Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Tue, 12 July 2016 17:17 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 853B912D5D3 for <tls@ietfa.amsl.com>; Tue, 12 Jul 2016 10:17:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vBPDeYCDFEUD for <tls@ietfa.amsl.com>; Tue, 12 Jul 2016 10:17:19 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00065.outbound.protection.outlook.com [40.107.0.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D577712D785 for <tls@ietf.org>; Tue, 12 Jul 2016 10:17:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NfPGAgaGP8BV6bNapefCsBVCm5Qhmejpr0OePaLwCOM=; b=w5Stlc5Sr8HNISYKX1pGkG8pxr+FCizCZRCNucvwkyXR5sQRw+Fvx8bjx3/V3Cs0U5YB1HWsxBckFEyMIDOafQrEWJw/CM/5l0b+5caRdRZBTVyhk2xtFAavEY7pBr3E6XM7NGPTnig9D81Lotw5L0OOiwuhoWLfM4rDBnsNv9I=
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com (10.166.42.148) by VI1PR03MB1821.eurprd03.prod.outlook.com (10.166.42.147) with Microsoft SMTP Server (TLS) id 15.1.539.14; Tue, 12 Jul 2016 17:17:11 +0000
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) by VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) with mapi id 15.01.0539.019; Tue, 12 Jul 2016 17:17:11 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>, "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>, Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] New draft: draft-ietf-tls-tls13-14.txt
Thread-Index: AQHR26esSHCH//KpSE6diooP42E52KAUxHSAgAAiIQCAAAGugIAACUMAgAAetID///d5AIAAFNgA
Date: Tue, 12 Jul 2016 17:17:11 +0000
Message-ID: <D3AAE2B7.70A78%kenny.paterson@rhul.ac.uk>
References: <CABcZeBMiLmwBeuLt=v4qdcJwe5rdsK_9R4-2TUXYC=sttmwH-g@mail.gmail.com> <D3AA5BD6.27AC0%qdang@nist.gov> <D3AAB674.709EA%kenny.paterson@rhul.ac.uk> <D3AA7549.27B09%qdang@nist.gov> <d1f35d74e93b4067bf17f587b904ebff@XCH-RTP-006.cisco.com> <D3AAD721.70A11%kenny.paterson@rhul.ac.uk> <D3AA9B01.27B9F%qdang@nist.gov>
In-Reply-To: <D3AA9B01.27B9F%qdang@nist.gov>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.5.160527
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [134.219.227.30]
x-ms-office365-filtering-correlation-id: 0ac0d550-c418-4311-931d-08d3aa785cc2
x-microsoft-exchange-diagnostics: 1; VI1PR03MB1821; 6:c0iJs8IYSEf2/lNLAZx/2MM45lwtPLLvy8bfXwuE62jGeXzUMYZ19hG/9sl7AwW0EGjrYERZLNyldAsVzY1ZKX3VQXvaFGDxRNnV5quMKkQXJm2djurzbpTrULrRtgZxvoJup7u2acnU3XhwAttq6AWq1wZ/Byo1VFefKqaWTi3EtJkud/znenR76g6aj0tFXhS4UAbICGuuWojPdm5MTzi5pl8GtQ1uCcloWuNjNP/NbvQRLpr4LOZ+TfwdXmU7h47NH0L6zpz3bvn6dMebEEJ4HyH2RPRoPFIId0YkXDc=; 5:ff0zZhDpvMOI7WDd2r4K8SCh4nROIqA9I0nDkitbbICrCFloZB10Y6iIrZp9WV3k1CRIfJAP9/PRpAS52o/5VT29V/nsdbA0paW9yKzyVy1OkzC07jHKj9b4mH8Ut4jISz5nSpFQ+tF3fKoaVZUImw==; 24:lAEMfo8AnNPJ7K9YyBI+Z6CmSEhzsjVOYDHIlEQyjrriKA1i5IsA1q8t0qR/HKE4zKj4UBE1nSZeUxyYlW6XiBNKDnltB61xv9Eg/aYXtO0=; 7:IuneG1jmeD7rAWBkMyDVpzRUSit/DdtZOXO+MpYyYXcyF912rK9/G79WNuQCK63p9EhnQRE6FWf4KX+ADyba5Pg7tRy1GsLkuRzc145n2tyyQOEMydR/RSe1qumAr3+OFpBwIn2a7d3Kk/rzqbK+F43oQ5wK4L7YC0vrXkIVwiFSISxFztqxNvVbHRnaViqjOu7ra57dO/VsGBzfNhDI5/c+EWhTIII2wFTUVkI2u6wI2qcup98HqJTFlUMyi5Ls
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR03MB1821;
x-microsoft-antispam-prvs: <VI1PR03MB182190C9A11ED7372DBE8B88BC300@VI1PR03MB1821.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(65766998875637)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001); SRVR:VI1PR03MB1821; BCL:0; PCL:0; RULEID:; SRVR:VI1PR03MB1821;
x-forefront-prvs: 0001227049
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(51444003)(24454002)(377454003)(199003)(189002)(2501003)(83506001)(50986999)(101416001)(54356999)(76176999)(36756003)(66066001)(586003)(8676002)(102836003)(68736007)(3846002)(10400500002)(6116002)(77096005)(2950100001)(2900100001)(5002640100001)(81156014)(81166006)(2906002)(8936002)(122556002)(11100500001)(3660700001)(305945005)(8666005)(7846002)(7736002)(93886004)(3280700002)(87936001)(230783001)(92566002)(4001350100001)(5001770100001)(97736004)(189998001)(107886002)(74482002)(106356001)(106116001)(105586002)(86362001)(19580395003)(19580405001)(7059030); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR03MB1821; H:VI1PR03MB1822.eurprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <B451EC13185444419A5B95306C90AC38@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2016 17:17:11.8114 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB1821
