[TLS] Obscure ciphers in TLS 1.3
Dave Garrett <davemgarrett@gmail.com> Wed, 23 September 2015 22:41 UTC
Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13C431B2D23 for <tls@ietfa.amsl.com>; Wed, 23 Sep 2015 15:41:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JIJaQjEZXYzD for <tls@ietfa.amsl.com>; Wed, 23 Sep 2015 15:41:11 -0700 (PDT)
Received: from mail-qg0-x231.google.com (mail-qg0-x231.google.com [IPv6:2607:f8b0:400d:c04::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E7E41B2D25 for <tls@ietf.org>; Wed, 23 Sep 2015 15:41:09 -0700 (PDT)
Received: by qgt47 with SMTP id 47so31650176qgt.2 for <tls@ietf.org>; Wed, 23 Sep 2015 15:41:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:message-id; bh=gCSJmOgFtPsso6sJZZuVc27IWnfX018R14uAS1gm36o=; b=mNTfGTrdYDT5oz5Fy1gMxGTtdtnL2R4lrMmqrEPYf7lsg8OuhNNIgjAj1C2dn9q+WH 8HCJ/IHwotGpW1nqtWjTgGNdWF0uRRETO9qzE+oJWQ2t8wosZezA7JI+1NkVjuzrWtRH w3phNm4EX4iOwIjuKJZyJYJVaQ8MPYiKX/4Sc7iwzFgkZ7Ptv3ZbYXEr0lQzPXx7khof yAY6/WWbG+n2ViZhRFtEJYFCU3H3a6To5MiVd95owhg85uZNHhfiAhugIBnnDh7tK1pN Y4qtdDe+ItTSP2BOHpzwSoVPtlUe5d8WyHi73IIr/rUTqML4h13xF1tVcwJUyvoLBj5p icuw==
X-Received: by 10.140.94.193 with SMTP id g59mr38801151qge.2.1443048068357; Wed, 23 Sep 2015 15:41:08 -0700 (PDT)
Received: from dave-laptop.localnet (pool-72-94-152-197.phlapa.fios.verizon.net. [72.94.152.197]) by smtp.gmail.com with ESMTPSA id f7sm3374919qka.41.2015.09.23.15.41.07 for <tls@ietf.org> (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 23 Sep 2015 15:41:07 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Date: Wed, 23 Sep 2015 18:41:06 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <201509231841.06784.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/BDLSvMec77L0UQmq411lQoOI3l4>
Subject: [TLS] Obscure ciphers in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2015 22:41:13 -0000
https://tlswg.github.io/tls13-spec/#cipher-suites https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 When I updated the lists in the TLS 1.3 draft, I just put everything in that is currently in the registry and usable. I'd like to now start a discussion on what should be allowed. Specifically, I have questions about ARIA and Camellia, as well as 8-bit authentication tag variants of AES-CCM or anything else. How relevant is this ARIA attack? https://eprint.iacr.org/2010/168 Are there any other known ARIA or Camellia issues? Do either of these obscure ciphers actually get used enough to continue supporting in TLS 1.3+? (the AEAD versions, not the old suites that are no longer supported) If the answer is no, can we prohibit use of them in TLS 1.3+, or at least recommend against them? Are the 8-bit authentication tag variants safe to recommend? If not, should we prohibit them completely, or at least recommend against them? If they are safe, should we add ones for AES-GCM? Dave
- [TLS] Obscure ciphers in TLS 1.3 Dave Garrett
- Re: [TLS] Obscure ciphers in TLS 1.3 Simon Josefsson
- Re: [TLS] Obscure ciphers in TLS 1.3 Salz, Rich
- Re: [TLS] Obscure ciphers in TLS 1.3 Dave Garrett
- Re: [TLS] Obscure ciphers in TLS 1.3 Scott Fluhrer (sfluhrer)