IETF Logo Mail Archive

Re: [TLS] Issue 56: AES as MTI

Nicolas Williams <Nicolas.Williams@sun.com> Sat, 15 September 2007 02:07 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWN4Q-0001md-Mx; Fri, 14 Sep 2007 22:07:42 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWN4O-0001mX-Or for tls@ietf.org; Fri, 14 Sep 2007 22:07:40 -0400
Received: from sca-ea-mail-1.sun.com ([192.18.43.24]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IWN4N-0003tL-Eh for tls@ietf.org; Fri, 14 Sep 2007 22:07:40 -0400
Received: from centralmail3brm.Central.Sun.COM ([129.147.62.199]) by sca-ea-mail-1.sun.com (8.13.7+Sun/8.12.9) with ESMTP id l8F27a9r018675 for <tls@ietf.org>; Sat, 15 Sep 2007 02:07:36 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by centralmail3brm.Central.Sun.COM (8.13.6+Sun/8.13.6/ENSMAIL, v2.2) with ESMTP id l8F27ade022777 for <tls@ietf.org>; Fri, 14 Sep 2007 20:07:36 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id l8F27ZXN002365; Fri, 14 Sep 2007 21:07:35 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id l8F27ZVR002364; Fri, 14 Sep 2007 21:07:35 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Fri, 14 Sep 2007 21:07:35 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Nelson B Bolyard <nelson@bolyard.com>
Subject: Re: [TLS] Issue 56: AES as MTI
Message-ID: <20070915020734.GB2349@Sun.COM>
References: <20070912231150.ED1D533C21@delta.rtfm.com> <65C7072814858342AD0524674BCA2CDB0D2E6E3E@rsana-ex-hq2.NA.RSA.NET> <20070912232636.2B5FE33C21@delta.rtfm.com> <5E75C29FF611C298B79DC0E1@[10.1.110.5]> <46EAF8E2.8090202@bolyard.com> <20070914214358.27C8633C21@delta.rtfm.com> <46EAB54E00062316@n024.sc1.he.tucows.com> <46EB364D.70306@bolyard.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <46EB364D.70306@bolyard.com>
User-Agent: Mutt/1.5.7i
X-Spam-Score: -1.0 (-)
X-Scan-Signature: e8a67952aa972b528dd04570d58ad8fe
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

On Fri, Sep 14, 2007 at 06:33:01PM -0700, Nelson B Bolyard wrote:
> Russ Housley wrote:
> > This has always been the case.  It ensures that there is a ciphersuite
> > that can be negotiated between all implementations (unless it is
> > explicitly turned off by policy controls).
> 
> And this is important why?

I think we could certainly have a base protocol w/o MTIs and then
various profiles which specify MTIs.  If we had to, and if there were
truly distinct non-big-i internets using different subsets of TLS.

But as it is I just don't see why we couldn't have some MTIs period.

> It is important that all implementations that must work in (say) US DOD
> government installations (where AES is mandated exclusively) must all
> use AES so that they can interoperate.  That market requires that they
> interoperate.

The big-i Internet requires interop.  It's a very heterogeneous
environment, and there aren't any heads of IT for it.

And DOD wants AES not for interop but for security.  They want interop
too, of course.

> It is important that in the field of eCommerce, where everyone uses RC4,
> that implementations use RC4 so that they can interoperate for eCommerce.

Not that they use RC4 -- that they support RC4.

> An implementation that does RC4 and not AES will work fine in eCommerce
> and not in the DOD.  An implementation that does AES only and not RC4
> will not work with quite a few eCommerce servers out there.  So what?

Who wants to write code that can only be sold to one part of the market
instead of to all of it?

Look, RC4 is aging fast.  We need to move on from RC4.  Everyone has an
AES implementation nowadays.  AES is what the market is moving to, and
it's what the U.S. govt demands.  What's the problem with making AES an
MTI?

> Why do we need to impose interoperability requirements that the markets
> themselves do not demand?

What if the banks get serious about security (or the regulators force
them to) only then find that all the stupid browsers are stuck with RC4
because the spec said they didn't have to implement AES?  That wouldn't
be very good.

We have to be ahead of the market to some degree because it takes years
to upgrade software on the big-i Internet.  There's nothing
controversial about AES being a required to implement cipher in any
modern Internet security protocol.  IPsec, TLS, SSHv2, Kerberos V,
etcetera, all have or soon will have AES as a required to implement
cipher.

AES as a required to implement cipher is almost not negotiable at this
stage.  Certainly I would object to TLS 1.2 not requiring support for
AES.

Nico
-- 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.29.0 | Report a Bug | By Email | System Status