey (though I almost like the per-record
rekeying that I think was semi-facetiously suggested by someone).  An
explicit rekey allows for two things:
 - testing
 - reducing the limit if we find that the cipher is more busted than
we originally thought (with respect to key overuse)

v2.23.0 | Report a Bug | By Email