Re: [TLS] TLS 1.3 (Re: TLS at IETF 88)

Dmitry Belyavsky <beldmit@gmail.com> Wed, 30 October 2013 22:32 UTC

Return-Path: <beldmit@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64B6121E8090 for <tls@ietfa.amsl.com>; Wed, 30 Oct 2013 15:32:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.933
X-Spam-Level:
X-Spam-Status: No, score=-0.933 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mbu6iVkVsxoI for <tls@ietfa.amsl.com>; Wed, 30 Oct 2013 15:32:19 -0700 (PDT)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 23FE421E8092 for <tls@ietf.org>; Wed, 30 Oct 2013 15:32:17 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id er20so1148886lab.35 for <tls@ietf.org>; Wed, 30 Oct 2013 15:32:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dRbdj/OglKKCFVGAGm7E4rcpOqgJPY1oRn3f8g1tVs4=; b=SHBxPRAyyt/8Kvg+1c0ZVfEwylmm6g+8NgR8z+0E9cYRWs7qhWupxY1ESVsoEp9kWO QKOprBBWFK/7XPObEvtGgK1aEO7Q1FJkWvaHlbFmrPBAXoPa/ewKKLqbSMAOCuXAS5kG ws7mmbV4E65stnLWYrkMDvSC4Op8y7xCW3ezBHIy4T8K7mhBCtfqvss202SAdqZ49I3B Tw2c3pUSeLF+89MipRaw38ML4tEzs8IHPceZGos8D68QmoFZOIzra6StHHP2jl/Lvbng ybLcWOPaNbKVcxBGQ0svWKfZfRKor6uTbxmSk/G6xJHPr2/Rnez2muOujflGYQkD1yEy HVKw==
MIME-Version: 1.0
X-Received: by 10.112.130.138 with SMTP id oe10mr445414lbb.1.1383172337124; Wed, 30 Oct 2013 15:32:17 -0700 (PDT)
Received: by 10.114.5.4 with HTTP; Wed, 30 Oct 2013 15:32:17 -0700 (PDT)
In-Reply-To: <52712A6C.4050306@pobox.com>
References: <A95B4818FD85874D8F16607F1AC7C628F81FFA@xmb-rcd-x09.cisco.com> <1FC1B479-ECB7-46AD-83BE-BE0066AF70F5@vpnc.org> <52712A6C.4050306@pobox.com>
Date: Thu, 31 Oct 2013 02:32:17 +0400
Message-ID: <CADqLbzLLAUr4YR86+BCD-1ti66afh8d3P8zF+iJNqrQPiwHF_A@mail.gmail.com>
From: Dmitry Belyavsky <beldmit@gmail.com>
To: "Michael D'Errico" <mike-list@pobox.com>
Content-Type: multipart/alternative; boundary=047d7b3a88dad14b5304e9fce77a
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 (Re: TLS at IETF 88)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 22:32:20 -0000

Hello!

In Russia we have some more authentication mechanisms and at least two
cipher/MAC combinations.


On Wed, Oct 30, 2013 at 7:49 PM, Michael D'Errico <mike-list@pobox.com>wrote;wrote:

> Paul Hoffman wrote:
>
>> On Oct 29, 2013, at 11:16 AM, Joseph Salowey (jsalowey) <
>> jsalowey@cisco.com> wrote:
>>
>>  The TLS working group will meet at IETF 88
>>> Tuesday,November 5, 2013 from 1610 to 1840 PST
>>>
>>> The latest Agenda can be found here: https://datatracker.ietf.org/**
>>> meeting/88/agenda/tls/<https://datatracker.ietf.org/meeting/88/agenda/tls/>
>>>
>>
>> So we can come prepared: What will the topics for the hour of "TLS 1.3"
>> be?
>>
>
> I won't be at the meeting, but the one change I'd like to see in TLS 1.3
> is a separation of cipher suites into two parts - authentication mechanism
> and encryption/mac algorithms.  There are currently only 21 authentication
> mechanisms defined:
>
>     DH_anon
>     DH_DSS
>     DH_RSA
>     DHE_DSS
>     DHE_PSK
>     DHE_RSA
>     ECDH_anon
>     ECDH_ECDSA
>     ECDH_RSA
>     ECDHE_ECDSA
>     ECDHE_PSK
>     ECDHE_RSA
>     KRB5
>     PSK
>     PSK_DHE
>     RSA
>     RSA_PSK
>     SRP_SHA
>     SRP_SHA_DSS
>     SRP_SHA_RSA
>
> and 31 combinations of encryption algorithm and MAC:
>
>     3DES_EDE_CBC_MD5
>     3DES_EDE_CBC_SHA
>     AES_128_CBC_SHA
>     AES_128_CBC_SHA256
>     AES_128_CCM
>     AES_128_CCM_8
>     AES_128_GCM_SHA256
>     AES_256_CBC_SHA
>     AES_256_CBC_SHA256
>     AES_256_CBC_SHA384
>     AES_256_CCM
>     AES_256_CCM_8
>     AES_256_GCM_SHA384
>     ARIA_128_CBC_SHA256
>     ARIA_128_GCM_SHA256
>     ARIA_256_CBC_SHA384
>     ARIA_256_GCM_SHA384
>     CAMELLIA_128_CBC_SHA
>     CAMELLIA_128_CBC_SHA256
>     CAMELLIA_128_GCM_SHA256
>     CAMELLIA_256_CBC_SHA
>     CAMELLIA_256_CBC_SHA256
>     CAMELLIA_256_CBC_SHA384
>     CAMELLIA_256_GCM_SHA384
>     NULL_MD5
>     NULL_SHA
>     NULL_SHA256
>     NULL_SHA384
>     RC4_128_MD5
>     RC4_128_SHA
>     SEED_CBC_SHA
>
> Thus there could be 31 x 20 = 620 usable cipher suites, but we have only
> defined 286 of the possible combinations.
>
> Less-supported authentication mechanisms tend to have fewer options
> available to them.  For example SRP is usable only with 3DES and AES_CBC
> at present since those are the only defined suites.  Separating cipher
> suites into two values would allow any encryption/mac combo to be used
> with any authentication mechanism.
>
> I've noticed that there is current interest in adding more encryption
> algorithms (e.g. Salsa, Chacha) and MACs (UMAC, VMAC, Poly1305) to TLS.
> It seems to me that there'd be great value in only having to define a
> single code point for each encryption/mac combination and having them
> become immediately available for use with any authentication mechanism.
>
> Mike
> ______________________________**_________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/**listinfo/tls<https://www.ietf.org/mailman/listinfo/tls>
>



-- 
SY, Dmitry Belyavsky