[TLS] Reviving draft-zauner-tls-aes-ocb?
Tony Arcieri <bascule@gmail.com> Fri, 29 March 2024 21:26 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F4193C14F616 for <tls@ietfa.amsl.com>; Fri, 29 Mar 2024 14:26:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.095
X-Spam-Level:
X-Spam-Status: No, score=-5.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.999] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cur57Oor29ZD for <tls@ietfa.amsl.com>; Fri, 29 Mar 2024 14:26:29 -0700 (PDT)
Received: from mail-vk1-xa2d.google.com (mail-vk1-xa2d.google.com [IPv6:2607:f8b0:4864:20::a2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55D28C14F615 for <tls@ietf.org>; Fri, 29 Mar 2024 14:26:29 -0700 (PDT)
Received: by mail-vk1-xa2d.google.com with SMTP id 71dfb90a1353d-4d43b3fc06cso857144e0c.3 for <tls@ietf.org>; Fri, 29 Mar 2024 14:26:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711747588; x=1712352388; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=IbzraKOukbC94bI4i2wS4xGi6wby+MDJtHL04uMFTzI=; b=EieHa1Yaj4HBMqjBthgCvJFuGrsZCdXr8+cT33urHjojZ9B4X/n7qWR4gKDFpIA4qM cEguI3DB97HtR7S/Jhwlj+KPij2oLTfqPfk/MB0AFrISPWvGc2dDqWtykgywDoTUCtmE pr/4gUEZ56tsGm64e8ULDUMayMvbNxr29wnuQueOzjnKGT4iVRgiNbtnJkWsJ/9sHAS3 R44YDpP6lHqcx+i5jzPDV5nFnGk+0PWsalP3Qy2AL0zDzYOJWsi3xjGBsB6Mx0Vw7KLD GACs/TBl3ctEGUR07e92QL3vVHzrZEBoBk1wsP16yN6o7vV0IV1aPFwKzRfIWXnMLsiI pC/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711747588; x=1712352388; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=IbzraKOukbC94bI4i2wS4xGi6wby+MDJtHL04uMFTzI=; b=kYStfSaMK73tzg+XcvOqPGzbBG33/pEEbapSpDfaIq4XPlDzn4C1wu/tpjxo2J2QAr pGFCn3cX8wQUPbTee6poZKNNwameCaAlL4PUUG/JiUxLjmBRnx8wYgL59Hrhk+EaCPXp Yx4TLXCUPZcFOFyB5ihsgG3Gc5sTw6UarS/sIIx0bFo5fkHn+EIRK4JyG5LUAnpx2AF6 /klvW0/u2Nk24MC5CITLgadQtk/pON1yJPKi6OBmSlQcnjyIlevyF6SGjGDr3lgMvwmz 6UPZrxAgWzlwo7Ro46caY7spIDTPQpCvBCmi+ExFdjW/o4T6ewYv1J8qnugypywC6+m1 lCSw==
X-Gm-Message-State: AOJu0YxWFagBx4bxDtGqv76NFXI/g8e7WsGbA6+mHmj6c3E+j1+eHmZL RchOnRvZb7hS38MGGNr8jo4E+8NvW/xy+LTVGiPNFIdZEJW+gpLYrQEQpZIedMbOYGRTBHFbjBy IMgJhNmPfBDYJir41GTpun8SkiGMvs9Jj
X-Google-Smtp-Source: AGHT+IHNG+8lU4esPFeoGAwBkHlWQZ1LWFnUHtF8SD9Fod369Dg/EPFuIl2T0ZDjvaM8WiYvsG68eL+6UamNDsK5GPY=
X-Received: by 2002:ac5:cb08:0:b0:4d0:36e3:40c3 with SMTP id r8-20020ac5cb08000000b004d036e340c3mr2900657vkl.13.1711747587712; Fri, 29 Mar 2024 14:26:27 -0700 (PDT)
MIME-Version: 1.0
From: Tony Arcieri <bascule@gmail.com>
Date: Fri, 29 Mar 2024 15:26:15 -0600
Message-ID: <CAHOTMV+ZsDg4pHOu45S8cuEJ4wFXujof=RSZkY-vevjpf3LXqw@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e930ee0614d34a7c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/APcYHHdW7HWBJvklbP7-Mooevqs>
Subject: [TLS] Reviving draft-zauner-tls-aes-ocb?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2024 21:26:33 -0000
For those who are unfamiliar, the "pitch" of OCB mode is that it's fast everywhere: on servers, desktops, smartphones, and low-power IoT devices with some sort of hardware-accelerated block cipher, whereas currently GCM is popular on higher-power devices like servers/desktops/smartphones whereas the IoT/embedded space frequently uses CCM to be able to offload encryption onto hardware accelerators instead of an MCU (where OCB would double performance by cutting the number of block cipher invocations in half). This draft to add OCB ciphersuites to TLS expired in 2016: https://datatracker.ietf.org/doc/html/draft-zauner-tls-aes-ocb However, in the intervening time, the IPR story around OCB (its former biggest drawback, IMO) has become significantly clearer. OCB's creator Phil Rogaway has disavowed or intentionally allowed all of his patents to lapse. "OCB is Free" declares his licensing page, which notes all of his IP is now in the public domain: https://www.cs.ucdavis.edu/~rogaway/ocb/license.htm This Jutla/IBM patent expired in 2022: https://patents.google.com/patent/US6963976B1/en Given that, I'm curious if this resolves IPR concerns around OCB, and if it does, if there are other concerns beyond those. -- Tony Arcieri
- [TLS] Reviving draft-zauner-tls-aes-ocb? Tony Arcieri