IETF Logo Mail Archive

Re: [TLS] early IANA code point assignment request for draft-ietf-tls-ecdhe-psk-aead

Xiaoyin Liu <xiaoyin.l@outlook.com> Tue, 18 October 2016 16:23 UTC

Return-Path: <xiaoyin.l@outlook.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5ED01296D4 for <tls@ietfa.amsl.com>; Tue, 18 Oct 2016 09:23:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.718
X-Spam-Level:
X-Spam-Status: No, score=-2.718 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8c8rJ7rQBZt for <tls@ietfa.amsl.com>; Tue, 18 Oct 2016 09:23:03 -0700 (PDT)
Received: from BLU004-OMC1S7.hotmail.com (blu004-omc1s7.hotmail.com [65.55.116.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 753CA1296BC for <tls@ietf.org>; Tue, 18 Oct 2016 09:23:02 -0700 (PDT)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com ([65.55.116.8]) by BLU004-OMC1S7.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Tue, 18 Oct 2016 09:23:01 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BDP221E86x20LCGNLFYNGbxsfu8a+l+RdpBvXFI64qc=; b=QxOUWMPExfZMLAgDOQ8g0IjhVcKYBcI8m3KxTr9LXvvM6A3NVHRQPbope5MOARgJnVIwe9MucBs8UjHDwutoy/7x6hZKzQlHJ1fn9FkEnf4oAj0kDXsy4glhAX3Z4yEjkjTdral3vNwn3usOoLOOxdOvfYebdCqby6GsmysP9gWQwcXwA7v0TBLlg/4P02PKFD0lxFusoyzuHG1GKoxCqcshAGIONaxXiF/Uxjc9ZkEkm7l6foweJbDr7iSSvGIWGp3FzefaAPFCFCCkEhz+Oov4qyxGN/9hcS3gVF/dZhoRkQrvdoJlphK1VpVZc2NBAC/tPT6EEfHVB9K9MbqqQQ==
Received: from BN3NAM04FT039.eop-NAM04.prod.protection.outlook.com (10.152.92.56) by BN3NAM04HT164.eop-NAM04.prod.protection.outlook.com (10.152.93.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5; Tue, 18 Oct 2016 16:23:00 +0000
Received: from CY1PR15MB0778.namprd15.prod.outlook.com (10.152.92.59) by BN3NAM04FT039.mail.protection.outlook.com (10.152.93.3) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5 via Frontend Transport; Tue, 18 Oct 2016 16:23:00 +0000
Received: from CY1PR15MB0778.namprd15.prod.outlook.com ([10.169.22.10]) by CY1PR15MB0778.namprd15.prod.outlook.com ([10.169.22.10]) with mapi id 15.01.0659.025; Tue, 18 Oct 2016 16:22:59 +0000
From: Xiaoyin Liu <xiaoyin.l@outlook.com>
To: Sean Turner <sean@sn3rd.com>, Daniel Migault <daniel.migault@ericsson.com>
Thread-Topic: [TLS] early IANA code point assignment request for draft-ietf-tls-ecdhe-psk-aead
Thread-Index: AQHR8m4rVzjbzGrDOEyISvKtPYtp7qBB76mAgALxGgCAWxduAIABJ+cAgAwbLgCAAWRPgIAAM1bz
Date: Tue, 18 Oct 2016 16:22:59 +0000
Message-ID: <CY1PR15MB0778A186FE5D6D2D7FA19BBFFFD30@CY1PR15MB0778.namprd15.prod.outlook.com>
