Re: [TLS] Data volume limits

2015-12-17 Thread Nikos Mavrogiannopoulos
On Wed, 2015-12-16 at 09:57 -1000, Brian Smith wrote: > Therefore, I think we shouldn't add the rekeying mechanism as it is > unnecessary and it adds too much complexity. Any arbitrary limit for a TLS connection is almost guaranteed to cause problems in the future. We cannot predict whether 2^x

Re: [TLS] Kathleen Moriarty's Yes on draft-ietf-tls-cached-info-20: (with COMMENT)

2015-12-17 Thread Stephen Farrell
On 17/12/15 14:58, Kathleen Moriarty wrote: > Kathleen Moriarty has entered the following ballot position for > draft-ietf-tls-cached-info-20: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this

Re: [TLS] Explicit use of client and server random values

2015-12-17 Thread Hugo Krawczyk
I have mentioned this in private conversations but let me say this here: I would prefer that the nonces be explicitly concatenated to the handshake hash. That is, handshake_hash = Hash( client random|| server random

Re: [TLS] Explicit use of client and server random values

2015-12-17 Thread Eric Rescorla
On Thu, Dec 17, 2015 at 3:02 PM, Hugo Krawczyk wrote: > I have mentioned this in private conversations but let me say this here: I > would prefer that the nonces be explicitly concatenated to the handshake > hash. That is, > > handshake_hash = Hash( > >

[TLS] Poly1305 vs GCM

2015-12-17 Thread James Cloos
Given the issues w/ gcm currently under discussion, and that poly1305 was originally proposed to use w/ aes, should tls recommend aes-poly1305 instead of aes-gcm for those who want to continue to use aes? Or does chacha-poly1305 not fall victim to the 2^36 attack not because of the aead but

Re: [TLS] [tls13-spec] resetting the sequence number to zero for each record key. (#379)

2015-12-17 Thread Cedric Fournet
As explained below, we propose that the record-layer sequence numbers be reset to 0 whenever new keys are installed (as in TLS 1.2): https://github.com/tlswg/tls13-spec/pull/379 Cédric Fournet, on behalf of the miTLS team. While working on a formal model of the TLS 1.3 record layer, I bumped

Re: [TLS] Poly1305 vs GCM

2015-12-17 Thread Ilari Liusvaara
On Thu, Dec 17, 2015 at 02:14:18PM -0500, James Cloos wrote: > Given the issues w/ gcm currently under discussion, and that poly1305 > was originally proposed to use w/ aes, should tls recommend aes-poly1305 > instead of aes-gcm for those who want to continue to use aes? > > Or does

Re: [TLS] Explicit use of client and server random values

2015-12-17 Thread Mike Hamburg
> On Dec 17, 2015, at 12:11 PM, Eric Rescorla wrote: > > > > On Thu, Dec 17, 2015 at 3:02 PM, Hugo Krawczyk > wrote: > I have mentioned this in private conversations but let me say this here: I > would prefer that the

Re: [TLS] Data volume limits

2015-12-17 Thread Yoav Nir
> On 17 Dec 2015, at 10:19 AM, Nikos Mavrogiannopoulos wrote: > > On Wed, 2015-12-16 at 09:57 -1000, Brian Smith wrote: > >> Therefore, I think we shouldn't add the rekeying mechanism as it is >> unnecessary and it adds too much complexity. > > Any arbitrary limit for a TLS

Re: [TLS] Explicit use of client and server random values

2015-12-17 Thread Salz, Rich
> Does anyone else object or feel it makes analysis harder? :) Oh yeah, like anyone's gonna disagree with Hugo that this makes the analysis harder :) Paging Watson ... :) -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz

Re: [TLS] Kathleen Moriarty's Yes on draft-ietf-tls-cached-info-20: (with COMMENT)

2015-12-17 Thread Kathleen Moriarty
On Thu, Dec 17, 2015 at 10:09 AM, Stephen Farrell wrote: > > > On 17/12/15 14:58, Kathleen Moriarty wrote: >> Kathleen Moriarty has entered the following ballot position for >> draft-ietf-tls-cached-info-20: Yes >> >> When responding, please keep the subject line intact

[TLS] Kathleen Moriarty's Yes on draft-ietf-tls-cached-info-20: (with COMMENT)

2015-12-17 Thread Kathleen Moriarty
Kathleen Moriarty has entered the following ballot position for draft-ietf-tls-cached-info-20: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to

[TLS] Ben Campbell's No Objection on draft-ietf-tls-cached-info-20: (with COMMENT)

2015-12-17 Thread Ben Campbell
Ben Campbell has entered the following ballot position for draft-ietf-tls-cached-info-20: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to