[TLS] tales from the TLS interim: TLS 1.3 MTI algorithms
Sean Turner <turners@ieca.com> Tue, 17 March 2015 22:11 UTC
Return-Path: <turners@ieca.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0F8A1A892C for <tls@ietfa.amsl.com>; Tue, 17 Mar 2015 15:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.098
X-Spam-Level:
X-Spam-Status: No, score=0.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FSL_HELO_BARE_IP_2=1.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YiudFR_0zGy1 for <tls@ietfa.amsl.com>; Tue, 17 Mar 2015 15:11:46 -0700 (PDT)
Received: from gateway07.websitewelcome.com (gateway07.websitewelcome.com [74.52.223.18]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 695C81A892B for <tls@ietf.org>; Tue, 17 Mar 2015 15:11:40 -0700 (PDT)
Received: by gateway07.websitewelcome.com (Postfix, from userid 5007) id AE604A5DA4BBA; Tue, 17 Mar 2015 17:11:39 -0500 (CDT)
Received: from gator3286.hostgator.com (gator3286.hostgator.com [198.57.247.250]) by gateway07.websitewelcome.com (Postfix) with ESMTP id A0247A5DA4B67 for <tls@ietf.org>; Tue, 17 Mar 2015 17:11:39 -0500 (CDT)
Received: from [96.231.226.227] (port=57461 helo=192.168.1.8) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.82) (envelope-from <turners@ieca.com>) id 1YXzi1-0007yo-Od for tls@ietf.org; Tue, 17 Mar 2015 17:11:33 -0500
From: Sean Turner <turners@ieca.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Message-Id: <7B0B2402-6D04-48B3-BB25-1B6FC6FBC61D@ieca.com>
Date: Tue, 17 Mar 2015 18:11:32 -0400
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-IP: 96.231.226.227
X-Exim-ID: 1YXzi1-0007yo-Od
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (192.168.1.8) [96.231.226.227]:57461
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 2
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/AFHRFOU5PjWdUDS2jaYOstEYoxg>
Subject: [TLS] tales from the TLS interim: TLS 1.3 MTI algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 22:11:47 -0000
All, This message summarizes the TLS 1.3 MTI (mandatory to implement) discussions we had at the Seattle TLS Interim meeting. We’ll also be discussing this in Dallas so this is just an FYI message. A couple of things to keep in mind: 1. Anything in [] is predicated on the CFRG proceeding on their current course. In other words, we are not telling the CFRG these are what we want we’re just trying to read the tea leaves. 2. We fully expect that there will be profiles for specific environments. 3. MTI is not mandatory to use. o Symmetric: MUST AES-GCM 128 [SHOULD ChaCha20-Poly1305] o Hash: MUST SHA-256 o Key Agreement: ECDH MUST P-256 [SHOULD 25519] o Signature: MUST ECDSA P-256 MUST RSA On a related note, we also discussed which curves to keep in the base specification; when text from RFC 4492 was incorporated it included ~25 curves. The code points will still exist they just won’t be in the base spec. The 4492-list would be pruned to P-256 and P-384 and then obviously expanded to add [25519] and [448]. spt
- [TLS] tales from the TLS interim: TLS 1.3 MTI alg… Sean Turner
- Re: [TLS] tales from the TLS interim: TLS 1.3 MTI… Yoav Nir
- Re: [TLS] tales from the TLS interim: TLS 1.3 MTI… Rob Stradling
- Re: [TLS] tales from the TLS interim: TLS 1.3 MTI… Yoav Nir
- Re: [TLS] tales from the TLS interim: TLS 1.3 MTI… Aaron Zauner
- Re: [TLS] tales from the TLS interim: TLS 1.3 MTI… Eric Rescorla
- Re: [TLS] tales from the TLS interim: TLS 1.3 MTI… Aaron Zauner
- Re: [TLS] tales from the TLS interim: TLS 1.3 MTI… Eric Rescorla
- Re: [TLS] tales from the TLS interim: TLS 1.3 MTI… Eric Rescorla
- Re: [TLS] tales from the TLS interim: TLS 1.3 MTI… Yoav Nir
- Re: [TLS] tales from the TLS interim: TLS 1.3 MTI… Sean Turner