Re: [TLS] About TLS 1.2 AEAD ciphers definition
Joshua Davies <joshua.davies@travelocity.com> Thu, 27 May 2010 17:14 UTC
Return-Path: <Joshua.Davies@travelocity.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 426FA3A688C for <tls@core3.amsl.com>; Thu, 27 May 2010 10:14:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.998
X-Spam-Level:
X-Spam-Status: No, score=-103.998 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yeG9HKJnNu6n for <tls@core3.amsl.com>; Thu, 27 May 2010 10:14:26 -0700 (PDT)
Received: from sgtulmg01-out.sabre.com (sgtulmg01-out.sabre.com [151.193.220.17]) by core3.amsl.com (Postfix) with ESMTP id 1E4E43A6B55 for <tls@ietf.org>; Thu, 27 May 2010 10:14:24 -0700 (PDT)
X-ExtLoop1: From 10.12.64.16
X-IronPort-AV: E=Sophos; i="4.53,312,1272862800"; d="scan'208,217"; a="707007188"
Received: from unknown (HELO sghdqbh01.Global.ad.sabre.com) ([10.12.64.16]) by sgtulmg01-out.sabre.com with ESMTP; 27 May 2010 12:14:13 -0500
Received: from sgtulmsp06.Global.ad.sabre.com ([10.12.64.145]) by sghdqbh01.Global.ad.sabre.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 27 May 2010 12:14:13 -0500
Received: from localhost.localdomain ([10.16.53.33]) by sgtulmsp06.Global.ad.sabre.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 27 May 2010 12:14:13 -0500
Message-ID: <4BFEA808.3030704@travelocity.com>
Date: Thu, 27 May 2010 12:12:40 -0500
From: Joshua Davies <joshua.davies@travelocity.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100317 Lightning/1.0b1 Thunderbird/3.0.4
MIME-Version: 1.0
To: tls@ietf.org
References: <4BFE8FC5.4070509@iki.fi> <AANLkTilTmkQh6RzCX50L35Jt2IkQq8mzylIkQbnDY7gS@mail.gmail.com> <0CB6D965-5252-4112-A933-D3F390EB0F9A@iki.fi>
In-Reply-To: <0CB6D965-5252-4112-A933-D3F390EB0F9A@iki.fi>
Content-Type: multipart/alternative; boundary="------------040708000004050008060400"
X-OriginalArrivalTime: 27 May 2010 17:14:13.0159 (UTC) FILETIME=[074E2370:01CAFDC0]
Subject: Re: [TLS] About TLS 1.2 AEAD ciphers definition
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2010 17:14:32 -0000
On 05/27/2010 11:42 AM, Juho Vähä-Herttua wrote: > On 27.5.2010, at 19.04, Adam Langley wrote: > >> On Thu, May 27, 2010 at 11:29 AM, Juho Vähä-Herttua<juhovh@iki.fi> wrote: >> >>> So I'm curious to know how is AEAD actually handled and how to find out the >>> TLSCompressed.length when constructing additional_data for AEAD-Decrypt? I'm >>> sure there are more experienced people here who can tell me the answer. >>> Thank you in advance. >>> >> I believe that none of the currently defined AEAD ciphers introduce >> padding, so it's pretty easy for the moment. >> > The only currently defined AEAD ciphers seem to be AES_128_GCM and AES_256_GCM defined by RFC 5288. I'm a bit surprised that AES encryption doesn't introduce padding though, it might be just me misunderstanding the GCM process but I thought it still needs to pad the input data to match the block size, doesn't it? The TLSv1 explicit padding of CBC ciphers is not present in the AEAD ciphers at all. RFC 5288 doesn't define any kind of padding either, which makes me wonder how it is actually implemented... > Aren't all AEAD ciphers derivatives of "COUNTER" mode? My understanding of "COUNTER" mode was that it flipped the initialization vector around (encrypted the IV rather than the input block) so that no padding was ever necessary. <http://twiki.dev.sabre.com/twiki/bin/view/Travelocity/TVLYArchitecture>
- [TLS] About TLS 1.2 AEAD ciphers definition Juho Vähä-Herttua
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Adam Langley
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Juho Vähä-Herttua
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Adam Langley
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Joshua Davies
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Martin Rex
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Juho Vähä-Herttua
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Michael Gray
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Rob P Williams
- Re: [TLS] About TLS 1.2 AEAD ciphers definition Russ Housley