IETF Logo Mail Archive

Re: [MLS] Substitute AES-128-GCM with AES-256-GCM for TreeKEM

"Salz, Rich" <rsalz@akamai.com> Thu, 20 September 2018 12:07 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4F96130E9A for <mls@ietfa.amsl.com>; Thu, 20 Sep 2018 05:07:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzyCljsWgR7a for <mls@ietfa.amsl.com>; Thu, 20 Sep 2018 05:07:19 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51029130DE2 for <mls@ietf.org>; Thu, 20 Sep 2018 05:07:19 -0700 (PDT)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w8KC73Nh021988; Thu, 20 Sep 2018 13:07:18 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=XXuh2uQU46zxb6ses/MKFA0YiSKFAluUIwMZE+tEHi4=; b=mq7/prHB9yEXlLbvRQTlaxWrQ8slDEU/faY3RU/Ym4bhb6ziYgDL2RKjXETZ1C16BElH Xe+Mf4KvKJc0b1HKQ7BPAspcLU3IzHvtCRZfYAOx9rFYzN/TtrCWdTvXiZnINsfSj56v ulhW+sy8Z/Vx7zjnIDsqVbNXKDD0AqfPoPl70m27P/d9J4UNHXdQFxa753czLdPuV0rc FtHrL1TOw7nFbA4CQ5oh+rt492mxAW6lupCwmGotPMqVfOnbBuqRaSezrxJzYGH/fKA6 FwBt65RfX7Glor4XDAjpEYHs/6U2OTstEyF8eXUPH33o5U3w5pLVDGGFaLsv7NFCTGsz Ug==
Received: from prod-mail-ppoint4 (a96-6-114-87.deploy.static.akamaitechnologies.com [96.6.114.87] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2mkske2hwb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 20 Sep 2018 13:07:18 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w8KC4v0P000357; Thu, 20 Sep 2018 08:07:17 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint4.akamai.com with ESMTP id 2mgwdvsayp-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 20 Sep 2018 08:07:16 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Thu, 20 Sep 2018 08:06:57 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Thu, 20 Sep 2018 08:06:57 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Richard Barnes <rlb@ipv.sx>
CC: Raphael Robert <raphael@wire.com>, "mls@ietf.org" <mls@ietf.org>
Thread-Topic: [MLS] Substitute AES-128-GCM with AES-256-GCM for TreeKEM
Thread-Index: AQHUUDygXlE2RNBLW0SuJXugYVQdcqT4K+EAgAEXsAD//82kAIAARPuA//++MYA=
Date: Thu, 20 Sep 2018 12:06:57 +0000
Message-ID: <ACCADDD9-3588-44B4-80C5-59D1E9F9BB10@akamai.com>
References: <7397E576-521F-4198-9232-C59530877E19@wire.com> <CAL02cgQb0BnPKQ015Uh5VOAsvSD6iXK4AE==Vyw9WXac0Th_kg@mail.gmail.com> <911130F4-8B46-45C9-A4A6-8359A950DD48@wire.com> <E91763CB-C647-4E83-BC01-0ECD22254F46@akamai.com> <CAL02cgQ1SiGCZ8VUV+V8Ak5Qt7WiDsXD_nzDs_Kbpvn-pNyNHw@mail.gmail.com>
In-Reply-To: <CAL02cgQ1SiGCZ8VUV+V8Ak5Qt7WiDsXD_nzDs_Kbpvn-pNyNHw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.11.0.180909
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.40.146]
Content-Type: multipart/alternative; boundary="_000_ACCADDD9358844B480C559D1E9F9BB10akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-09-20_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=737 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809200124
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-09-20_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=739 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809200124
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/6afcT8-u-n5thWv9MpqPX0LZy98>
Subject: Re: [MLS] Substitute AES-128-GCM with AES-256-GCM for TreeKEM
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Sep 2018 12:07:21 -0000

  *   The parts of a ciphersuite work together, so the idea is roughly that there's no point in adding one super strong link to the chain if the others are weak.

Well, there could be, but I get the point.

Is there a reason to think 128 is not strong enough?

v2.46.0 | Report a Bug | By Email | System Status