Re: [TLS] Exporter output size

Andrei Popov <Andrei.Popov@microsoft.com> Wed, 05 October 2016 17:35 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58A8E129717 for <tls@ietfa.amsl.com>; Wed, 5 Oct 2016 10:35:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZtfsdTv5klO for <tls@ietfa.amsl.com>; Wed, 5 Oct 2016 10:35:33 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0119.outbound.protection.outlook.com [104.47.32.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17FAB1293DC for <tls@ietf.org>; Wed, 5 Oct 2016 10:35:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qdkHF1wuUZKDViBuNJp2KigfMDMgBVeLrU1AvOn8rgc=; b=kM3RgUAFneQ2i0Hp0s+5Nh8SNBQiBEkBuchRlG57ia9pUepXXoct1gez1taZ3i/6s5byGtXg1DINIvC2kwzdKnPIvnE4EuOVauoUl6zhzG6z7pIT+TPmcK8iThzqqhOpScGWOBrKANdDyoTUi1L0+PVLlmx9C2vtRgjnq1Il+5U=
Received: from CY1PR0301MB0842.namprd03.prod.outlook.com (10.160.163.148) by CY1PR0301MB0842.namprd03.prod.outlook.com (10.160.163.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.649.16; Wed, 5 Oct 2016 17:35:31 +0000
Received: from CY1PR0301MB0842.namprd03.prod.outlook.com ([10.160.163.148]) by CY1PR0301MB0842.namprd03.prod.outlook.com ([10.160.163.148]) with mapi id 15.01.0649.021; Wed, 5 Oct 2016 17:35:31 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [TLS] Exporter output size
Thread-Index: AQHSHqhd5Z8e+0GkCUmnlUJ4uTWLHaCZOXwAgADlPrA=
Date: Wed, 5 Oct 2016 17:35:31 +0000
Message-ID: <CY1PR0301MB08422FB26D2F18372A4451C68CC40@CY1PR0301MB0842.namprd03.prod.outlook.com>
References: <CABkgnnVc2uegQX1zdFamBtkDfzw9k3aBx6xFbNH4PpgWScALew@mail.gmail.com> <CABcZeBMLbDv2oOu-GFdmm2cYNbNsrocnZ5KdW4D5HBbXdAEK1g@mail.gmail.com>
In-Reply-To: <CABcZeBMLbDv2oOu-GFdmm2cYNbNsrocnZ5KdW4D5HBbXdAEK1g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-originating-ip: [2001:4898:80e8:a::1d2]
x-ms-office365-filtering-correlation-id: 9540558e-3447-4abd-455e-08d3ed460182
x-microsoft-exchange-diagnostics: 1; CY1PR0301MB0842; 7:1sqZJHw4esX3GiO+mmjTWLUOGotHPJL1LfLyQ/xtNUscmz1P7NMYhsJXsTYIMlJBZ8tSWhTYw4nB4lQoFX/A70vJgvqN1p1aDWxukqZmmZIs06WOxEUKswOHuUsURkTxM8QPi/FehRDEHH/H4Ixn80dvmj5Kz/q8Swmlgd0QN3h4nudYXJHc0ll3kRxkrS6yUgeCx6m9ZMD98kGzP1Nw0rdRylIrdatW+owFzkPGL9AlV0dF6tgnURIskl0ZaK3pnwjBTmgkmcDp04g3OcVMyRQuz3RgAEOlifCApvHYMPtXP81QGrbffvt4LmLN7gUpjB3qM6Ks7Z0ui4Pexa5Z+g==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0301MB0842;
x-microsoft-antispam-prvs: <CY1PR0301MB084206E13CC5069F6FC15AD78CC40@CY1PR0301MB0842.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(61426038)(61427038); SRVR:CY1PR0301MB0842; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB0842;
x-forefront-prvs: 008663486A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(7916002)(377454003)(199003)(189002)(24454002)(2900100001)(86362001)(7906003)(106356001)(99286002)(106116001)(7736002)(7846002)(86612001)(74316002)(4326007)(790700001)(105586002)(586003)(15975445007)(2906002)(8990500004)(6116002)(3660700001)(19580405001)(102836003)(87936001)(19609705001)(189998001)(19617315012)(122556002)(10290500002)(77096005)(19580395003)(8676002)(92566002)(5005710100001)(54356999)(68736007)(10400500002)(5002640100001)(2950100002)(11100500001)(3280700002)(101416001)(9686002)(5001770100001)(8936002)(97736004)(10090500001)(81156014)(76176999)(33656002)(19300405004)(16236675004)(76576001)(81166006)(19625215002)(50986999)(5660300001)(7696004)(3826002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB0842; H:CY1PR0301MB0842.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR0301MB08422FB26D2F18372A4451C68CC40CY1PR0301MB0842_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2016 17:35:31.5678 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB0842
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/sXEFA77QloHPoAzJ_20aSd_kGUc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Exporter output size
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2016 17:35:35 -0000

Also, it would be difficult to remove existing functionality, and get the callers to update. E.g. deprecation of TLS_UNIQUE is not going easy for apps/protocols.

Cheers,

Andrei

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Eric Rescorla
Sent: Tuesday, October 4, 2016 8:49 PM
To: Martin Thomson <martin.thomson@gmail.com>;
Cc: tls@ietf.org
Subject: Re: [TLS] Exporter output size

On Tue, Oct 4, 2016 at 6:32 PM, Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>> wrote:
After a bunch of discussion about the consequences of having
insufficient output from various stages of the hash functions... Could
we make an amendment to TLS 1.3 to force the output size of the
exporter to be the size of the underlying hash output?  That is,
remove the length parameter.  Or is a change to the API too
disruptive?

I don't think this is a good idea. There are plenty of reasons why you would want to
export values != hash_len (e.g., cryptographic keys). Putting a restriction here just
pushes the problem around

-Ekr


_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls