Re: [TLS] Inclusion of OCB mode in TLS 1.3

Nico Williams <nico@cryptonector.com> Wed, 21 January 2015 16:40 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B39C1A1B1B for <tls@ietfa.amsl.com>; Wed, 21 Jan 2015 08:40:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o15XPTo65KyK for <tls@ietfa.amsl.com>; Wed, 21 Jan 2015 08:40:49 -0800 (PST)
Received: from homiemail-a16.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 7BF981A1B1C for <tls@ietf.org>; Wed, 21 Jan 2015 08:40:49 -0800 (PST)
Received: from homiemail-a16.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a16.g.dreamhost.com (Postfix) with ESMTP id 57BAF50808E; Wed, 21 Jan 2015 08:40:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=6z5BLVln3601Ay IB+NDrrgn8h1g=; b=ggx8vRUo+zy5JESkwFqaxqu8kDuWhbJpLaXNz9fg9dp2z0 vR7eVmCuLRsySlRiyGXNgaq+bCIV4k0xLjabvGiyOCh7DYu/LYnlZbv/WJ8d877L iNDtouBC4fXlA7qkWqohfIgsbuFQ8BGlVTg/605Tjn7hYnd/E7zaZMxC42RRA=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a16.g.dreamhost.com (Postfix) with ESMTPA id E3DAF50808C; Wed, 21 Jan 2015 08:40:48 -0800 (PST)
Date: Wed, 21 Jan 2015 10:40:42 -0600
From: Nico Williams <nico@cryptonector.com>
To: "Salz, Rich" <rsalz@akamai.com>
Message-ID: <20150121164037.GO2350@localhost>
References: <54B5501A.4070402@azet.org> <20150120191819.GA8165@typhoon.azet.org> <6d7dec54c4da410e9a395af0688322df@usma1ex-dag1mb2.msg.corp.akamai.com> <CACsn0cmUUsNFy0w1XpT5L0tWBR6DDGphM7=xZ+qmOFrv0pCuYA@mail.gmail.com> <54456f8f41cc4635ac4fd6a74883f09b@usma1ex-dag1mb2.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <54456f8f41cc4635ac4fd6a74883f09b@usma1ex-dag1mb2.msg.corp.akamai.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/6qTSC9VSJ5GdVb8AIv1jQ2mTgEs>
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] Inclusion of OCB mode in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2015 16:40:50 -0000

On Wed, Jan 21, 2015 at 04:28:07PM +0000, Salz, Rich wrote:
> > If you don't need to support them all, what's the cost (assuming
> > they are all secure)?
> 
> That's a pretty weighty assumption.  And how do you decide which ones
> you have to support, which are MTI, etc?  How do you advise customers

None would be required to implement.

> to use OCB over their favorite national cipher, like GOST or SEED?  Or
> Camellia?

We wouldn't.  Customers who have to give preference to national
ciphers... would, and presumably the legislation and regulations they
are subject to would say something about cipher modes (or, if not, then
what modes they prefer seems irrelevant since it's just a preference and
the negotiation should just work).

Nico
--