Re: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 21 March 2016 06:20 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 748B612D675 for <tls@ietfa.amsl.com>; Sun, 20 Mar 2016 23:20:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blAgrkVWeKHP for <tls@ietfa.amsl.com>; Sun, 20 Mar 2016 23:20:44 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3575E12D603 for <tls@ietf.org>; Sun, 20 Mar 2016 23:20:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1458541244; x=1490077244; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=NsJpxd0ZSB/ZXBU2Izts/38AV3W07J/51q+7paX1cDM=; b=25zdx4V4PtttSKRAitEiIx8FOPgKgRPjAy/KHWiJvLn5I9HCV7M74yLu 9B4GPURYux9GV+U/5w3wBYmTnlhUCP8zFVHgSA4/Op3TeEZpG9RfoOJPa j2DU7QvC4FAM5rqCQSHS+wTFrgujqI7nKA8G069EPQEu3WJ7ZVxXQ1UZ4 gbJXm6VeFuwV2iIX4jOCdR7++HwHUWS9uJO3bIfUjWxf2LvJcZH+YTKs0 5r/LrdNJUC3c8iwJLgOwOjh8C28C/sxN4o7ph3aBtrKRzNH18s9+4OdOB ZsFxvruKhos/630ZebXTEXa8vMZfQ9aiDZp/DP9zstwPvFr56+j1tDh/r g==;
X-IronPort-AV: E=Sophos;i="5.24,370,1454929200"; d="scan'208";a="75523174"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([130.216.4.171]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 21 Mar 2016 19:20:43 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.241]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0266.001; Mon, 21 Mar 2016 19:20:42 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Harlan Lieberman-Berg <hlieberman@setec.io>, "mrex@sap.com" <mrex@sap.com>, Colm MacCárthaigh <colm@allcosts.net>
Thread-Topic: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?
Thread-Index: AQHRf6/SV1Ay+QdHmEWVtQKTdggsTJ9bixwAgAMNSQCAAUr1TIACB7IAgAGJD/o=
Date: Mon, 21 Mar 2016 06:20:41 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4C28389@uxcn10-tdc05.UoA.auckland.ac.nz>
References: <CAAF6GDfsMivA_LiWK2xJgyhMTf8ygFo17MN+YkAnTN2-HV8Ryw@mail.gmail.com> <20160318170854.CB0801A471@ld9781.wdf.sap.corp> <9A043F3CF02CD34C8E74AC1594475C73F4C2687E@uxcn10-tdc05.UoA.auckland.ac.nz>, <87zitt2af9.fsf@setec.io>
In-Reply-To: <87zitt2af9.fsf@setec.io>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.6.3.2]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/4aGoEwtFEpCbysPIESL2Rb7UWGw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 06:20:45 -0000

Harlan Lieberman-Berg <hlieberman@setec.io> writes:

>Couldn't you say the same about CTR mode, or stream ciphers themselves?

Yep, the KSG ciphers are all equally bad, just RC4 in another form.
Microsoft, and the downstream users of its APIs, were do badly burned by this
over and over again that their build tools now flag any use of RC4 as a
security failure.

Peter.