Re: [TLS] Pull Request: Removing the AEAD explicit IV
Watson Ladd <watsonbladd@gmail.com> Thu, 19 March 2015 04:43 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CFA21A8790 for <tls@ietfa.amsl.com>; Wed, 18 Mar 2015 21:43:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZpWgt0LUhCX3 for <tls@ietfa.amsl.com>; Wed, 18 Mar 2015 21:43:32 -0700 (PDT)
Received: from mail-yh0-x22a.google.com (mail-yh0-x22a.google.com [IPv6:2607:f8b0:4002:c01::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46DA71A8715 for <tls@ietf.org>; Wed, 18 Mar 2015 21:43:32 -0700 (PDT)
Received: by yhle43 with SMTP id e43so10000223yhl.2 for <tls@ietf.org>; Wed, 18 Mar 2015 21:43:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=f5hRoXNXFKNYlMa1lE/e/OZPUu5I1p9TP1OATi2wYiI=; b=wamGJtpjuIU+mlEZTrvFwAy3a8dKPcnKRx7uTJaYhxO8zKaX6kkvbBTA/R/L1tdVQe jZo9xdtXLNhgaIiKVV2DmzYIwf8TwWU+YmIEpS+/GlNYINHshPmdSjVIdUwcrOUIrheZ tPpnulpkHhQhi3ZzFgWYTLK2Tc1mYLUouL3lgcCtwXyou7cxQaOel91Bmkq8hFvsGVme XMNfqM3/FnFNqKVkVcUU/ihE1iLCuArXhiUtBxCm7rFupVVxDwNhd5AewQUGy6Veywye N7QAdvrTQM4fLL+wFNG4R6uJnc5n+1FEsfBztfv9mdaKp5hxt5nIoTFW0tmzQdPbiUnC ZJjw==
MIME-Version: 1.0
X-Received: by 10.236.220.65 with SMTP id n61mr75279910yhp.44.1426740211635; Wed, 18 Mar 2015 21:43:31 -0700 (PDT)
Received: by 10.170.58.201 with HTTP; Wed, 18 Mar 2015 21:43:31 -0700 (PDT)
In-Reply-To: <CAAF6GDeEvnt7Gzz-8VutTwaO5BCq8ZA4Z-CSKoY4oYkwqvAn_A@mail.gmail.com>
References: <CABcZeBPfasM5HmJaATLUHQKRgiSGCreJt1T=UoDBGCbcuzyW8Q@mail.gmail.com> <CAAF6GDdbr57hVa4OD-wCfQtx46bo_D858V_25w8gTtd+M8OhzQ@mail.gmail.com> <CACsn0ckU==QcJhTvyov2DeJCKq_kxvfqK=AkFKsyFcRbQBfC-Q@mail.gmail.com> <CAAF6GDeEvnt7Gzz-8VutTwaO5BCq8ZA4Z-CSKoY4oYkwqvAn_A@mail.gmail.com>
Date: Wed, 18 Mar 2015 21:43:31 -0700
Message-ID: <CACsn0cnxePn2J7hQymPOGDzRfUjMAnDnbjNiGugMrZVLayDARw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Colm MacCárthaigh <colm@allcosts.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/jV1yiL5kDxP-OK3NKEC8QQeIkes>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Pull Request: Removing the AEAD explicit IV
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2015 04:43:33 -0000
On Wed, Mar 18, 2015 at 9:24 PM, Colm MacCárthaigh <colm@allcosts.net> wrote: > Why would the extension break? Because it currently supports the TLS 1.2 record layer and AEAD mode, not the now different TLS 1.3 one. I confirmed this would be a minor issue with the author yesterday. Sure, we can say that for any implementation, and this hasn't yet made it into the wild yet, but now both the kernel and userland sides need changes for TLS 1.3. Add in some release cycles and LTS releases, and you get some more sites that will not upgrade for a long time. It's not the only example: I've heard rumors that some implementations do the record layer in more unusual ways, while having the handshake in more softwarelike things. I'm not claiming this is a particularly big nit, rather something that tells me to lean on the conservative side when changing things related to the record layer as compared to the handshake. Sincerely, Watson Ladd > > On Wed, Mar 18, 2015 at 9:21 PM, Watson Ladd <watsonbladd@gmail.com> wrote: >> I'm afraid that by radically changing the record layer we may be >> working ourselves into a corner. If we're going to make a change this >> radical, why not make equally radical changes to simplify the protocol >> further if that's possible? I'm also not sure what we're supposed to >> be gaining from this change: while it's true that we don't need to >> send the explicit nonce, I don't know that we are losing anything from >> having it. Yes, I know the ChaCha draft does it a seemingly more >> sensible way, but the last thing we need is to further increase the >> codesize of TLS implementations. >> >> I do know that a recently implemented extension to FreeBSD won't work >> anymore without some changes. (see >> http://2015.asiabsdcon.org/timetable.html.en#P7A for an abstract) >> >> Sincerely, >> Watson Ladd > > > > -- > Colm -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [TLS] Pull Request: Removing the AEAD explicit IV Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Adam Langley
- Re: [TLS] Pull Request: Removing the AEAD explici… Michael StJohns
- Re: [TLS] Pull Request: Removing the AEAD explici… Yoav Nir
- Re: [TLS] Pull Request: Removing the AEAD explici… Michael StJohns
- Re: [TLS] Pull Request: Removing the AEAD explici… Michael StJohns
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Watson Ladd
- Re: [TLS] Pull Request: Removing the AEAD explici… Watson Ladd
- Re: [TLS] Pull Request: Removing the AEAD explici… Colm MacCárthaigh
- Re: [TLS] Pull Request: Removing the AEAD explici… Martin Thomson
- Re: [TLS] Pull Request: Removing the AEAD explici… Colm MacCárthaigh
- Re: [TLS] Pull Request: Removing the AEAD explici… Michael StJohns
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Brian Smith
- Re: [TLS] Pull Request: Removing the AEAD explici… Watson Ladd
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Watson Ladd
- Re: [TLS] Pull Request: Removing the AEAD explici… Ilari Liusvaara
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Watson Ladd
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Ilari Liusvaara
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Brian Smith
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Brian Smith
- Re: [TLS] Pull Request: Removing the AEAD explici… Ilari Liusvaara
- Re: [TLS] Pull Request: Removing the AEAD explici… Adam Langley
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Ilari Liusvaara
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Adam Langley
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Brian Smith
- Re: [TLS] Pull Request: Removing the AEAD explici… Eric Rescorla
- Re: [TLS] Pull Request: Removing the AEAD explici… Martin Thomson