References: <7D3571C9-9873-4D88-9666-A47D0CD77671@sn3rd.com> <1470821613.2539.44.camel@redhat.com> <CABkgnnVYt_-SwRbO3Jm0ngpOEccL4UNV6wvgZFMco1G9z0uwfw@mail.gmail.com> <D41FA10A.52E40%john.mattsson@ericsson.com> <CABkgnnXKYrop5OA3CNSA6CocJ88esMUM47zcw3g1BJc+LrXXbQ@mail.gmail.com> <CADZyTkmU1uadugpsD+_o8zog0DG8s_mzvKN98m19-4-egWp-NA@mail.gmail.com>, <B7439202-5FDC-441E-AAB6-211D67368025@sn3rd.com>
In-Reply-To: <B7439202-5FDC-441E-AAB6-211D67368025@sn3rd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: sn3rd.com; dkim=none (message not signed) header.d=none;sn3rd.com; dmarc=none action=none header.from=outlook.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [oj/IzEeUXb+sdf9qrxZ6Fd47BbN59W5f]
x-eopattributedmessage: 0
x-microsoft-exchange-diagnostics: 1; BN3NAM04HT164; 6:LFrvVFw+qdF0BW8u2Ymv/qmH+bR2XoXZXfKjuDxM465RRxKHxJTHwvFzoV7Zcq6+b0KjGFf8SQFmnsJzUs3aGdxmYIS3UTVhk6cLG/sZyp1ZLY8xzitJnHePvIhUbZ9zwyL01HygOfr08fY2gxxvxY9oedzyl8jOI0Ug/PZuDFnv+x/7Mdgtqj5NCPc8qQUG8GfwrVEpElTVSprJOWnFFfaR6NwSSVz8MQ/y281QJh5U9VgPKaUGGi5QXQgI6NLnY6Nxydw+t1kn+c0/sF+YoEPlg0Sf7J8aBDB7Ojah2uc=; 5:K09fJQTJHGKj1cTej9xBrgvEudCliAeOaGQ9KUvbO2+g8lnzBtvTfo9dpKqv6/9AXh6DGHpBJ84Gs2DdhGKas8MITc9kY9O242JpBtpk2Vh1cSq2jrG0A/hXpyz44aUVxmcG/KyNxRyc9GP9CoYCtg==; 24:X4izNRqL6ZXB1tgOwzuh7tsSrqH23hJqaP3j5wIpr2FDwnDVLOwyZNGheOA6jz9h6fPuj2K3/bTnuVhd50nwwRLBioZYrTw/IrzgSWBb89o=; 7:/heGTiaxCZl7W6AoKKDxoEAIryqYasB3VoWShkKq2o4VDDG+8UJnVHr+Fia+E7tTHCk7wYIQ3WQQZifw9uGk9byp/NO3n1lrCmmLzyaWNId4OzPSAKrvWDm2Omf6OcKH2rgqXyzvfCyifUlyI3dNw6zuaB2hjYJDHjR9/r/Fi9TfC7Xg/YmpHfI1bvDJ/8ksBxJUCISy/Ca/K7m9Y+GDxOVMzi+bwxFjspT0kopVE1gjVD+mtejb7J0oD49aN8vieL2OpX5mWJw0Elc+3+DWQuzP00o1KB2TR3VxFwSu0qYw32QBwk7soOX4XmvZacnNkyELSkPTre7K4ly1M+Ozmw==
x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(10019020)(98900003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3NAM04HT164; H:CY1PR15MB0778.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en;
x-ms-office365-filtering-correlation-id: f2a9f3a3-073f-4517-05d8-08d3f77306fe
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(1601124038)(1603103081)(1601125047); SRVR:BN3NAM04HT164;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015012)(82015046); SRVR:BN3NAM04HT164; BCL:0; PCL:0; RULEID:; SRVR:BN3NAM04HT164;
x-forefront-prvs: 00997889E7
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR15MB0778A186FE5D6D2D7FA19BBFFFD30CY1PR15MB0778namp_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Oct 2016 16:22:59.8511 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM04HT164
X-OriginalArrivalTime: 18 Oct 2016 16:23:01.0759 (UTC) FILETIME=[E593B0F0:01D2295B]
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/31ZsLpWdskLus-G6L_KKXhAkbIc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] early IANA code point assignment request for draft-ietf-tls-ecdhe-psk-aead
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 16:23:05 -0000

