Re: [TLS] About TLS 1.2 AEAD ciphers definition

Adam Langley <> Thu, 27 May 2010 16:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6248D3A6B2B for <>; Thu, 27 May 2010 09:04:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.737
X-Spam-Status: No, score=0.737 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SrJNjB3Zm6uZ for <>; Thu, 27 May 2010 09:04:58 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 763B23A6B1A for <>; Thu, 27 May 2010 09:04:58 -0700 (PDT)
Received: by vws14 with SMTP id 14so100247vws.31 for <>; Thu, 27 May 2010 09:04:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=3qd7x8eb7+Fxo4mjOn2rAiLJwzxOB2bJTohIiXAAj18=; b=cRp+EBRO7ob4pJUE7ZvSQIa4LKsGLu9RykR3k7jQXNkOUpVLz+g8FJDPPjjLL8Lu5z 8vEdghSpyTe+BJ6/wXeYD3M2QGut4bbtbB+AqyD2nMExs+40NrRXTykbk+SJR1sMivN+ E3RHnOAFn+hjP1f2djSQGaVY6UQZ0HMiT4AV8=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=uA2KJfzlWtTxdqDQrStoh/eaBVXal+VusbqhNRWyQQtDMxFLcCee4mLqdhpv7Mp7Yk wW9ixQa3QJA81hopJ1OQIc4MJhi+8Vwh5S0nD92bALmI5M47Nrm+3qh4RakUmkK/K8k/ E/tdmxNt16vk9Cof8jAsI41dsRkS1OEp/gpaM=
MIME-Version: 1.0
Received: by with SMTP id z17mr7699730vcl.174.1274976285096; Thu, 27 May 2010 09:04:45 -0700 (PDT)
Received: by with HTTP; Thu, 27 May 2010 09:04:44 -0700 (PDT)
In-Reply-To: <>
References: <>
Date: Thu, 27 May 2010 12:04:44 -0400
X-Google-Sender-Auth: 8CD79I0peLnhPy0bcWL52kxDNbo
Message-ID: <>
From: Adam Langley <>
To: =?UTF-8?B?SnVobyBWw6Row6QtSGVydHR1YQ==?= <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [TLS] About TLS 1.2 AEAD ciphers definition
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 May 2010 16:04:59 -0000

On Thu, May 27, 2010 at 11:29 AM, Juho Vähä-Herttua <> wrote:
> So I'm curious to know how is AEAD actually handled and how to find out the
> TLSCompressed.length when constructing additional_data for AEAD-Decrypt? I'm
> sure there are more experienced people here who can tell me the answer.
> Thank you in advance.

I believe that none of the currently defined AEAD ciphers introduce
padding, so it's pretty easy for the moment.

The use of TLSCompressed.length mirrors the behaviour of the CBC mode.
I can imagine an AEAD cipher where it would be nicer if the additional
data covered the TLSCiphertext.length and may it should be changed,
although it's all a little nebulous when we don't have an actual
example of an AEAD cipher which needs it.


Adam Langley