Re: [tcpinc] We need MTI symmetric algorithms too!

"Black, David" <David.Black@dell.com> Fri, 03 November 2017 17:56 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA37313FF0A for <tcpinc@ietfa.amsl.com>; Fri, 3 Nov 2017 10:56:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=T5q5pZcy; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=rD/UN1Y2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7TgxChXPDCkb for <tcpinc@ietfa.amsl.com>; Fri, 3 Nov 2017 10:56:30 -0700 (PDT)
Received: from esa3.dell-outbound.iphmx.com (esa3.dell-outbound.iphmx.com [68.232.153.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6620413FF17 for <tcpinc@ietf.org>; Fri, 3 Nov 2017 10:56:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1509731306; x=1541267306; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=Ja0ttIKB2mhXFzfsamBsCqy4lozWpGKw0WSDh/LIQn4=; b=T5q5pZcyXra7Ag6G4Bk/uSHLCRZMcGgmVJdF8n4DV8QD7kbOlXTxSoP5 JJthG2FnDNxs8Kj3unZgCpqaD3suDLxs3IiLVR63pVoNC7emuNZbtxyf0 s+YCBwkewP2VjOTBK56SIPPwO2/Y25r0b1wyzhuLo01NQD9/UlpA8Co5a 8=;
Received: from esa2.dell-outbound2.iphmx.com ([68.232.153.202]) by esa3.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Nov 2017 12:48:26 -0500
From: "Black, David" <David.Black@dell.com>
Received: from mailuogwdur.emc.com ([128.221.224.79]) by esa2.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Nov 2017 23:48:36 +0600
Received: from maildlpprd53.lss.emc.com (maildlpprd53.lss.emc.com [10.106.48.157]) by mailuogwprd52.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id vA3HuS14019203 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <tcpinc@ietf.org>; Fri, 3 Nov 2017 13:56:29 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com vA3HuS14019203
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1509731789; bh=TxH3fEaGF73NMWJLRyCHpnjGeCM=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=rD/UN1Y2RPqxkXbcHbHKzczBjtxrACyqjOrMeDGlIDLMTxsQ1VU5wybMR+vy4R0aD MwvMZgO1L8ShxaYKQm0zA4ryxqvjp2eQRgke11ADxjBBUysI95SZvNVszbjfPQa+AH JfMoYhr6HzJ+mzHDfe3Gr88yoKD7Ksrap963CcFQ=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com vA3HuS14019203
Received: from mailusrhubprd01.lss.emc.com (mailusrhubprd01.lss.emc.com [10.253.24.19]) by maildlpprd53.lss.emc.com (RSA Interceptor) for <tcpinc@ietf.org>; Fri, 3 Nov 2017 13:56:14 -0400
Received: from MXHUB305.corp.emc.com (MXHUB305.corp.emc.com [10.146.3.31]) by mailusrhubprd01.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id vA3HuHUV007297 (version=TLSv1.2 cipher=AES128-SHA256 bits=128 verify=FAIL) for <tcpinc@ietf.org>; Fri, 3 Nov 2017 13:56:18 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB305.corp.emc.com ([10.146.3.31]) with mapi id 14.03.0352.000; Fri, 3 Nov 2017 13:56:17 -0400
To: tcpinc <tcpinc@ietf.org>
Thread-Topic: [tcpinc] We need MTI symmetric algorithms too!
Thread-Index: AQHTTPMclyI45LfEZE+GvEpT1bDkaaMC/63A
Date: Fri, 3 Nov 2017 17:56:16 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362FD2D66A@MX307CL04.corp.emc.com>
References: <20171024180818.GA82777@scs.stanford.edu>
In-Reply-To: <20171024180818.GA82777@scs.stanford.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.238.44.138]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd01.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/oVx3L27thKd8ep3vKzBF7sFKv4g>
Subject: Re: [tcpinc] We need MTI symmetric algorithms too!
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 17:56:34 -0000

The absence of comments has been taken as absence of objection, hence what Daniel proposed is what has been done.

See the just-posted version of the tcpcrypt draft for details.

Thanks, --David

> -----Original Message-----
> From: Tcpinc [mailto:tcpinc-bounces@ietf.org] On Behalf Of Daniel B Giffin
> Sent: Tuesday, October 24, 2017 2:08 PM
> To: tcpinc <tcpinc@ietf.org>
> Subject: [tcpinc] We need MTI symmetric algorithms too!
> 
> Somehow we overlooked this: the tcpcrypt document does not
> currently mandate that implementations support any
> particular symmetric (AEAD) algorithms.
> 
> We need to make something mandatory-to-implement, of course,
> in order to ensure that compliant implementations can talk
> to each other.
> 
> We propose this disposition for the three algorithms
> currently specified for tcpcrypt:
> 
>      MUST: AES128-GCM
>    SHOULD: AES256-GCM
>    SHOULD: CHACHA20_POLY1305
> 
> This is the arrangement TLS 1.3 uses as well.
> 
> Please comment as soon as possible if you have any concerns
> with this approach.
> 
> Thanks,
> daniel
> 
> _______________________________________________
> Tcpinc mailing list
> Tcpinc@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpinc