IETF Logo Mail Archive

Re: [TLS] Comments on

Wan-Teh Chang <wtc@google.com> Thu, 13 February 2014 18:25 UTC

Return-Path: <wtc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0CDB1A03A4 for <tls@ietfa.amsl.com>; Thu, 13 Feb 2014 10:25:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.627
X-Spam-Level:
X-Spam-Status: No, score=-1.627 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e1lpIO6Ehu8B for <tls@ietfa.amsl.com>; Thu, 13 Feb 2014 10:25:50 -0800 (PST)
Received: from mail-vb0-x229.google.com (mail-vb0-x229.google.com [IPv6:2607:f8b0:400c:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id 6004A1A0370 for <tls@ietf.org>; Thu, 13 Feb 2014 10:25:50 -0800 (PST)
Received: by mail-vb0-f41.google.com with SMTP id g10so8633040vbg.0 for <tls@ietf.org>; Thu, 13 Feb 2014 10:25:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=vOCnmZVoG+lBolIp4uTkn2iJ7HeDZT1mQtIEfiuP8PA=; b=aTjAb+TKwp3TpdNqyeKSG0vyLEJTxKdAtDxKqdRdjqtZnEVA1Hc6tI9pJq/FpzbrC0 IP6g0EWUlfYcrNjLN8zp8CIdyReH+WGPVtVpZq1hNNquEcmixU8ODZc+kKn4nt4a8VW5 fUZAeahkeUg0R0feSICtkImwK7c4oqhtXPrRQSL4vBuj4ovxQHvL0oBmfFWK+Fl7PfLU uirFLeCygN5NbGIijjS1IPaYLnFzVI9qj9cFJteCAST9e9O9bO1TNEtc5Q9AJ50Sz5Z1 Foeh7zebX3vVd1iuBdqyiQ8RW/QvTdihAHI0I6Nuxcoc1eUPtkjtZHFNxwqmk7mnqhAE jQ6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=vOCnmZVoG+lBolIp4uTkn2iJ7HeDZT1mQtIEfiuP8PA=; b=BenipSR11zc750XrMd4K8VlLUkcaH73eSFwVru2mARyA7mdC23X/N1cPR01ei3xGG+ 0nmxNE+gjrFr6lppWFuLLiBa9THikfrHqArYUcBZYYjRvaeA3tIw+L/iKPEdPg0DIMai rDOQbavrvzz/POaeAoFYoefy/nJLTj7X3WcIaFkbJYpxLfWlSFr9sZSDuDDGBTtleZt0 UmRWkdsMRPZuPaA3XeiOwqm/X5+/8R/HnhXUUQ3t1cv3rbuFB7f3nDYhz6PZ/6TI+vxY a+qfanER+7IOSCSKh1VLHwtlO+cYrQGp97Eh9AVe46C3cmlIa08zsFgID0HF16zdir9z dbjg==
X-Gm-Message-State: ALoCoQnn1FCfD1CTYe81GaOlDwWj+qZ0+5EObLM0ZvLPABK0BgrYneAoe5887dZm5fnq6oROHl2mXjxGhReTa3BzPZdzrOa1J4sFvoniS6Oa5bfyPbRl/X89xNwuNzasuHTf2b9a8sGPArbs77DM2Cf7ezdH3LEr6XSmBZTFPI/2zwjMcgSQ/9p+WPynKmp5NxPglWXy1UY9
MIME-Version: 1.0
X-Received: by 10.220.99.7 with SMTP id s7mr1750204vcn.19.1392315948914; Thu, 13 Feb 2014 10:25:48 -0800 (PST)
Received: by 10.52.109.101 with HTTP; Thu, 13 Feb 2014 10:25:48 -0800 (PST)
In-Reply-To: <nnha83nwy9.fsf@bacon.lysator.liu.se>
References: <nnha83nwy9.fsf@bacon.lysator.liu.se>
Date: Thu, 13 Feb 2014 10:25:48 -0800
Message-ID: <CALTJjxH5NyfEFc+gQUDLW+=mbeupkHXvSGLj-pfoBZEMmyT_sw@mail.gmail.com>
From: Wan-Teh Chang <wtc@google.com>
To: Niels Möller <nisse@lysator.liu.se>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/lYaIp62uZiYVWZiEcYxgekZNFVk
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Comments on
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 18:25:52 -0000

Hi Niels,

Adams already answered all of your questions. I'll just provide some
additional info.

draft-agl-tls-chacha20poly1305 has been merged into
http://tools.ietf.org/html/draft-mavrogiannopoulos-chacha-tls-01. But
the specification of the ChaCha20-Poly1305 AEAD cipher suites did not
change.

On Thu, Feb 13, 2014 at 2:11 AM, Niels Möller <nisse@lysator.liu.se> wrote:
>
> 2. The input to the poly1305mac is defined as
>
>      ad | length(ad) | cryptotext | length(cryptotext)
>
>    As far as I understand, this is a bit redundant, since the second
>    length field is sufficient to make the encoding injective.

You are right. I suspect this may have been modeled after GCM. (GCM
may have used two lengths to just to fill up a block for GHASH.)

draft-mcgrew-aead-aes-cbc-hmac-sha2-02 does it in the way you suggested:

  T = MAC(MAC_KEY, A || S || AL),

except that they use the length of the associated data (AL) instead.
(A is the associated data. S is the ciphertext.)

>    At least in my implementantation, the length(ad) field causes some
>    additional complexity, so
>
>      ad | cryptotext | length(cryptotext)
>
>    would be preferable.

I'm also curious to know why. What about

    ad | cryptotext | length(ad)

?

Wan-Teh

v2.23.0 | Report a Bug | By Email