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ikncDf2LFacZY_AvdR6B6cFlgXc>
Subject: Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2016 17:17:21 -0000
Hi On 12/07/2016 18:04, "Dang, Quynh (Fed)" <quynh.dang@nist.gov> wrote: >Hi Kenny, > >On 7/12/16, 12:33 PM, "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> wrote: > >>Finally, you write "to come to the 2^38 record limit, they assume that >>each record is the maximum 2^14 bytes". For clarity, we did not recommend >>a limit of 2^38 records. That's Quynh's preferred number, and is >>unsupported by our analysis. > >What is problem with my suggestion even with the record size being the >maximum value? There may be no problem with your suggestion. I was simply trying to make it clear that 2^38 records was your suggestion for the record limit and not ours. Indeed, if one reads our note carefully, one will find that we do not make any specific recommendations. We consider the decision to be one for the WG; our preferred role is to supply the analysis and help interpret it if people want that. Part of that involves correcting possible misconceptions and misinterpretations before they get out of hand. Now 2^38 does come out of our analysis if you are willing to accept single key attack security (in the indistinguishability sense) of 2^{-32}. So in that limited sense, 2^38 is supported by our analysis. But it is not our recommendation. But, speaking now in a personal capacity, I consider that security margin to be too small (i.e. I think that 2^{-32} is too big a success probability). Regards, Kenny
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Atul Luykx
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt David McGrew
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt David McGrew
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Peter Gutmann
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Atul Luykx
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt David McGrew
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Paterson, Kenny
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Watson Ladd
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Atul Luykx
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Hubert Kario
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Benjamin Kaduk
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Eric Rescorla
- Re: [TLS] TLS 1.3 signature algorithms in TLS 1.2 David Benjamin
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Ilari Liusvaara
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Benjamin Kaduk
- Re: [TLS] TLS 1.3 signature algorithms in TLS 1.2 Ilari Liusvaara
- Re: [TLS] TLS 1.3 signature algorithms in TLS 1.2 Ilari Liusvaara
- Re: [TLS] TLS 1.3 signature algorithms in TLS 1.2 David Benjamin
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Atul Luykx
- Re: [TLS] TLS 1.3 signature algorithms in TLS 1.2 Ilari Liusvaara
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Paterson, Kenny
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Paterson, Kenny
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Paterson, Kenny
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Scott Fluhrer (sfluhrer)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- Re: [TLS] TLS 1.3 signature algorithms in TLS 1.2 David Benjamin
- [TLS] TLS 1.3 signature algorithms in TLS 1.2 David Benjamin
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Paterson, Kenny
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Scott Fluhrer (sfluhrer)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Paterson, Kenny
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- [TLS] New draft: draft-ietf-tls-tls13-14.txt Eric Rescorla
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Ilari Liusvaara
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dave Garrett
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Ilari Liusvaara
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Paterson, Kenny
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Dang, Quynh (Fed)
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Paterson, Kenny
- Re: [TLS] New draft: draft-ietf-tls-tls13-14.txt Paterson, Kenny