Re: [TLS] Suite B compliance of TLS 1.2

Brian Minard <bminard@certicom.com> Wed, 26 July 2006 18:47 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5oPR-0004lf-O8; Wed, 26 Jul 2006 14:47:05 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5oPR-0004lV-6Y for tls@ietf.org; Wed, 26 Jul 2006 14:47:05 -0400
Received: from nat194.certicom.com ([66.48.18.194] helo=mail.ca.certicom.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5oPO-0003Ex-UT for tls@ietf.org; Wed, 26 Jul 2006 14:47:05 -0400
Received: from spamfilter.certicom.com (localhost.localdomain [127.0.0.1]) by mail.ca.certicom.com (Postfix) with ESMTP id 9EE61100233D5 for <tls@ietf.org>; Wed, 26 Jul 2006 14:46:59 -0400 (EDT)
Received: from mail.ca.certicom.com ([127.0.0.1]) by spamfilter.certicom.com (storm [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11981-12 for <tls@ietf.org>; Wed, 26 Jul 2006 14:46:54 -0400 (EDT)
Received: from certicom1.certicom.com (domino1.certicom.com [10.0.1.24]) by mail.ca.certicom.com (Postfix) with ESMTP id 27E9A100233C9 for <tls@ietf.org>; Wed, 26 Jul 2006 14:46:54 -0400 (EDT)
Received: from ce00182.certicom.com ([10.0.2.59]) by certicom1.certicom.com (Lotus Domino Release 6.5.4) with ESMTP id 2006072614460782-2997 ; Wed, 26 Jul 2006 14:46:07 -0400
Received: from ce00182.certicom.com (localhost.certicom.com [127.0.0.1]) by ce00182.certicom.com (8.13.3/8.13.3) with ESMTP id k6QIkqpV015724 for <tls@ietf.org>; Wed, 26 Jul 2006 14:46:52 -0400 (EDT) (envelope-from bminard@ce00182.certicom.com)
Received: (from bminard@localhost) by ce00182.certicom.com (8.13.3/8.13.3/Submit) id k6QIkmQ1015723 for tls@ietf.org; Wed, 26 Jul 2006 14:46:48 -0400 (EDT) (envelope-from bminard)
Date: Wed, 26 Jul 2006 14:46:48 -0400
From: Brian Minard <bminard@certicom.com>
To: tls@ietf.org
Subject: Re: [TLS] Suite B compliance of TLS 1.2
Message-ID: <20060726184648.GE14789@certicom.com>
References: <44C6B8C1.3040500@redhat.com> <86fygpyoir.fsf@raman.networkresonance.com>
MIME-Version: 1.0
In-Reply-To: <86fygpyoir.fsf@raman.networkresonance.com>
User-Agent: mutt-ng/devel-r804 (FreeBSD)
X-MIMETrack: Itemize by SMTP Server on Certicom1/Certicom(Release 6.5.4|March 27, 2005) at 07/26/2006 02:46:07 PM, Serialize by Router on Certicom1/Certicom(Release 6.5.4|March 27, 2005) at 07/26/2006 02:46:09 PM, Serialize complete at 07/26/2006 02:46:09 PM
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

On Tue, Jul 25, 2006 at 09:32:28PM -0700, Eric Rescorla wrote:

> Wan-Teh Chang <wtchang@redhat.com> writes:
>
> > - define cipher suites whose MAC algorithm is Suite B
> > compliant. Since Suite B doesn't include any MAC algorithms
> > and the recent collision attack on SHA-1 doesn't extend to
> > HMAC-SHA-1, this goal may be controversial.
>
> I'm not that familiar with Suite B, but if it, as you say,
> it doesn't include a MAC algorithm, I'm not sure what you're
> suggesting for message integrity.

I don't entirely understand these statements. Is there a reason
why new cipher suites supporting SHA-256, -384, or -512, couldn't
be defined using the existing HMAC? 

Why doesn't this solve the message integrity issue?

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls