[TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]

Aaron Zauner <azet@azet.org> Mon, 01 June 2015 12:06 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 8E0751A1AAD for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 05:06:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 0MklSJmStfaI for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 05:06:43 -0700 (PDT)
Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A0901A1A99 for <tls@ietf.org>; Mon, 1 Jun 2015 05:06:43 -0700 (PDT)
Received: by wibut5 with SMTP id ut5so36321756wib.1 for <tls@ietf.org>; Mon, 01 Jun 2015 05:06:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:content-type; bh=WD2UO5UFnk142DIpCbHlRS3H6vZpjFbWWkSgqxCtWYQ=; b=IrhLUdZ7bQj9Qw/iR5CHuFJh3N0E/s6nI0fAGxo75cHFIZvtGCy2vAGWfrCpGGY59S F4MdjUexDVxbG9GYRmLZ1DuRowVRGdapvsWyXeTHqBIic5E4UquCmS00falHCHVhXmbq qjCGbxbRjX817ev6JUP1/JZkL7uCH5AREDJ47k4spy0g6NyVzKbeVyW1n6Cp6ktovP5W r5T4wUNMXbxpiSUvwaYeSdbLqP53yIZC+PdSvPFyeb8W77iMwKEQRSYRHQFuAHpIAM5X KhEnmkno1vcy+UGXnrPak6E1eUr8Gp2rtGg2ngRoV8hbmokoDKKavFIQgyrknIq9ffAM zkbw==
X-Gm-Message-State: ALoCoQnadupgMJPOdSU+8mQTg1jhIKAKJDiWSiOwTRlM87f77AGn3lnwQdPoutBblo8Iida/MVm6
X-Received: by with SMTP id eu5mr19610380wid.37.1433160402275; Mon, 01 Jun 2015 05:06:42 -0700 (PDT)
Received: from [] (chello212017113090.11.11.vie.surfer.at. []) by mx.google.com with ESMTPSA id vz2sm12323214wjc.18.2015. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 01 Jun 2015 05:06:41 -0700 (PDT)
Message-ID: <556C4ACD.9040002@azet.org>
Date: Mon, 01 Jun 2015 14:06:37 +0200
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: TLS Mailing List <tls@ietf.org>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enigE7E75F865B1E5F1A55A8929F"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/9tgQWRrDVhnDX699jhlFY75L7Es>
Cc: Phillip Rogaway <rogaway@cs.ucdavis.edu>, Charanjit Jutla <csjutla@us.ibm.com>
Subject: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 12:06:46 -0000


With renewed interest on-list w.r.t. efficient single pass AEAD schemes,
I'm happy to update you on the work done for this document.

I'm told over the last couple of months IBM lawyers have been working
hard to come to a consensus if they're willing to exempt IAPM (a
technique OCB mode is based on) from patents for use in TLS. They've
agreed to do this. We've since included all active patents on OCB and
IAPM in the document with a section detailing the current patent
situation of OCB mode for potential use in TLS. I could not reach
Rogaway within the last two weeks so I've included his patents to the
best of my knowledge. This update also features a couple of small
editorial corrections.

There're a few things I'd like to change:

 * I totally agree that having to many ciphersuites is counterproductive
   so I'd like to propose to get rid of PSK ciphersuites in general
   within this document
 * I'd also like to get rid of ECDSA ciphersuites alltogether, ideally
   leaving a few real-world, high-performance ciphersuites to use

Thoughts and feedback apprechiated, diff, HTML et cetera can be accessed
via the quoted mail below.

GitHub: https://github.com/azet/draft-zauner-tls-aes-ocb


internet-drafts@ietf.org wrote:
> A new version of I-D, draft-zauner-tls-aes-ocb-03.txt
> has been successfully submitted by Aaron Zauner and posted to the
> IETF repository.
> Name:		draft-zauner-tls-aes-ocb
> Revision:	03
> Title:		AES-OCB (Offset Codebook Mode) Ciphersuites for Transport Layer Security (TLS)
> Document date:	2015-06-01
> Group:		Individual Submission
> Pages:		7
> URL:            https://www.ietf.org/internet-drafts/draft-zauner-tls-aes-ocb-03.txt
> Status:         https://datatracker.ietf.org/doc/draft-zauner-tls-aes-ocb/
> Htmlized:       https://tools.ietf.org/html/draft-zauner-tls-aes-ocb-03
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-zauner-tls-aes-ocb-03
> Abstract:
>    This memo describes the use of the Advanced Encryption Standard (AES)
>    in the Offset Codebook Mode (OCB) of operation within Transport Layer
>    Security (TLS) and Datagram TLS (DTLS) to provide confidentiality and
>    data origin authentication.  The AES-OCB algorithm is highly
>    parallelizable, provable secure and can be efficiently implemented in
>    software and hardware providing high performance.  Furthermore, use
>    of AES-OCB in TLS is exempt from past IPR claims by various parties.
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> The IETF Secretariat