Re: [TLS] Data volume limits
Eric Rescorla <ekr@rtfm.com> Mon, 28 December 2015 20:47 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 090101ACC8C for <tls@ietfa.amsl.com>; Mon, 28 Dec 2015 12:47:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7sKwrQkxPru1 for <tls@ietfa.amsl.com>; Mon, 28 Dec 2015 12:47:50 -0800 (PST)
Received: from mail-yk0-x22e.google.com (mail-yk0-x22e.google.com [IPv6:2607:f8b0:4002:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0E371AC444 for <tls@ietf.org>; Mon, 28 Dec 2015 12:47:49 -0800 (PST)
Received: by mail-yk0-x22e.google.com with SMTP id k129so91029497yke.0 for <tls@ietf.org>; Mon, 28 Dec 2015 12:47:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=lryks1V/ARxZftMBQAf5QM4Oz43UZpBQOV0ge4L0LLs=; b=xbPkdZ/Xu5ItIleb/3eqV852DPVRdam8LbVibndz9CWjhF38uBI/rs5X/VIkTx2145 B9ARTVOdU3RJcsOTCbXzCn3yl8QkDDgSk2qjwASzXJWieyC9aFzR7qxrq/GG0RmeUosi GgTkUrjxSqGkInjM44m7GYY71Nhc6FL7k31+jmnDrpNR3MvQYT23xkJgK/0qf8NXQVvR /WBlkaqZd60WxZMxhCJkdXfGrWLbOtmHqQ9W3CPRkvm5lalNInPrRzYuvcbIPYPcMSbd IznoM33ycHMyFDs/5a8V7/WE7+EuNzdNcpLMrbuq1OnArpwQcejbB67Znb9W1vaBwsCM DQ9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=lryks1V/ARxZftMBQAf5QM4Oz43UZpBQOV0ge4L0LLs=; b=flsr/0CiybaR8MeYelv3pjZZakr8PaZjRtACBceniCNEcfRsFda1LNQ5+lRMWqNmZF xEVU5V1QWE3AChRFU9wlnWbPvjk2AuBD8SQEqr3NQBjxyEtTkDw6By6e6TYGJPF9S1Pt 4eiCtEYMIsUZZNr0ZowZk0D6PongcwzycuwIv/PWvQtGhJz5hxCKd/9eK6KkMCgSXWcY LLrBblH+D8ondiZk1ae4cZ6fOD02OG9ktSowUwbM4spD7pTYRqRvokMXNjnymbqDcDIa yE0hl+vV77Z3jKwepLhiNWuwCcvyRgWTmQ/TrEHnq5INtN890D8zVKKS21syO12Xu8XW a7bA==
X-Gm-Message-State: ALoCoQnWJCk2xfWcP0/j+qrk2ZFAcBRxrMJxgf0YknHzSEGzG9ohaLrR1zTZZUxkPhVTy/TSVvQ4RhrdXONENd9rsvN2W51aHQ==
X-Received: by 10.129.153.3 with SMTP id q3mr47371634ywg.231.1451335668983; Mon, 28 Dec 2015 12:47:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.249.197 with HTTP; Mon, 28 Dec 2015 12:47:09 -0800 (PST)
In-Reply-To: <20151228204103.17780804.52985.42662@ll.mit.edu>
References: <20151228204103.17780804.52985.42662@ll.mit.edu>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 28 Dec 2015 15:47:09 -0500
Message-ID: <CABcZeBPf3AW4qWMw+eYgTOsifPUirAeONZ2BtTcyZk7wX+BDZw@mail.gmail.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Content-Type: multipart/alternative; boundary="94eb2c0bbfae0014100527fb6baa"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/p5JWxPraty2m5FXelMjZycdAKAE>
Cc: Florian Weimer <fweimer@redhat.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Data volume limits
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2015 20:47:51 -0000
To be clear, the concern that we are trying to alleviate is encrypting too much plaintext with the same key (see the discussion by Watson at the beginning of this thread). For that purpose, I'm not following why we need to introduce new randomness (draft-11 doesn't do so, but just cranks the KDF forward). It's possible I've misunderstood something, though, so happy to be corrected. -Ekr On Mon, Dec 28, 2015 at 3:40 PM, Blumenthal, Uri - 0553 - MITLL < uri@ll.mit.edu> wrote: > Off-hand, key update or re-key without new/fresh randomness sounds weird. > > > Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. > *From: *Eric Rescorla > *Sent: *Monday, December 28, 2015 15:37 > *To: *Florian Weimer > *Cc: *tls@ietf.org > *Subject: *Re: [TLS] Data volume limits > > > > On Mon, Dec 28, 2015 at 3:33 PM, Florian Weimer <fweimer@redhat.com> > wrote: > >> On 12/28/2015 09:11 PM, Eric Rescorla wrote: >> >> >> You still have the added complexity that during rekey, you need to >> >> temporarily switch from mere sending or receiving to at least >> >> half-duplex interaction. >> >> >> > >> > That's not intended. Indeed, you need to be able to handle the old key >> > in order to send/receive the KeyUpdate. Can you elaborate on your >> concern? >> >> Ah, so you want to keep the current mechanism and not inject fresh >> randomness? Isn't this fairly risky? > > > Can you explain the risk you are concerned about in more detail? > > -Ekr > > > >
