Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-06

Benjamin Kaduk <kaduk@MIT.EDU> Fri, 17 April 2015 23:32 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D2531B30E9 for <kitten@ietfa.amsl.com>; Fri, 17 Apr 2015 16:32:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KV7Fz7lIiWys for <kitten@ietfa.amsl.com>; Fri, 17 Apr 2015 16:32:57 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B63561B30EA for <kitten@ietf.org>; Fri, 17 Apr 2015 16:32:57 -0700 (PDT)
X-AuditID: 1209190c-f792b6d000000d1f-6d-55319827d1d5
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 95.60.03359.82891355; Fri, 17 Apr 2015 19:32:56 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id t3HNWt67027223; Fri, 17 Apr 2015 19:32:55 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t3HNWpgS000353 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 17 Apr 2015 19:32:54 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t3HNWo3J002915; Fri, 17 Apr 2015 19:32:50 -0400 (EDT)
Date: Fri, 17 Apr 2015 19:32:50 -0400 (EDT)
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Nico Williams <nico@cryptonector.com>
In-Reply-To: <20150417215725.GL13041@localhost>
Message-ID: <alpine.GSO.1.10.1504171930300.22210@multics.mit.edu>
References: <alpine.GSO.1.10.1503301227280.22210@multics.mit.edu> <551D6C35.4080108@mit.edu> <alpine.GSO.1.10.1504081626110.22210@multics.mit.edu> <5525B044.8070509@mit.edu> <5526CDBA.3030102@secure-endpoints.com> <alpine.GSO.1.10.1504091823240.22210@multics.mit.edu> <55272D53.9020503@secure-endpoints.com> <alpine.GSO.1.10.1504171436450.22210@multics.mit.edu> <20150417215725.GL13041@localhost>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFIsWRmVeSWpSXmKPExsUixG6noqsxwzDUYOErToujm1exWJy6doTN gcnj5alzjB5LlvxkCmCK4rJJSc3JLEst0rdL4Mq4/bePteAQa8XXud3sDYw7WboYOTkkBEwk lk/Ywwhhi0lcuLeeDcQWEljMJLHriVUXIxeQvZFRYsPyzewQziEmiQ/b/jJBOA2MEsuPzgAb xSKgLXH39T92EJtNQEVi5puNYKNEBDQlrs9bCmYzCwhLrD83gxnEFhZwkZi1ZQVYPaeAvsTC 6T/AangFHCWOzm1hhljQxyxx9ugqsAWiAjoSq/dPYYEoEpQ4OfMJC8RQLYnl07exTGAUnIUk NQtJagEj0ypG2ZTcKt3cxMyc4tRk3eLkxLy81CJdQ73czBK91JTSTYygYOWU5NnB+Oag0iFG AQ5GJR7eA/EGoUKsiWXFlbmHGCU5mJREeX2mGoYK8SXlp1RmJBZnxBeV5qQWH2KU4GBWEuGd nguU401JrKxKLcqHSUlzsCiJ8276wRciJJCeWJKanZpakFoEk5Xh4FCS4FWaDtQoWJSanlqR lplTgpBm4uAEGc4DNFwUpIa3uCAxtzgzHSJ/ilGX486U/4uYhFjy8vNSpcR5GUCKBECKMkrz 4ObAkswrRnGgt4R5rUCqeIAJCm7SK6AlTEBLSncYgCwpSURISTUwrlmX2jp9tdOsx6wVa0+5 3Husafj/tMLvegllt/5tq/wTfYQP9hhXffHx1ksq/6SmP33yTfv0Y+sC704tuyAwO3XVh/ku R3xvb7yz4//Tx6lXdr/72bphjphg312nvb8vPiuyrvC8o621LC3H6eLbmt3fj58x1XLfXHsr MnH1DrkVm9fKhDwv2aXEUpyRaKjFXFScCAB6ZoLVDQMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/b8lwu4Zt9qxDYyW13PswctT030A>
Cc: kitten@ietf.org
Subject: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-06
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Apr 2015 23:32:59 -0000

On Fri, 17 Apr 2015, Nico Williams wrote:

> We're definitely in shape to *add* enctypes now.  Interop issues from
> dealing with 3DES and RC4 have shaken out the sorts of bugs that would
> make adding new enctypes difficult.

Well, the enctype-selection logic should be in reasonable shape, but I
think some implementations will have some work to do for actually
generating and using these keys for service principals, since the KDC
ought not generate them without explicit signal from the service that its
implementation supports the new enctype.  I don't think everybody is in
good shape, there.

For tightly controlled environments, of course, there is no concern in
this space.

-Ben