RE: [TLS] Issue 56: AES as MTI
"Joseph Salowey \(jsalowey\)" <jsalowey@cisco.com> Wed, 12 September 2007 23:44 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVbsH-0000gI-SA; Wed, 12 Sep 2007 19:44:01 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVbsG-0000gD-VP for tls@ietf.org; Wed, 12 Sep 2007 19:44:00 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IVbsF-0004PS-NY for tls@ietf.org; Wed, 12 Sep 2007 19:44:00 -0400
X-IronPort-AV: E=Sophos;i="4.20,246,1186383600"; d="scan'208";a="217082432"
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 12 Sep 2007 16:43:59 -0700
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id l8CNhxnB004597; Wed, 12 Sep 2007 16:43:59 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l8CNhwat027798; Wed, 12 Sep 2007 23:43:58 GMT
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 12 Sep 2007 16:43:51 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Issue 56: AES as MTI
Date: Wed, 12 Sep 2007 16:43:57 -0700
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE5047D92E0@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <20070912232636.2B5FE33C21@delta.rtfm.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Issue 56: AES as MTI
Thread-Index: Acf1lOMWkVBCdIqQRV+HNq83v1u3KgAAXqdg
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: Eric Rescorla <ekr@networkresonance.com>, "Yee, Peter" <pyee@rsasecurity.com>
X-OriginalArrivalTime: 12 Sep 2007 23:43:51.0866 (UTC) FILETIME=[C5F8B9A0:01C7F596]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1204; t=1189640639; x=1190504639; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com> |Subject:=20RE=3A=20[TLS]=20Issue=2056=3A=20AES=20as=20MTI |Sender:=20; bh=L4cbrm2uvosPVZvkOAKfqw8VNNXt1pu3HRmCUogUvhA=; b=sOpWv674V9W9V17GdlNIPQv2PjGxwBnm3KTC+x9tvUnHKpnae2VRhdOfaTVicrkuaTzbVSCk 09AXQO6j+kUNQTwC8FlG2IOoWmAnprKJ+YVnb4Yt2lv5k2S/bqCvWt3+;
Authentication-Results: sj-dkim-3; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
I'm in favor of having AES as the MTI. I'd have to think a bit more about whether CBC or GCM is appropriate, but either should be fine. Initially, I was thinking AES-CBC, because of the reason Eric mentioned. Joe > -----Original Message----- > From: Eric Rescorla [mailto:ekr@networkresonance.com] > Sent: Wednesday, September 12, 2007 4:27 PM > To: Yee, Peter > Cc: tls@ietf.org > Subject: Re: [TLS] Issue 56: AES as MTI > > At Wed, 12 Sep 2007 19:27:17 -0400, > Yee, Peter wrote: > > > > Just AES in general or a specific key size and mode? I'd generally > > favor the move, although I recognize that AES will probably > be slower > > than RC4 so there will be those who would resist the move. Despite > > that, I'd be in favor of AES-GCM as MTI as it's a whole lot better > > than 3DES_EDE_CBC. > > The current algorithm is 3DES_EDE_CBC. I would imagine we > would use AES_128_CBC. It's a much easier substitution than > GCM and most TLS stacks already support AES-CBC. > > -Ekr > > _______________________________________________ > TLS mailing list > TLS@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Issue 56: AES as MTI Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI Eric Rescorla
- RE: [TLS] Issue 56: AES as MTI Joseph Salowey (jsalowey)
- Re: [TLS] Issue 56: AES as MTI Mike
- [TLS] Re: Issue 56: AES as MTI Simon Josefsson
- Re: [TLS] Issue 56: AES as MTI Russ Housley
- Re: [TLS] Issue 56: AES as MTI Chris Newman
- Re: [TLS] Issue 56: AES as MTI Nelson B Bolyard
- Re: [TLS] Issue 56: AES as MTI Mike
- Re: [TLS] Issue 56: AES as MTI Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI Russ Housley
- Re: [TLS] Issue 56: AES as MTI Chris Newman
- Re: [TLS] Issue 56: AES as MTI Nelson B Bolyard
- Re: [TLS] Issue 56: AES as MTI Nicolas Williams