Re: [TLS] Data volume limits

Benjamin Beurdouche <benjamin.beurdouche@inria.fr> Tue, 15 December 2015 21:27 UTC

Return-Path: <benjamin.beurdouche@inria.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 368261A8777 for <tls@ietfa.amsl.com>; Tue, 15 Dec 2015 13:27:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.56
X-Spam-Level:
X-Spam-Status: No, score=-6.56 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4C5An1ipzOe for <tls@ietfa.amsl.com>; Tue, 15 Dec 2015 13:27:11 -0800 (PST)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 103A81ACE80 for <tls@ietf.org>; Tue, 15 Dec 2015 13:27:10 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.20,434,1444687200"; d="scan'208";a="192324079"
Received: from ram75-1-78-192-222-230.fbxo.proxad.net (HELO [192.168.1.30]) ([78.192.222.230]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Dec 2015 22:27:09 +0100
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Benjamin Beurdouche <benjamin.beurdouche@inria.fr>
In-Reply-To: <CACsn0cnXdDv3sOnMdtGtts_fTOZkB=-XzSuyKGKwik+imrTadw@mail.gmail.com>
Date: Tue, 15 Dec 2015 22:27:09 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <C15EA9A2-CDD0-4968-81CB-FD5E13999B98@inria.fr>
References: <CABcZeBNR76DqPo0Mukf5L2G-WBSC+RCZKhVGqBZq=tJYfEHLUg@mail.gmail.com> <CABcZeBO5uDV=d=5uDUz5kJwGcycJmZx9FwqyWno-6RHR+jjiKw@mail.gmail.com> <CACsn0cnXdDv3sOnMdtGtts_fTOZkB=-XzSuyKGKwik+imrTadw@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>, Eric Rescorla <ekr@rtfm.com>, Dave Garrett <davemgarrett@gmail.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/gt5HmhvTfEpm-Rjqi4s4tbY5aVU>
Cc: ML IETF TLS <tls@ietf.org>
Subject: Re: [TLS] Data volume limits
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2015 21:27:13 -0000

> On 15 Dec 2015, at 22:17, Watson Ladd <watsonbladd@gmail.com> wrote:
> 
> I don't think that's what I intended: I think the limit should be
> ciphersuite specific. Unfortunately that requires more work.
> 
> On Tue, Dec 15, 2015 at 4:15 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>> 
>>> I wanted to get people's opinions on whether that's actually what we want
>>> or whether we should (as is my instinct) allow people to use ChaCha
>>> for longer periods.

IMHO, if we differentiate the limit depending on the ciphersuite, it will be more complex to handle and cause problems at some point.
I would rather have a single value in the spec that is safe for all allowed ciphersuites, rekey more frequently and leave people take their own risks by setting higher limits if they do not negotiate AES-GCM (for example).

B.