Why does this draft normatively depend on TLS 1.3, even if the cipher suites defined in this draft use the old syntax, which TLS 1.3 no longer uses?



Best,

Xiaoyin

From: Sean Turner<mailto:sean@sn3rd.com>
Sent: Tuesday, October 18, 2016 9:19 AM
To: Daniel Migault<mailto:daniel.migault@ericsson.com>
Cc: tls@ietf.org<mailto:tls@ietf.org>
Subject: Re: [TLS] early IANA code point assignment request for draft-ietf-tls-ecdhe-psk-aead



I think there might be consensus to ask for code points but not early.  This draft can’t really proceed any faster than the TLS1.3 and 4492bis drafts.

spt

> On Oct 17, 2016, at 12:03, Daniel Migault <daniel.migault@ericsson.com> wrote:
>
> Hi,
>
> I am not clear what the consensus is for the following points. Is there any consensus for requesting the following ones?
>
> BR,
> Daniel
>
> TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256   = {0xTBD; 0xTBD} {0xD0,0x01};
> TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384   = {0xTBD; 0xTBD} {0xD0,0x02};
> TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 = {0xTBD; 0xTBD} {0xD0,0x03};
> TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA384 = {0xTBD; 0xTBD} {0xD0,0x04};
> TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256   = {0xTBD; 0xTBD} {0xD0,0x05};
> TLS_ECDHE_PSK_WITH_AES_256_CCM_SHA384   = {0xTBD; 0xTBD} {0xD0,0x06};
>
>
>
> On Sun, Oct 9, 2016 at 7:11 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
> I'm mainly just looking to economize on different configurations.
>
> On 9 October 2016 at 16:32, John Mattsson <john.mattsson@ericsson.com> wrote:
> > Hi Martin,
> >
> >
> > AES_256_CCM_8 was not in the first versions of the draft but added later
> > after request from IoT people (probably afraid of quantum computers).
> >
> >
> > While I think it makes very much sense to have short tags in wireless
> > radio, I do not know how large need there is for AES-256 in IoT for
> > constrained devices, or how large the need would be to truncate the tag in
> > these cases.
> >
> >
> > My current understanding is that Grover’s algorithm may never be more
> > cost-effective than a cluster of classical computers, and that quantum
> > computers therefore likely do not affect the lifetime of AES-128.
> >
> >
> > I do not have any strong opinions regarding keeping AES_256_CCM_8 or not.
> > We should not give the impression that AES-256 is needed for practical
> > resistance to quantum computers anytime soon, it is however a requirement
> > for use by US government. Agree that AES_128_CCM_8 and AES_256_CCM seems
> > like the best choices in most cases.
> >
> >
> > Cheers,
> > John
> >
> >
> >
> > On 12/08/16 08:29, "TLS on behalf of Martin Thomson" <tls-bounces@ietf.org
> > on behalf of martin.thomson@gmail.com> wrote:
> >
> >>Looking at those emails, I am prompted to wonder if anyone can justify
> >>the existence of a ciphersuite with a double-sized key and half-sized
> >>authentication tag.  RFC 6655 doesn't really explain how that is a
> >>useful thing.
> >>
> >>On 10 August 2016 at 19:33, Nikos Mavrogiannopoulos <nmav@redhat.com>
> >>wrote:
> >>> On Tue, 2016-08-09 at 14:45 -0400, Sean Turner wrote:
> >>>> All,
> >>>>
> >>>> We've received a request for early IANA assignments for the 6 cipher
> >>>> suites listed in https://datatracker.ietf.org/doc/draft-ietf-tls-ecdh
> >>>> e-psk-aead/.  Please respond before August 23rd if you have concerns
> >>>> about early code point assignment for these cipher suites.
> >>>
> >>> I have previously raised an issue [0] on these ciphersuites. The same
> >>> requirement was noted also by Peter Dettman as something special in
> >>> [1]. However, there has been no reaction from the authors (now in CC).
> >>>
> >>> regards,
> >>> Nikos
> >>>
> >>> [0].
> >>>https://mailarchive.ietf.org/arch/msg/tls/4PZsc_Dy-aT299BYrlBKvZs0BOQ
> >>> [1].
> >>>https://mailarchive.ietf.org/arch/msg/tls/onEkdgH30eZgWs8v5Rp-CUqCHds
> >>>
> >>> _______________________________________________
> >>> TLS mailing list
> >>> TLS@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/tls
> >>
> >>_______________________________________________
> >>TLS mailing list
> >>TLS@ietf.org
> >>https://www.ietf.org/mailman/listinfo/tls
> >
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email