Re: Review (Re: [TLS] I-D ACTION:draft-ietf-tls-ctr-00.txt)

David Hopwood <david.nospam.hopwood@blueyonder.co.uk> Tue, 11 April 2006 17:44 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FTMuV-0004CQ-Qj; Tue, 11 Apr 2006 13:44:15 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FTMuV-0004CL-07 for tls@ietf.org; Tue, 11 Apr 2006 13:44:15 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FTLI7-0007TV-24 for tls@ietf.org; Tue, 11 Apr 2006 12:00:31 -0400
Received: from smtp-out4.blueyonder.co.uk ([195.188.213.7]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FTL8N-00087b-DE for tls@ietf.org; Tue, 11 Apr 2006 11:50:28 -0400
Received: from [172.23.170.143] (helo=anti-virus02-10) by smtp-out4.blueyonder.co.uk with smtp (Exim 4.52) id 1FTL8C-0000AR-CT for tls@ietf.org; Tue, 11 Apr 2006 16:50:16 +0100
Received: from 82-42-16-20.cable.ubr01.knor.blueyonder.co.uk ([82.42.16.20] helo=[127.0.0.1]) by asmtp-out5.blueyonder.co.uk with esmtp (Exim 4.52) id 1FTL88-0007c6-Pj for tls@ietf.org; Tue, 11 Apr 2006 16:50:12 +0100
Message-ID: <443BD036.6030808@blueyonder.co.uk>
Date: Tue, 11 Apr 2006 16:50:14 +0100
From: David Hopwood <david.nospam.hopwood@blueyonder.co.uk>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: tls@ietf.org
Subject: Re: Review (Re: [TLS] I-D ACTION:draft-ietf-tls-ctr-00.txt)
References: <E1FEEbS-0006vT-DQ@stiedprstage1.ietf.org> <6.2.5.6.2.20060303142705.051f7078@qualcomm.com> <20060320084527.GB30961@cs.stanford.edu>
In-Reply-To: <20060320084527.GB30961@cs.stanford.edu>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.4 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: david.nospam.hopwood@blueyonder.co.uk
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

nagendra modadugu wrote:
>>On the block level counter, 3686 specifies a 32-bit counter citing
>>IPv6 Jumbograms' requirement.  SRTP makes a note that for multimedia
>>apps, that might be safely ignored.  Could you also make a similar
>>note in this document, or perhaps you might also want to support
>>jumbograms?  (Perhaps IPv6 historians might tell us whether there are
>>practical uses for jumbograms).
> 
> The limit on the counter here is to support a TLS record of 2^14 octets.

2^14 octets is the "maximum fragment length" (TLSPlaintext.length).
The maximum length of the input to encryption (TLSCompressed.length) is
is 2^14 + 1024 octets. See RFC2246[bis-13] sections 6.2.2 and 6.2.3.
Fragment length negotiation allow these limits to be decreased, but not
increased.

>From section 3.1.1 of the draft:

   Note that the block counter does not overflow since the maximum TLS/
   DTLS record size is 14 KB and 16 bits of blk_ctr allow the generation
   of 1MB of keying material per record.

The property needed is that 2^14 + 1024 octets <= (128/8) * 2^16 octets.
Also "KB" and "MB" should not be used in IETF documents; they are not
well-defined. So this paragraph should be:

   Note that the block counter does not overflow since the maximum
   size of input to the record payload protection layer in TLS or DTLS
   (TLSCompressed.length) is 2^14 + 1024 octets, and 16 bits of blk_ctr
   allow the generation of 2^20 octets (2^16 AES blocks) of keying
   material per record.

-- 
David Hopwood <david.nospam.hopwood@blueyonder.co.uk>



_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls