Re: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?
Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 21 March 2016 06:20 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 748B612D675 for <tls@ietfa.amsl.com>; Sun, 20 Mar 2016 23:20:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blAgrkVWeKHP for <tls@ietfa.amsl.com>; Sun, 20 Mar 2016 23:20:44 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3575E12D603 for <tls@ietf.org>; Sun, 20 Mar 2016 23:20:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1458541244; x=1490077244; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=NsJpxd0ZSB/ZXBU2Izts/38AV3W07J/51q+7paX1cDM=; b=25zdx4V4PtttSKRAitEiIx8FOPgKgRPjAy/KHWiJvLn5I9HCV7M74yLu 9B4GPURYux9GV+U/5w3wBYmTnlhUCP8zFVHgSA4/Op3TeEZpG9RfoOJPa j2DU7QvC4FAM5rqCQSHS+wTFrgujqI7nKA8G069EPQEu3WJ7ZVxXQ1UZ4 gbJXm6VeFuwV2iIX4jOCdR7++HwHUWS9uJO3bIfUjWxf2LvJcZH+YTKs0 5r/LrdNJUC3c8iwJLgOwOjh8C28C/sxN4o7ph3aBtrKRzNH18s9+4OdOB ZsFxvruKhos/630ZebXTEXa8vMZfQ9aiDZp/DP9zstwPvFr56+j1tDh/r g==;
X-IronPort-AV: E=Sophos;i="5.24,370,1454929200"; d="scan'208";a="75523174"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([130.216.4.171]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 21 Mar 2016 19:20:43 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.241]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0266.001; Mon, 21 Mar 2016 19:20:42 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Harlan Lieberman-Berg <hlieberman@setec.io>, "mrex@sap.com" <mrex@sap.com>, Colm MacCárthaigh <colm@allcosts.net>
Thread-Topic: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?
Thread-Index: AQHRf6/SV1Ay+QdHmEWVtQKTdggsTJ9bixwAgAMNSQCAAUr1TIACB7IAgAGJD/o=
Date: Mon, 21 Mar 2016 06:20:41 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4C28389@uxcn10-tdc05.UoA.auckland.ac.nz>
References: <CAAF6GDfsMivA_LiWK2xJgyhMTf8ygFo17MN+YkAnTN2-HV8Ryw@mail.gmail.com> <20160318170854.CB0801A471@ld9781.wdf.sap.corp> <9A043F3CF02CD34C8E74AC1594475C73F4C2687E@uxcn10-tdc05.UoA.auckland.ac.nz>, <87zitt2af9.fsf@setec.io>
In-Reply-To: <87zitt2af9.fsf@setec.io>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.6.3.2]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/4aGoEwtFEpCbysPIESL2Rb7UWGw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 06:20:45 -0000
Harlan Lieberman-Berg <hlieberman@setec.io> writes: >Couldn't you say the same about CTR mode, or stream ciphers themselves? Yep, the KSG ciphers are all equally bad, just RC4 in another form. Microsoft, and the downstream users of its APIs, were do badly burned by this over and over again that their build tools now flag any use of RC4 as a security failure. Peter.
- [TLS] Are the AEAD cipher suites a security trade… Colm MacCárthaigh
- Re: [TLS] Are the AEAD cipher suites a security t… Tom Ritter
- Re: [TLS] Are the AEAD cipher suites a security t… Colm MacCárthaigh
- Re: [TLS] Are the AEAD cipher suites a security t… Alexandre Anzala-Yamajako
- Re: [TLS] Are the AEAD cipher suites a security t… Paterson, Kenny
- Re: [TLS] Are the AEAD cipher suites a security t… Adam Langley
- Re: [TLS] Are the AEAD cipher suites a security t… Colm MacCárthaigh
- Re: [TLS] Are the AEAD cipher suites a security t… Colm MacCárthaigh
- Re: [TLS] Are the AEAD cipher suites a security t… Colm MacCárthaigh
- Re: [TLS] Are the AEAD cipher suites a security t… Salz, Rich
- Re: [TLS] Are the AEAD cipher suites a security t… Benjamin Beurdouche
- Re: [TLS] Are the AEAD cipher suites a security t… Martin Rex
- Re: [TLS] Are the AEAD cipher suites a security t… Martin Rex
- Re: [TLS] Are the AEAD cipher suites a security t… Peter Gutmann
- Re: [TLS] Are the AEAD cipher suites a security t… Harlan Lieberman-Berg
- Re: [TLS] Are the AEAD cipher suites a security t… Eric Rescorla
- Re: [TLS] Are the AEAD cipher suites a security t… Peter Gutmann