IETF Logo Mail Archive

Re: [TLS] Inclusion of OCB mode in TLS 1.3

Aaron Zauner <azet@azet.org> Mon, 19 January 2015 14:03 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66B721B2A5D for <tls@ietfa.amsl.com>; Mon, 19 Jan 2015 06:03:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sF79QSHKAn-F for <tls@ietfa.amsl.com>; Mon, 19 Jan 2015 06:03:36 -0800 (PST)
Received: from mail-wi0-f171.google.com (mail-wi0-f171.google.com [209.85.212.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BE5B1B2A2A for <tls@ietf.org>; Mon, 19 Jan 2015 06:03:36 -0800 (PST)
Received: by mail-wi0-f171.google.com with SMTP id l15so7572943wiw.4 for <tls@ietf.org>; Mon, 19 Jan 2015 06:03:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=mzrsGKVemSOXfx6JzE0l/tLEwTkc/kP1Q3xD3YLVU4k=; b=gkikPqTH2+MZky5fzQT8DjTVmTqTXrB7eXFE+zJhvLEEQ/dAewgvAVWyQL6Dr0lyuC xSmFBZb2P8gND54TOAR7bexgndRn6hynbwAYU3rvi5hhoMu12bNivxoadbhnJA9C6q7e 0WPzwaCYU5yJ6HSlkU2BwmM+EkNrbiMqeAgZKEayrj9bYFTdF2x2gSu4HYoNcckqQYr7 VUxnoLvIGG7a6kd3D4YxH2iKS+dy7NGhFhfU/lR0mTrvHrMw4hRiUAzDLNNxGwr12dfY huQMMlSay5cbLyAEXKrtNWHjiXBH9FqMYFMdSISUs0hbFH2P9jkc01US80f6hxH0AM2B zfEA==
X-Gm-Message-State: ALoCoQlmF0MLoFOJJfTkfekrZL5Fg1eKlippymKQ+ME4fOYVtvVlYBroT9mOIPRDR0HOeSwWDaYg
X-Received: by 10.194.24.103 with SMTP id t7mr33787529wjf.15.1421676215156; Mon, 19 Jan 2015 06:03:35 -0800 (PST)
Received: from [10.0.0.142] (chello080108032135.14.11.univie.teleweb.at. [80.108.32.135]) by mx.google.com with ESMTPSA id i3sm14313011wie.23.2015.01.19.06.03.33 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 19 Jan 2015 06:03:34 -0800 (PST)
Message-ID: <54BD0EB2.3050009@azet.org>
Date: Mon, 19 Jan 2015 15:03:30 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Alex Elsayed <eternaleye@gmail.com>
References: <54B5501A.4070402@azet.org> <m9g7k3$olu$1@ger.gmane.org>
In-Reply-To: <m9g7k3$olu$1@ger.gmane.org>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig2AF425961A7F66DC2480836E"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/93zH91n-21-hM_jrfi8xtzsNZh4>
Cc: tls@ietf.org
Subject: Re: [TLS] Inclusion of OCB mode in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jan 2015 14:03:38 -0000


Alex Elsayed wrote:
> Aaron Zauner wrote:
> 
>> Hi TLS-WG,
>>
>> Over the last couple of days I've again looked into OCB, read the
>> original paper as well as quite some literature on it, patents, CFRG
>> discussion et cetera.
>>
>> OCB looks like an elegant and parallel mode for inclusion in TLS.
>> I've searched through recent TLS-WG discussion, OCB has been
>> mentioned in passing as has EAX(2). When first looking into that my
>> main concerns were:
>>
>>    * IPR/patents: the authors have granted access to OSI licensed
>>      software as well as to commercial (non military!) software for
>>      all use [0] [1].
> <snip>
> 
> Note that while the authors have licensed their patents, IIRC there are 
> still concerns over whether the Gligor & Donescu or Jutla patents [1] apply.
> 
> In addition, I'd like to call the attention of the group to the CAESAR AEAD 
> competition [2], in which there are multiple entrants (and Rogaway &c has 
> submitted a new mode "AEZ" in addition to OCB). There is a mailing list [3] 
> for discussion and a wiki [4] which has collected the entrants, similar to 
> the SHA-3 Zoo.

I've already noted CAESAR in this thread. The problem being: the
competition ends in 2017 as far as I know. Until then we're stuck with
what we have right now (plus ChaCha20/Poly1305 probably).

Aaron

> 
> One thing in particular that may be worth thinking about is that several of 
> the modes proposed are nonce-misuse resistant, akin to SIV.
> 
> 
> [1] 6,963,976, 6,973,187, 7,093,126, and 8,107,620.
> [2] http://competitions.cr.yp.to/caesar.html
> [3] https://groups.google.com/forum/#!forum/crypto-competitions
> [4] http://aezoo.compute.dtu.dk/

v2.23.0 | Report a Bug | By Email