IETF Logo Mail Archive

Re: [TLS] KeyUpdate and unbounded write obligations

Keith Winstein <keithw@cs.stanford.edu> Thu, 18 August 2016 19:21 UTC

Return-Path: <winstein@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF8112D5DB for <tls@ietfa.amsl.com>; Thu, 18 Aug 2016 12:21:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HT0JibpAUEP3 for <tls@ietfa.amsl.com>; Thu, 18 Aug 2016 12:21:02 -0700 (PDT)
Received: from mail-yw0-x233.google.com (mail-yw0-x233.google.com [IPv6:2607:f8b0:4002:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5545D12B01C for <tls@ietf.org>; Thu, 18 Aug 2016 12:21:02 -0700 (PDT)
Received: by mail-yw0-x233.google.com with SMTP id u134so348847ywg.3 for <tls@ietf.org>; Thu, 18 Aug 2016 12:21:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=4VLxHh6YqK/cFg32Uh6U3hfuaUZphgPmf6oV9FR07CA=; b=jskTMvrhJkWW2kyHSvTfuQ83M1jCI/wov55ju6Zy3ezS24Yiem3+RBd7RzD/pEjQbi 3713F6W+YYO8Ul+BOVL0e99rh8h04DO9vPez/cfhVoUSCYf5uNk7kp9jMI3P1GT3grl5 u64IWtKY+VznCyogqtcW2nCQJaPrHERAxMkx8wb5RwR6a2GD3DW1V3oj3PerrJNhG0s5 orLmbpncM4mvuTodJpTbSGz9j6VsI3u7VU5sCZ4eCrbST9FmjK4M2p85ijdKN2J1JumK FAiFkoIXwoembr7+tNQU98fQNExrITnoOMSYNBZK/F9nYlbI8spnfyF/3xolFdhmtd1X z1+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=4VLxHh6YqK/cFg32Uh6U3hfuaUZphgPmf6oV9FR07CA=; b=cE9GM4HB8m9aR5xmjCBnmsbAJYgL6IkOhbd+m1Vt7BC/BsQexA+p1FBQpU3960adYn lVuzuGrgqcwfJDafx6Av3xjbuIsM8qkoZ2ut40kDzaKtOqdtFHw2u595u4T60Bdjp37m Rmx5xOBNrqQIq6av2EG3B8ihvBln5yrPG3gmvRFqyTTuj1Yc1IpcdWDCgMH4JO3eJ9yN zjzI7HCnFxAPn761KDXNUs5fndYnhdJN+ydEOv5/Ls24g5a6QxDd6n+WRKWAyUjzMR7k Mszhd9wsjxfXoScwgk5tGD4G6ZG74xNLC7SvVNegQAfYNyixtPd5xoSD9Rx7VUAD6Kp/ dP2w==
X-Gm-Message-State: AEkoouuqs69Fjok+ZQWcgL7xc+43x/p6CYnTJsVsud2dCmhK2VqXZsOwZHExuLs/1joTzFGfBiG0+UgBeZPVxQ==
X-Received: by 10.129.52.68 with SMTP id b65mr3171155ywa.50.1471548061592; Thu, 18 Aug 2016 12:21:01 -0700 (PDT)
MIME-Version: 1.0
Sender: winstein@gmail.com
Received: by 10.129.79.209 with HTTP; Thu, 18 Aug 2016 12:20:21 -0700 (PDT)
In-Reply-To: <CAMfhd9UOOXLRmNjJogikQHa8QJx+HSLO-WuwJhgKKgAA-5TeBQ@mail.gmail.com>
References: <CAF8qwaDgGHGmuBwhZEz9-=Ss2bfzNAYWfmnbMqQDxTQnMUpH7g@mail.gmail.com> <93086b3c-ca1b-4c37-67e1-efbf417a8b58@akamai.com> <CAF8qwaDfWdCCQpD8z8iY0BMJjbrf8qi-qf5X7mSe8m+hNZu-FQ@mail.gmail.com> <CAMzhQmPB0GXZzh+g=-TMmAp9HQxpZUPcht4zi3_K7WW_ouGg6A@mail.gmail.com> <CAF8qwaC_NGmx4pW=HwsqWTnvZysFhXayHJ1wPVAakWHo7nunxA@mail.gmail.com> <CAMfhd9UOOXLRmNjJogikQHa8QJx+HSLO-WuwJhgKKgAA-5TeBQ@mail.gmail.com>
From: Keith Winstein <keithw@cs.stanford.edu>
Date: Thu, 18 Aug 2016 12:20:21 -0700
X-Google-Sender-Auth: wfue2neIa4VM5nZqwCuRGrj8WLM
Message-ID: <CAMzhQmOmOou6SvmZygJ6emfn2xAnU_jT7zb005fD4NRuOLmnPg@mail.gmail.com>
To: Adam Langley <agl@imperialviolet.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lO7EEV9hYkBReFjhvpnyg5qR8jE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] KeyUpdate and unbounded write obligations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 19:21:04 -0000

Yes, you need current_receive_generation, or something like it, to get
P3. This is the subject of our PR #426/580.

-Keith

On Thu, Aug 18, 2016 at 12:10 PM, Adam Langley <agl@imperialviolet.org> wrote:
> On Thu, Aug 18, 2016 at 11:55 AM, David Benjamin <davidben@chromium.org>
> wrote:
>>
>> It seems desired_minimum_receive_generation can only be
>> current_receive_generation or current_receive_generation + 1. In that case,
>> a boolean should be sufficient and saves 7 bytes.
>
>
> Given that simplification, is there a purpose for
> current_receive_generation? It seems that scheme might be equal to a
> "please_echo" flag.
>
>
> Cheers
>
> AGL

v2.23.0 | Report a Bug | By Email