Re: [TLS] Call for WG adoption of draft-mattsson-tls-ecdhe-psk-aead
Nikos Mavrogiannopoulos <nmav@redhat.com> Tue, 26 April 2016 14:05 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50AB612D1D4 for <tls@ietfa.amsl.com>; Tue, 26 Apr 2016 07:05:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.918
X-Spam-Level:
X-Spam-Status: No, score=-7.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lsH-U_f8xhub for <tls@ietfa.amsl.com>; Tue, 26 Apr 2016 07:05:50 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1644A12D1B2 for <tls@ietf.org>; Tue, 26 Apr 2016 07:05:50 -0700 (PDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C05C846291; Tue, 26 Apr 2016 14:05:49 +0000 (UTC)
Received: from dhcp-10-40-1-102.brq.redhat.com ([10.40.2.205]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u3QE5l2t023776 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 26 Apr 2016 10:05:49 -0400
Message-ID: <1461679547.15804.53.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Sean Turner <sean@sn3rd.com>, tls <tls@ietf.org>
Date: Tue, 26 Apr 2016 16:05:47 +0200
In-Reply-To: <E7FC2BE3-0BEF-4F1C-A394-73A54701803E@sn3rd.com>
References: <E7FC2BE3-0BEF-4F1C-A394-73A54701803E@sn3rd.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/4PZsc_Dy-aT299BYrlBKvZs0BOQ>
Subject: Re: [TLS] Call for WG adoption of draft-mattsson-tls-ecdhe-psk-aead
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 14:05:56 -0000
On Mon, 2016-04-25 at 08:17 -0700, Sean Turner wrote: > All, > > draft-mattsson-tls-ecdhe-psk-aead includes some cipher suites that > are needed for TLS1.3. We need to get these officially registered so > the chairs would like to hear whether there is WG support for > adopting draft-mattsson-tls-ecdhe-psk-aead. Please let us know > whether you: I support this draft. However see comment below. The text: "For the AES-128 cipher suites, the TLS Pseudorandom Function (PRF) with SHA-256 as the hash function SHALL be used and Clients and Servers MUST NOT negotiate curves of less than 255 bits." is very tricky. Implementations do not restrict ciphersuites based on curves (there is no such notion in TLS, nor mentioned in rfc4492), and I cannot even think how a TLS handshake implementation would look like if each different ciphersuite has specific curve requirements. Note that this requirement is unlike the suiteB RFC (rfc6460) that also restricts the curves. SuiteB specifies a profile/set of parameters which include ciphersuites, while this draft only defines ciphersuite code points. If a side goal of this draft is to deprecate the <255 bit elliptic curves from TLS 1.2, or to unify security levels across ciphersuites then I'd recommend to do that with a separate RFC rather than bundling it into a code-point assignment RFC. regards, Nikos
- [TLS] Call for WG adoption of draft-mattsson-tls-… Sean Turner
- Re: [TLS] Call for WG adoption of draft-mattsson-… Sean Turner
- Re: [TLS] Call for WG adoption of draft-mattsson-… Andrei Popov
- Re: [TLS] Call for WG adoption of draft-mattsson-… Dave Garrett
- Re: [TLS] Call for WG adoption of draft-mattsson-… Martin Thomson
- Re: [TLS] Call for WG adoption of draft-mattsson-… Nikos Mavrogiannopoulos
- Re: [TLS] Call for WG adoption of draft-mattsson-… Hannes Tschofenig
- Re: [TLS] Call for WG adoption of draft-mattsson-… Dave Garrett