[TLS] Pull Request: Removing the AEAD explicit IV
Eric Rescorla <ekr@rtfm.com> Mon, 16 March 2015 23:55 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8F661ACD55 for <tls@ietfa.amsl.com>; Mon, 16 Mar 2015 16:55:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FhfVsvhzH2Ig for <tls@ietfa.amsl.com>; Mon, 16 Mar 2015 16:55:38 -0700 (PDT)
Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D66941ACD4A for <tls@ietf.org>; Mon, 16 Mar 2015 16:55:37 -0700 (PDT)
Received: by wgbcc7 with SMTP id cc7so52519203wgb.0 for <tls@ietf.org>; Mon, 16 Mar 2015 16:55:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=OTHvYIo02Vdb0n1ervS8yz2OANQFuMV+l4cSKvJP1H8=; b=R0AziovHqAHgDTjwAVfJcI54j/vlfeqkCMlQdTNXv31WKSsCxANxJ84ndoyJpUIGA2 e5wR8A1UMvPvh0uq8dvMjBrqj0dvylnIN90oWqNkmPYf9HmwW10Bc31nOSG42plfzXs4 RBc2C1k3qsPfYczjOKJ5m+gioGXtI6GY4hw5FvT9TvTdpOFTs0r5rDk60IHhOtAqR9ti fTAYPfyu9AYftkozMG803HGbUmk72zglVTSA3q6GAH/AznCeIo4v4+2tUniFE9CuKb4U S7LfFyg7XiRM1RtdUWKhvqFRGGjuoszQO0hmaoP8vO+p3YWsG3dxggEQKPjrQORRBfJq hOfw==
X-Gm-Message-State: ALoCoQmygnSZcnJOfUme4J6nKnLhYy8wYqrU+MtEktgPPWtsTVZGEO5GY3Pu/3ia4vqf3UTINjVs
X-Received: by 10.194.185.68 with SMTP id fa4mr124707608wjc.111.1426550136612; Mon, 16 Mar 2015 16:55:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.205.198 with HTTP; Mon, 16 Mar 2015 16:54:56 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 16 Mar 2015 16:54:56 -0700
Message-ID: <CABcZeBPfasM5HmJaATLUHQKRgiSGCreJt1T=UoDBGCbcuzyW8Q@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="047d7bacb11e25bf3305117096ff"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/g8pnjkAeR0sKBsXScJyHdjRBEEI>
Subject: [TLS] Pull Request: Removing the AEAD explicit IV
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2015 23:55:42 -0000
PR: https://github.com/tlswg/tls13-spec/pull/155 Target merge date: 3/21 Currently: - AES-GCM uses a partially explicit nonce - The ChaCha20 draft uses the sequence number as the nonce. As Stephen Kent has observed, the idea behind the explicit IV is to allow the cryptographic module implementing the AEAD algorithm to ensure non-reuse of the nonce. However, for ChaCha I believe we came to the conclusion that it was acceptable to use the sequence number as the nonce, as the module can check for sequential usage. This saves 8 octets on the wire. In the interim in Seattle, we came to the conclusion that we should make all AEAD algorithms behave this way, which also simplifies the spec some. I've formatted this into a PR to verify the consensus on the list. Please comment here if you object and on the PR if you have editorial comments. https://github.com/tlswg/tls13-spec/pull/155 -Ekr
- [TLS] Pull Request: Removing the AEAD explicit IV Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Adam Langley
- Re: [TLS] Pull Request: Removing the AEAD explici… Michael StJohns
- Re: [TLS] Pull Request: Removing the AEAD explici… Yoav Nir
- Re: [TLS] Pull Request: Removing the AEAD explici… Michael StJohns
- Re: [TLS] Pull Request: Removing the AEAD explici… Michael StJohns
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Watson Ladd
- Re: [TLS] Pull Request: Removing the AEAD explici… Watson Ladd
- Re: [TLS] Pull Request: Removing the AEAD explici… Colm MacCárthaigh
- Re: [TLS] Pull Request: Removing the AEAD explici… Martin Thomson
- Re: [TLS] Pull Request: Removing the AEAD explici… Colm MacCárthaigh
- Re: [TLS] Pull Request: Removing the AEAD explici… Michael StJohns
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Brian Smith
- Re: [TLS] Pull Request: Removing the AEAD explici… Watson Ladd
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Watson Ladd
- Re: [TLS] Pull Request: Removing the AEAD explici… Ilari Liusvaara
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Watson Ladd
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Ilari Liusvaara
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Brian Smith
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Brian Smith
- Re: [TLS] Pull Request: Removing the AEAD explici… Ilari Liusvaara
- Re: [TLS] Pull Request: Removing the AEAD explici… Adam Langley
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Ilari Liusvaara
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Adam Langley
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Brian Smith
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Martin Thomson