IETF Logo Mail Archive

Re: [TLS] I-D Action:draft-ietf-tls-rfc4366-bis-09.txt

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 15 June 2010 06:26 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 20A4E3A6867 for <tls@core3.amsl.com>; Mon, 14 Jun 2010 23:26:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.703
X-Spam-Level:
X-Spam-Status: No, score=-0.703 tagged_above=-999 required=5 tests=[AWL=-0.704, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wFN4HIYJ6JhC for <tls@core3.amsl.com>; Mon, 14 Jun 2010 23:26:48 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 642113A67E5 for <tls@ietf.org>; Mon, 14 Jun 2010 23:26:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1276583213; x=1308119213; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20juhovh@iki.fi,=20nmav@gnutls.org|Subject:=20Re:=20 [TLS]=20I-D=20Action:draft-ietf-tls-rfc4366-bis-09.txt |Cc:=20tls@ietf.org|In-Reply-To:=20<4C15E704.3050805@iki. fi>|Message-Id:=20<E1OOPbl-0005ib-16@wintermute02.cs.auck land.ac.nz>|Date:=20Tue,=2015=20Jun=202010=2018:26:49=20+ 1200; bh=xeVlA5PU0lc9+EnIYFzaJ6aFKsCdr6IqPWClsHEfTGk=; b=B9i4Dx4/HHAtsMGWzaLR5iJJSqAXdVs7FVBEDI0v6jZf6OaDq1t2uKwT w6v+8UXmgyA6yd1SmEmHOehq8vC3JMRU+HsuIhl1XfOXKoRl+7IRBUIcp ZMlRmYEVZYSw7o4yia70oSsfBrxVexZzrgiCdsTDlSA1RZpyMaWCPhfnV Y=;
X-IronPort-AV: E=Sophos;i="4.53,419,1272801600"; d="scan'208";a="11205094"
X-Ironport-HAT: UNIVERSITY - $RELAY-THROTTLE
X-Ironport-Source: 130.216.207.92 - Outgoing - Outgoing
Received: from wintermute02.cs.auckland.ac.nz ([130.216.207.92]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 15 Jun 2010 18:26:49 +1200
Received: from pgut001 by wintermute02.cs.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@cs.auckland.ac.nz>) id 1OOPbl-0005ib-16; Tue, 15 Jun 2010 18:26:49 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: juhovh@iki.fi, nmav@gnutls.org
In-Reply-To: <4C15E704.3050805@iki.fi>
Message-Id: <E1OOPbl-0005ib-16@wintermute02.cs.auckland.ac.nz>
Date: Tue, 15 Jun 2010 18:26:49 +1200
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action:draft-ietf-tls-rfc4366-bis-09.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2010 06:26:50 -0000

=?UTF-8?B?SnVobyBWw6Row6QtSGVydHR1YQ==?= <juhovh@iki.fi> writes:

>One of the biggest bottlenecks in TLS decryption performance I can see, is
>the stream and CBC block ciphers requiring decryption before the MAC
>calculation can be initiated. Therefore, if the decryption and encryption
>performance is really important, I'd rather concentrate on getting the AES-
>GCM and AES-CCM ciphers into wider use in TLS.

Why not allow encrypt-then-MAC to be negotiated in an extension?  This is a
really trivial change to existing code (arguably it could have been done for
TLS 1.2, since that incompatibly changes lots of the other crypto as well),
and means it'd follow encrypt-then-MAC best practice for security.

Peter.

v2.23.0 | Report a Bug | By Email