Re: [TLS] Confirming Consensus on supporting only AEAD ciphers

Eric Rescorla <ekr@rtfm.com> Mon, 09 June 2014 16:26 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CAF21A0264 for <tls@ietfa.amsl.com>; Mon, 9 Jun 2014 09:26:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l59ZHp3261xa for <tls@ietfa.amsl.com>; Mon, 9 Jun 2014 09:26:27 -0700 (PDT)
Received: from mail-we0-f171.google.com (mail-we0-f171.google.com [74.125.82.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A56101A026E for <tls@ietf.org>; Mon, 9 Jun 2014 09:26:26 -0700 (PDT)
Received: by mail-we0-f171.google.com with SMTP id q58so2543077wes.30 for <tls@ietf.org>; Mon, 09 Jun 2014 09:26:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=QkuhK70BQRBNwBrMpeokVsFAoW0ITbnNl3aGkJ9kZWQ=; b=FqRcU3goFuvjYwqXdJ99GJwQVVRHT1Bbxi9h/Gq8xNbBBeNRDyOAABb8gS7AZ9fp+k G9gs6xP9vjugxCGGyIWwNjTsqS9cj9SyRKdjuVEcjLm91VH75Bx/N/Xc/F+5BExJxwjd gepMfdREyPUgZnxMK0d/4zYLrEu8K8K9lJrOWcG/UBBksW1OIfay6Q0rxpqWGsMpQhPP G4czuS6epTPhPL2fhIJ6x9OD3DBJae/OfQdg1czddCEIqpVDBMmKoRBusInW5DNLkDzw HL5p0gLZl6H31lsV8p+dU5FOywfu2UkoKgEA9MHeuFMbE4lkFwIvjez30UMKAMj/DNk2 FhZA==
X-Gm-Message-State: ALoCoQm2cHxx1KBlbIPmBp2ajW9NI1q6xmKRXMch4UAjJsRYGBLqcNrvXifHqyjdwvBSNOEt0BbD
X-Received: by 10.194.187.107 with SMTP id fr11mr32440007wjc.70.1402331184961; Mon, 09 Jun 2014 09:26:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Mon, 9 Jun 2014 09:25:44 -0700 (PDT)
X-Originating-IP: [63.245.221.34]
In-Reply-To: <84C4848E-7843-4372-93AA-C1F017C3E088@cisco.com>
References: <86E69268-DC0A-43E7-8CF5-0DAE39FD4FD5@cisco.com> <84C4848E-7843-4372-93AA-C1F017C3E088@cisco.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 9 Jun 2014 09:25:44 -0700
Message-ID: <CABcZeBOXo=3sMEyjMUT+MSgoquXgWdYiqyRL7rnRQwoHEER9qQ@mail.gmail.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Content-Type: multipart/alternative; boundary=047d7bb03f6023324104fb69acf9
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/DT_i9WiLMGjEOERRHhi4gkPG638
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jun 2014 16:26:28 -0000

Per the direction below I have made the appropriate edits as a pull request:
https://github.com/tlswg/tls13-spec/pull/44.

I'll merge it in on Wednesday. Please let me know before then if
this seems substantially wrong. As usual, minor editorial issues
can be done by pull requests.

Note that the changes here were a little more involved and left a
few loose ends (e.g. issue #10). I'd like to try to handle any other
loose ends people find as separate issues if possible.

Thanks,
-Ekr



On Sat, Apr 26, 2014 at 8:24 AM, Joseph Salowey (jsalowey) <
jsalowey@cisco.com> wrote:

> The consensus from the IETF-89 meeting holds, TLS 1.3 will only use record
> layer protection of type AEAD. The Editor is requested to make the
> appropriate changes to the draft on github.
>
> Joe
> [For the chairs]
> On Mar 26, 2014, at 11:43 AM, Joseph Salowey (jsalowey) <
> jsalowey@cisco.com> wrote:
>
> > TLS has supported a number of different cipher types for protecting the
> record layer.   In TLS 1.3 these include Stream Cipher, CBC Block Cipher
> and AEAD Cipher.  The construction of the CBC mode within TLS has been
> shown to be flawed and stream ciphers are not generally applicable to DTLS.
> Using a single mechanism for cryptographic transforms would make security
> analysis easier.   AEAD ciphers can be constructed from stream ciphers and
> block ciphers and are defined as protocol independent transforms.  The
> consensus in the room at IETF-89 was to only support AEAD ciphers in TLS
> 1.3. If you have concerns about this decision please respond on the TLS
> list by April 11, 2014.
> >
> > Thanks,
> >
> > Joe
> > [Speaking for the TLS chairs]
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>