Re: [TLS] Inclusion of OCB mode in TLS 1.3
Aaron Zauner <azet@azet.org> Fri, 16 January 2015 15:58 UTC
Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D20041ACE6D for <tls@ietfa.amsl.com>; Fri, 16 Jan 2015 07:58:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KEdipTa8C1kX for <tls@ietfa.amsl.com>; Fri, 16 Jan 2015 07:58:39 -0800 (PST)
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3B9A1ACD77 for <tls@ietf.org>; Fri, 16 Jan 2015 07:58:38 -0800 (PST)
Received: by mail-we0-f172.google.com with SMTP id k11so20962475wes.3 for <tls@ietf.org>; Fri, 16 Jan 2015 07:58:37 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=5TY4O8X7KJwSUa5hwnEko1MJF05M/rD3belme4znCbs=; b=Q3t3mxacNq2LUJdvDVMcm7r854Bp4PJmNpgwGWUxN3w6axqewn6f5A1md7IMTyw8mg jkNIbsKi+wkulfDtLRrtYAdbvfZ5AjMo7pieZvvI78PGB1B5L4hL53nTlFCQ8Z51IAw3 +Fg0aggk2UpcXBbUYO1iLlcKEWpXgDNWBrl/tTHb4j28H/Ehhqhr/M9JU6itDGghuEoZ FOu3rqsZuc7TXf8gTo1UvmjHnnrhkW+RzWYOtOUU3IRrAHOF6AYEF9tGSOWPTw1g4w7u ATRkGdrKWubbYXjkrXSU5+lZeljMCWOpYZm/cgWRH3WGzyNYxJ9IYr+7Ttgtt6jQiFQD hKBg==
X-Gm-Message-State: ALoCoQnT4coO7XwCekX2Vz9XXCV/L59qea1hGOFHfvMZcPs8XxMZdKfDTSoCQioHBBJxh+ulrMft
X-Received: by 10.194.48.109 with SMTP id k13mr31009101wjn.7.1421423917565; Fri, 16 Jan 2015 07:58:37 -0800 (PST)
Received: from [172.16.1.25] ([188.21.236.102]) by mx.google.com with ESMTPSA id fo2sm3529844wib.10.2015.01.16.07.58.36 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 16 Jan 2015 07:58:36 -0800 (PST)
Message-ID: <54B9352C.70203@azet.org>
Date: Fri, 16 Jan 2015 16:58:36 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: TLS Mailing List <tls@ietf.org>
References: <54B5501A.4070402@azet.org> <D0DA96DB.58455%paul@marvell.com> <54B58F5B.2010704@cs.tcd.ie> <54B6815A.7060102@azet.org> <CABcZeBOkabo85Hv73MM1koeGnVYDJtPHc6uwk5b1BkPDRu=RGg@mail.gmail.com>
In-Reply-To: <CABcZeBOkabo85Hv73MM1koeGnVYDJtPHc6uwk5b1BkPDRu=RGg@mail.gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enigF570DBF206B4B1DF33E71E07"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/AcZ8Owf3eeEXWWg4M6ZRStyJPN0>
Subject: Re: [TLS] Inclusion of OCB mode in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2015 15:58:41 -0000
Hi, I came up with the following list of cipher-suites applicable to >= TLS 1.2: (EC)DHE: TLS_DHE_RSA_WITH_AES_128_OCB TLS_DHE_RSA_WITH_AES_256_OCB TLS_ECDHE_RSA_WITH_AES_128_OCB TLS_ECDHE_RSA_WITH_AES_256_OCB TLS_ECDHE_ECDSA_WITH_AES_128_OCB TLS_ECDHE_ECDSA_WITH_AES_256_OCB PSK: TLS_DHE_PSK_WITH_AES_128_OCB TLS_DHE_PSK_WITH_AES_256_OCB TLS_ECDHE_PSK_WITH_AES_128_OCB TLS_ECDHE_PSK_WITH_AES_256_OCB As for the nonce, would it make sense to use a 128bit nonce for both AES128 and AES256 instead of 64/128 (see: https://www.imperialviolet.org/2014/05/25/strengthmatching.html)? What about SRP? Gone in 1.3? I tend to like SRP although it's rarely used. Any objections, additions and/or comments? Aaron
- [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Russ Housley
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Watson Ladd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Paul Lambert
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Stephen Farrell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Viktor Dukhovni
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Brian Smith
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jacob Appelbaum
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Joachim Strömbergson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Eric Rescorla
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] Inclusion of OCB mode in TLS 1.3 Phillip Rogaway
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Manuel Pégourié-Gonnard
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Alex Elsayed
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Eric Rescorla
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Watson Ladd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Henrik Grubbström
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Dmitry Belyavsky
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] GOST in TLS (Re: Inclusion of OCB mode in T… Martin Rex
- Re: [TLS] GOST in TLS (Re: Inclusion of OCB mode … Dmitry Belyavsky
- Re: [TLS] GOST in TLS (Re: Inclusion of OCB mode … Martin Rex
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] PSK [was: Re: Inclusion of OCB mode in TLS … Daniel Kahn Gillmor
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Roland Zink
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner