Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id A861D12017F
 for <quic-issues@ietfa.amsl.com>; Fri, 17 May 2019 05:42:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level: 
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001,
 MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001,
 SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
 header.d=github.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id kA1w-sVX577O for <quic-issues@ietfa.amsl.com>;
 Fri, 17 May 2019 05:42:53 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id B8BE012004F
 for <quic-issues@ietf.org>; Fri, 17 May 2019 05:42:53 -0700 (PDT)
Date: Fri, 17 May 2019 05:42:52 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com;
 s=pf2014; t=1558096972;
 bh=lepGIItIp38QbA8hIVLYav979Cmp2OwbsTlNft3awuA=;
 h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID:
 List-Archive:List-Post:List-Unsubscribe:From;
 b=qzMEWoxpwwL4rDxxkfkjC/XJvXFOl1Tjo6xFdVBWJ0jbpkcXP1txcLKNCWM6gP6Jl
 +i7qq8H5f8ymLmbXU5AflK7VFK+fPt7uzQmlwjq4Pnfp0463DAR5g+9fMyUk3N3Q2j
 IgNYL+0xb/JeDQ+cdTe28u8N1CmOr370X8ap3lbU=
From: ekr <notifications@github.com>
Reply-To: quicwg/base-drafts
 <reply+AFTOJK6WKDJWT3FWSVCGYUF25PPMZEVBNHHBTAQI4Y@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2581/493439412@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2581@github.com>
References: <quicwg/base-drafts/issues/2581@github.com>
Subject: Re: [quicwg/base-drafts] Bring back AEAD_AES_128_CCM_8 now that we
 pad the plaintext (#2581)
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--==_mimepart_5cdeac4c7d59f_73ea3fc7082cd96811251fd";
 charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/5lrLRmnxQS64r4p0tF-1-Ni7Ies>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG
 <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>,
 <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>,
 <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2019 12:42:56 -0000


----==_mimepart_5cdeac4c7d59f_73ea3fc7082cd96811251fd
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@DavidSchinazi this doesn't seem like a very persuasive analogy, given that HTTP/2 has a long list of rules about disabling ciphers that were present in TLS 1.2:

https://tools.ietf.org/rfcmarkup?doc=7540#section-9.2.2

The reason that it doesn't have that in TLS 1.3 is because (1) TLS 1.3 post-dates HTTP/2 and (2) the suites were chosen according to the same principles

Second, as a practical matter, most browsers do not support CCM_8, and I suspect that will continue to be true for most stacks, partly because performance is not awesome (as it requires computing CBC). If, as @RyanAtGoogle implies, we want to have a cipher with a shorter authentication tag (I'm undecided on this topic myself at present) for general use then we should consult CFRG for one, rather than just use the one that happened to be the one that IoT devices supported.




-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2581#issuecomment-493439412
----==_mimepart_5cdeac4c7d59f_73ea3fc7082cd96811251fd
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a class="user-mention" data-hovercard-type="user" data-hovercard-url="/hovercards?user_id=5599133" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/DavidSchinazi">@DavidSchinazi</a> this doesn't seem like a very persuasive analogy, given that HTTP/2 has a long list of rules about disabling ciphers that were present in TLS 1.2:</p>
<p><a href="https://tools.ietf.org/rfcmarkup?doc=7540#section-9.2.2" rel="nofollow">https://tools.ietf.org/rfcmarkup?doc=7540#section-9.2.2</a></p>
<p>The reason that it doesn't have that in TLS 1.3 is because (1) TLS 1.3 post-dates HTTP/2 and (2) the suites were chosen according to the same principles</p>
<p>Second, as a practical matter, most browsers do not support CCM_8, and I suspect that will continue to be true for most stacks, partly because performance is not awesome (as it requires computing CBC). If, as <a class="user-mention" data-hovercard-type="user" data-hovercard-url="/hovercards?user_id=19561162" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/RyanAtGoogle">@RyanAtGoogle</a> implies, we want to have a cipher with a shorter authentication tag (I'm undecided on this topic myself at present) for general use then we should consult CFRG for one, rather than just use the one that happened to be the one that IoT devices supported.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/quicwg/base-drafts/issues/2581?email_source=notifications&amp;email_token=AFTOJKYONZ4MFZYBE24H5ELPV2R4ZA5CNFSM4HC3I4QKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVUUTNA#issuecomment-493439412">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AFTOJK7LOF5UXON7DS5MN43PV2R4ZANCNFSM4HC3I4QA">mute the thread</a>.<img src="https://github.com/notifications/beacon/AFTOJK4SBJFKYKB4W7OWSXLPV2R4ZA5CNFSM4HC3I4QKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVUUTNA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/quicwg/base-drafts/issues/2581?email_source=notifications\u0026email_token=AFTOJKYONZ4MFZYBE24H5ELPV2R4ZA5CNFSM4HC3I4QKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVUUTNA#issuecomment-493439412",
"url": "https://github.com/quicwg/base-drafts/issues/2581?email_source=notifications\u0026email_token=AFTOJKYONZ4MFZYBE24H5ELPV2R4ZA5CNFSM4HC3I4QKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVUUTNA#issuecomment-493439412",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>
----==_mimepart_5cdeac4c7d59f_73ea3fc7082cd96811251fd--