IETF Logo Mail Archive

Re: [TLS] Version in record MAC

Eric Rescorla <ekr@rtfm.com> Tue, 27 October 2015 15:57 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 068801A9120 for <tls@ietfa.amsl.com>; Tue, 27 Oct 2015 08:57:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jA2M0d7OklTq for <tls@ietfa.amsl.com>; Tue, 27 Oct 2015 08:57:29 -0700 (PDT)
Received: from mail-yk0-x230.google.com (mail-yk0-x230.google.com [IPv6:2607:f8b0:4002:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F6111A911E for <tls@ietf.org>; Tue, 27 Oct 2015 08:57:28 -0700 (PDT)
Received: by ykek133 with SMTP id k133so40897938yke.2 for <tls@ietf.org>; Tue, 27 Oct 2015 08:57:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=QnXHBWZC80WVcGHSe5onIUzRBxh6vsxq8BPeR65zlMI=; b=PubZG4VsoCwSJtxorlOxZmf2FBKdVC0+TrnZVtdhHr5StJqqfljRRX8W9AbcyTTEEo HVjMRjTDf8Sis5Znq8TSwZx8fWYkPWqdX69n3czSz7i7taap5rdvm19T/bWYhFSQnV5J XHBDJtEt4XEXqZ2PnVOfzRTnYN+zJ8/j7hOXLedzjrRzzfPgdq/734bQG5B7d30ugAzz DpJ8l/DpAPtHPlMC82fF6lKWEqD4FnlhQSdrQKbgF/wBjLYzOW7Z9gzxJkGy6H5yFE9l ZHzpIR2FnrjHlGS8iMyyqJ9nw21JYSKU+0SzlA03dmLfPSu9VkCliLoo6t51WmzIYtkH 74eA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=QnXHBWZC80WVcGHSe5onIUzRBxh6vsxq8BPeR65zlMI=; b=Ue/HAMZZePd0ZCeGDSjytzxbHPOWGwLTqfS+iddszjyIJsFHcQbqivze1BDIWRHLrS 8KCZhCVLIkYKN9poFTpwMeoNTMqo4bzr15KJHhX+EZm9fHnHJQr+8OXLyqrH9Dc8AHnD EE6WDkQl1EYWayh/NM763U3BMvjGfz9Mqb94J42k0EjjlDVnWeq/dFJIm6BHG71G3lYP 7GWjZ8kHpdhfq4qfR4t70IiqN2RzjRE7jE/YlGGceb4kt8oDnbfpv6gzbKGLZj8K+c/j u/RYnnebRPUYSf53PNh0j30LqMMgqzCoy4mY1seYAItVdLwqw0PNy2Ln+EWMBUDz8aTY K3og==
X-Gm-Message-State: ALoCoQnEKTepIf4M/SZhRPU2gvdLQGNhGMuT0M6x6jeZlJ7+KPSURCKFCnCDBiZ5Gk+dpGiR9D6O
X-Received: by 10.129.70.139 with SMTP id t133mr30270417ywa.115.1445961447505; Tue, 27 Oct 2015 08:57:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.221.85 with HTTP; Tue, 27 Oct 2015 08:56:48 -0700 (PDT)
In-Reply-To: <20151027150915.GA8140@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CABkgnnV+QrjcXJdZwwAGW-SpX0Z0_JroEVT-kMJgUAVe7DDQUw@mail.gmail.com> <CABcZeBOrL=TosONYfM_QPPYfT5N4VH7yR4hFw3Qt8W4V0uznkw@mail.gmail.com> <CABkgnnXis0mwqcsd1D0S61kqL6kvq9=ZU0BRbwbLH7Jesj0Y-w@mail.gmail.com> <CABcZeBNpV3uqOF4YohiCrtq03hR7LPnPGdny6yWB+zysVufiqA@mail.gmail.com> <CABkgnnWVJeeBuMitweCj=nOSB5cA-R-6btdQeWp0Bdnomd2XtQ@mail.gmail.com> <CAMfhd9V4WVxKbJh6KkNdVFGBGKh=tG5kC_7sPthOwhrrUi5eoQ@mail.gmail.com> <CABcZeBOc_9i83j4rjxve8PuBPWdd8eCVN2wQth3G0=T_xz1UKg@mail.gmail.com> <811734cd29d64adc98c5388870611575@XCH-ALN-004.cisco.com> <CABcZeBNZJkrVsA9UEN-ywpzUOZy4wJ=2=QDg-KhjNUCvMKi=HA@mail.gmail.com> <CABcZeBNOJNwL9Akbhnpd2fg8rk80BNYRkODRpqDb9nk2K_m1mg@mail.gmail.com> <20151027150915.GA8140@LK-Perkele-V2.elisa-laajakaista.fi>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 27 Oct 2015 11:56:48 -0400
Message-ID: <CABcZeBMsass0MQT3cyE0Q9eq6eWUUtZ=wGNFavw5XKEqa=SkGA@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary="001a114d72567035c505231822db"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/oVU_xV_B_u1YglOUKocWJGlvES8>
Cc: Adam Langley <agl@imperialviolet.org>, "David McGrew (mcgrew)" <mcgrew@cisco.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Version in record MAC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2015 15:57:31 -0000

On Tue, Oct 27, 2015 at 11:09 AM, Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Tue, Oct 27, 2015 at 08:49:35AM -0400, Eric Rescorla wrote:
> > Thinking about this a little more:
> >
> > If we ever change the nonce construction to have an explicit nonce or
> > otherwise
> > not depend on the RSN (e.g., something like SIV) we're going to be sad if
> > we don't have the RSN in the AD. Obviously, we'd also need to change the
> > text about the nonce construction, so it's not like you could drop in a
> > construction
> > like this, but it would be slightly easier to do if we already MACed the
> > RSN.
> >
> > I'm not sure which side of the fence I'm on here. What do others think?
>
> AFAIK, the only case where this would be useful with RFC5116-compliant
> ciphers are the ciphers with N_MAX=0, i.e. no nonce. And such ciphers
> can't currently be used.


Yes, that's correct. But we could relax that restriction and make those work
if we wanted...

-Ekr


>
>
> -Ilari
>

v2.23.0 | Report a Bug | By Email