Re: [TLS] Version in record MAC
Adam Langley <agl@imperialviolet.org> Tue, 27 October 2015 18:49 UTC
Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32EC31A1A59 for <tls@ietfa.amsl.com>; Tue, 27 Oct 2015 11:49:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lHnewmbx3E_v for <tls@ietfa.amsl.com>; Tue, 27 Oct 2015 11:49:16 -0700 (PDT)
Received: from mail-qg0-x233.google.com (mail-qg0-x233.google.com [IPv6:2607:f8b0:400d:c04::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C8761A1B5B for <tls@ietf.org>; Tue, 27 Oct 2015 11:49:16 -0700 (PDT)
Received: by qgeo38 with SMTP id o38so153872564qge.0 for <tls@ietf.org>; Tue, 27 Oct 2015 11:49:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=iRN46UuI9YP8fu2l4oYomfxuTuC78SysWm+8SkdSOPY=; b=w7guqzbbQjJDG5zpGM1NEuJuFZ31WJi1whx9+CULGrecUrudFwe7Px9CiotWf3Qzx6 ETl0qhI/wd3b+FfWtt1F12epnpC1bcMCdFi8vaEIbA5VnVsfZrgKXkEvW5yJFjI6aaBe 0sXEP+ZTKZY/K4zRMYemAhuERcACdSAOfY4MO8XIMs1wt8xn6HPN/oRKJi217XZTG5iV qTNcHgan3x9FAaO7A0q/wqvERe1T876P8P+2Bxjm4VpPXHoP/dVB2KrHMcd0Zbrm/uZM u5voY/bZs471xB06NkfY3UMP/+4LTAthyt8RIWPH7wLdhdX+sGQrMpj8RbFrrqL/HVV1 akgw==
MIME-Version: 1.0
X-Received: by 10.141.28.76 with SMTP id f73mr35574938qhe.17.1445971755258; Tue, 27 Oct 2015 11:49:15 -0700 (PDT)
Sender: alangley@gmail.com
Received: by 10.140.81.241 with HTTP; Tue, 27 Oct 2015 11:49:15 -0700 (PDT)
In-Reply-To: <CABcZeBMsass0MQT3cyE0Q9eq6eWUUtZ=wGNFavw5XKEqa=SkGA@mail.gmail.com>
References: <CABkgnnV+QrjcXJdZwwAGW-SpX0Z0_JroEVT-kMJgUAVe7DDQUw@mail.gmail.com> <CABcZeBOrL=TosONYfM_QPPYfT5N4VH7yR4hFw3Qt8W4V0uznkw@mail.gmail.com> <CABkgnnXis0mwqcsd1D0S61kqL6kvq9=ZU0BRbwbLH7Jesj0Y-w@mail.gmail.com> <CABcZeBNpV3uqOF4YohiCrtq03hR7LPnPGdny6yWB+zysVufiqA@mail.gmail.com> <CABkgnnWVJeeBuMitweCj=nOSB5cA-R-6btdQeWp0Bdnomd2XtQ@mail.gmail.com> <CAMfhd9V4WVxKbJh6KkNdVFGBGKh=tG5kC_7sPthOwhrrUi5eoQ@mail.gmail.com> <CABcZeBOc_9i83j4rjxve8PuBPWdd8eCVN2wQth3G0=T_xz1UKg@mail.gmail.com> <811734cd29d64adc98c5388870611575@XCH-ALN-004.cisco.com> <CABcZeBNZJkrVsA9UEN-ywpzUOZy4wJ=2=QDg-KhjNUCvMKi=HA@mail.gmail.com> <CABcZeBNOJNwL9Akbhnpd2fg8rk80BNYRkODRpqDb9nk2K_m1mg@mail.gmail.com> <20151027150915.GA8140@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBMsass0MQT3cyE0Q9eq6eWUUtZ=wGNFavw5XKEqa=SkGA@mail.gmail.com>
Date: Tue, 27 Oct 2015 11:49:15 -0700
X-Google-Sender-Auth: V34T0SO1j0fSk_UtciVLajOg1Zc
Message-ID: <CAMfhd9V6-1GnEtqBQjx5MhFYU_kAvj9vXK_7R=Hi=UGhtDnu_w@mail.gmail.com>
From: Adam Langley <agl@imperialviolet.org>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/fQu5G72xFPkPimcVNvPrbEJIlxc>
Cc: "David McGrew (mcgrew)" <mcgrew@cisco.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Version in record MAC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2015 18:49:18 -0000
On Tue, Oct 27, 2015 at 8:56 AM, Eric Rescorla <ekr@rtfm.com> wrote: > Yes, that's correct. But we could relax that restriction and make those work > if we wanted... Explicit nonces should not be used in TLS. I'm happy to be building things without them in mind. SIV modes, if turned into AEADs, would have to authenticate their nonces internally. RFC 5297 basically says that already (https://tools.ietf.org/html/rfc5297#section-3). That might mean that the nonce is prepended to the AD inside the AEAD abstraction, but that wouldn't be TLS's concern. Cheers AGL -- Adam Langley agl@imperialviolet.org https://www.imperialviolet.org
- [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Colm MacCárthaigh
- Re: [TLS] Version in record MAC David Benjamin
- Re: [TLS] Version in record MAC Martin Thomson
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Martin Thomson
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Martin Thomson
- Re: [TLS] Version in record MAC Russ Housley
- Re: [TLS] Version in record MAC Adam Langley
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC David McGrew (mcgrew)
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Ilari Liusvaara
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Adam Langley
- Re: [TLS] Version in record MAC Eric Rescorla
- Re: [TLS] Version in record MAC Eric Rescorla
- [TLS] Collision issue in ciphertexts. Dang, Quynh
- Re: [TLS] [Cfrg] Collision issue in ciphertexts. Watson Ladd
- Re: [TLS] [Cfrg] Collision issue in ciphertexts. Dang, Quynh
- [TLS] Data limit for GCM under a given key. Dang, Quynh
- Re: [TLS] Data limit for GCM under a given key. Watson Ladd
- Re: [TLS] Data limit for GCM under a given key. Dang, Quynh
- Re: [TLS] Data limit for GCM under a given key. Watson Ladd
- Re: [TLS] Data limit for GCM under a given key. Tony Arcieri
- Re: [TLS] Data limit for GCM under a given key. Eric Rescorla
- Re: [TLS] Data limit for GCM under a given key. Yoav Nir
- Re: [TLS] Data limit for GCM under a given key. Dave Garrett
- Re: [TLS] Data limit for GCM under a given key. Eric Rescorla
- Re: [TLS] Data limit for GCM under a given key. Eric Rescorla
- Re: [TLS] Data limit for GCM under a given key. Eric Rescorla
- Re: [TLS] Data limit for GCM under a given key. Dave Garrett
- Re: [TLS] Data limit for GCM under a given key. Dang, Quynh
- Re: [TLS] Data limit for GCM under a given key. Quynh Dang
- Re: [TLS] Data limit for GCM under a given key. Yoav Nir