- Re: [TLS] Data volume limits Watson Ladd
- [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Dave Garrett
- Re: [TLS] Data volume limits Benjamin Beurdouche
- Re: [TLS] Data volume limits Scott Fluhrer (sfluhrer)
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Russ Housley
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Hanno Böck
- Re: [TLS] Data volume limits Scott Fluhrer (sfluhrer)
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Brian Smith
- Re: [TLS] Data volume limits Henrick Hellström
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Andrey Jivsov
- Re: [TLS] Data volume limits Scott Fluhrer (sfluhrer)
- Re: [TLS] Data volume limits Henrick Hellström
- Re: [TLS] Data volume limits Brian Smith
- Re: [TLS] Data volume limits Martin Thomson
- Re: [TLS] Data volume limits Martin Thomson
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Dave Garrett
- Re: [TLS] Data volume limits Stephen Farrell
- Re: [TLS] Data volume limits Dave Garrett
- Re: [TLS] Data volume limits Martin Thomson
- Re: [TLS] Data volume limits Bill Frantz
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Martin Thomson
- Re: [TLS] Data volume limits Dave Garrett
- Re: [TLS] Data volume limits Andrey Jivsov
- Re: [TLS] Data volume limits Ryan Carboni
- Re: [TLS] Data volume limits Paterson, Kenny
- Re: [TLS] Data volume limits Simon Josefsson
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Henrick Hellström
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Dang, Quynh
- Re: [TLS] Data volume limits Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Brian Smith
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Brian Smith
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Nikos Mavrogiannopoulos
- Re: [TLS] Data volume limits Yoav Nir
- Re: [TLS] Data volume limits Dang, Quynh
- Re: [TLS] Data volume limits Hubert Kario
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Florian Weimer
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Florian Weimer
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Data volume limits Ilari Liusvaara
- Re: [TLS] Data volume limits Salz, Rich
- Re: [TLS] Data volume limits Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Data volume limits Dang, Quynh
- Re: [TLS] Data volume limits Brian Smith
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Dave Garrett
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Data volume limits Aaron Zauner
- Re: [TLS] Data volume limits Aaron Zauner
- Re: [TLS] Data volume limits Ilari Liusvaara
- Re: [TLS] Data volume limits Samuel Neves
- Re: [TLS] Data volume limits Henrick Wibell Hellström
- Re: [TLS] Data volume limits Ilari Liusvaara
- Re: [TLS] Data volume limits Aaron Zauner
- Re: [TLS] Data volume limits sneves
- Re: [TLS] Data volume limits Aaron Zauner
- Re: [TLS] Data volume limits James Cloos
- Re: [TLS] Data volume limits Samuel Neves
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits Ilari Liusvaara
- Re: [TLS] Data volume limits James Cloos
- Re: [TLS] Data volume limits Watson Ladd
- Re: [TLS] Data volume limits Eric Rescorla
- Re: [TLS] Data volume limits James Cloos
- Re: [TLS] Data volume limits Hubert Kario
- Re: [TLS] Data volume limits Florian Weimer
- Re: [TLS] Data volume limits Florian Weimer
- Re: [TLS] Data volume limits Hubert Kario
- Re: [TLS] Data volume limits Florian Weimer
- Re: [TLS] Data volume limits Benjamin Kaduk
- Re: [TLS] Data volume limits Florian Weimer