IETF Logo Mail Archive

Re: [TLS] Version in record MAC

Adam Langley <agl@imperialviolet.org> Tue, 27 October 2015 18:49 UTC

Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32EC31A1A59 for <tls@ietfa.amsl.com>; Tue, 27 Oct 2015 11:49:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lHnewmbx3E_v for <tls@ietfa.amsl.com>; Tue, 27 Oct 2015 11:49:16 -0700 (PDT)
Received: from mail-qg0-x233.google.com (mail-qg0-x233.google.com [IPv6:2607:f8b0:400d:c04::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C8761A1B5B for <tls@ietf.org>; Tue, 27 Oct 2015 11:49:16 -0700 (PDT)
Received: by qgeo38 with SMTP id o38so153872564qge.0 for <tls@ietf.org>; Tue, 27 Oct 2015 11:49:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=iRN46UuI9YP8fu2l4oYomfxuTuC78SysWm+8SkdSOPY=; b=w7guqzbbQjJDG5zpGM1NEuJuFZ31WJi1whx9+CULGrecUrudFwe7Px9CiotWf3Qzx6 ETl0qhI/wd3b+FfWtt1F12epnpC1bcMCdFi8vaEIbA5VnVsfZrgKXkEvW5yJFjI6aaBe 0sXEP+ZTKZY/K4zRMYemAhuERcACdSAOfY4MO8XIMs1wt8xn6HPN/oRKJi217XZTG5iV qTNcHgan3x9FAaO7A0q/wqvERe1T876P8P+2Bxjm4VpPXHoP/dVB2KrHMcd0Zbrm/uZM u5voY/bZs471xB06NkfY3UMP/+4LTAthyt8RIWPH7wLdhdX+sGQrMpj8RbFrrqL/HVV1 akgw==
MIME-Version: 1.0
X-Received: by 10.141.28.76 with SMTP id f73mr35574938qhe.17.1445971755258; Tue, 27 Oct 2015 11:49:15 -0700 (PDT)
Sender: alangley@gmail.com
Received: by 10.140.81.241 with HTTP; Tue, 27 Oct 2015 11:49:15 -0700 (PDT)
In-Reply-To: <CABcZeBMsass0MQT3cyE0Q9eq6eWUUtZ=wGNFavw5XKEqa=SkGA@mail.gmail.com>
References: <CABkgnnV+QrjcXJdZwwAGW-SpX0Z0_JroEVT-kMJgUAVe7DDQUw@mail.gmail.com> <CABcZeBOrL=TosONYfM_QPPYfT5N4VH7yR4hFw3Qt8W4V0uznkw@mail.gmail.com> <CABkgnnXis0mwqcsd1D0S61kqL6kvq9=ZU0BRbwbLH7Jesj0Y-w@mail.gmail.com> <CABcZeBNpV3uqOF4YohiCrtq03hR7LPnPGdny6yWB+zysVufiqA@mail.gmail.com> <CABkgnnWVJeeBuMitweCj=nOSB5cA-R-6btdQeWp0Bdnomd2XtQ@mail.gmail.com> <CAMfhd9V4WVxKbJh6KkNdVFGBGKh=tG5kC_7sPthOwhrrUi5eoQ@mail.gmail.com> <CABcZeBOc_9i83j4rjxve8PuBPWdd8eCVN2wQth3G0=T_xz1UKg@mail.gmail.com> <811734cd29d64adc98c5388870611575@XCH-ALN-004.cisco.com> <CABcZeBNZJkrVsA9UEN-ywpzUOZy4wJ=2=QDg-KhjNUCvMKi=HA@mail.gmail.com> <CABcZeBNOJNwL9Akbhnpd2fg8rk80BNYRkODRpqDb9nk2K_m1mg@mail.gmail.com> <20151027150915.GA8140@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBMsass0MQT3cyE0Q9eq6eWUUtZ=wGNFavw5XKEqa=SkGA@mail.gmail.com>
Date: Tue, 27 Oct 2015 11:49:15 -0700
X-Google-Sender-Auth: V34T0SO1j0fSk_UtciVLajOg1Zc
Message-ID: <CAMfhd9V6-1GnEtqBQjx5MhFYU_kAvj9vXK_7R=Hi=UGhtDnu_w@mail.gmail.com>
From: Adam Langley <agl@imperialviolet.org>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/fQu5G72xFPkPimcVNvPrbEJIlxc>
Cc: "David McGrew (mcgrew)" <mcgrew@cisco.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Version in record MAC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2015 18:49:18 -0000

On Tue, Oct 27, 2015 at 8:56 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> Yes, that's correct. But we could relax that restriction and make those work
> if we wanted...

Explicit nonces should not be used in TLS. I'm happy to be building
things without them in mind.

SIV modes, if turned into AEADs, would have to authenticate their
nonces internally. RFC 5297 basically says that already
(https://tools.ietf.org/html/rfc5297#section-3). That might mean that
the nonce is prepended to the AD inside the AEAD abstraction, but that
wouldn't be TLS's concern.


Cheers

AGL

-- 
Adam Langley agl@imperialviolet.org https://www.imperialviolet.org

v2.23.0 | Report a Bug | By Email