Re: [TLS] Confirming Consensus on supporting only AEAD ciphers

Michael D'Errico <mike-list@pobox.com> Tue, 29 April 2014 17:33 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 064341A0905 for <tls@ietfa.amsl.com>; Tue, 29 Apr 2014 10:33:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.652
X-Spam-Level:
X-Spam-Status: No, score=-2.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nsSuTNOvdqQK for <tls@ietfa.amsl.com>; Tue, 29 Apr 2014 10:33:46 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by ietfa.amsl.com (Postfix) with ESMTP id 8F0531A08DB for <tls@ietf.org>; Tue, 29 Apr 2014 10:33:46 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id E7FAB10254 for <tls@ietf.org>; Tue, 29 Apr 2014 13:33:44 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=nZMnXAUZUmGQ FNxm5ldlP4x/Z/0=; b=Fv2mltAyGUalQYxWyiLg7yqty5DTMRkWKAkz0/Xz2bxN icsLuVrajbQWFJUgZJ/mhpWYauShTTqDNAc6aSD+Oqbu5x1RQUCHpvw+OG+smXiU e2sici3Yt7C+21awyL5LafUKHCz8YL++fskJGs6GxGh7V3iSpVrmHAtcqZ/lQeM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=WpqMXX 2a7aQFbGESsU108WOEfgYBwgEFIrsP71uYMrUF+Q+t6SIqh7LLX7pGyDx8K4e/Rp sLdxSqLaBZcnCf5bG5dYBAdICqo8VUYfaAxmyxdYDlpND4tiEmDOfftGJb3v+psT 717BSa6xIDVb1wcuSXxg1sPJNHCZuPr1iS/L4=
Received: from a-pb-sasl-quonix.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id DF4B210253 for <tls@ietf.org>; Tue, 29 Apr 2014 13:33:44 -0400 (EDT)
Received: from iMac.local (unknown [24.234.153.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id D801A10252 for <tls@ietf.org>; Tue, 29 Apr 2014 13:33:42 -0400 (EDT)
Message-ID: <535FE275.6090701@pobox.com>
Date: Tue, 29 Apr 2014 10:33:41 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: TLS Mailing List <tls@ietf.org>
References: <9A043F3CF02CD34C8E74AC1594475C738AC0A34B@uxcn10-tdc06.UoA.auckland.ac.nz> <CAK6vND9oFo8ieRmmESHXBHGjdsk2QUnJZYUWqVAY03Wgz=jfNw@mail.gmail.com> <535FD8AE.6050007@pobox.com> <CABkgnnW=5wpnifnPC_UJOPN_guwmqymxNYQLbiBMsGSDfL2Ogw@mail.gmail.com>
In-Reply-To: <CABkgnnW=5wpnifnPC_UJOPN_guwmqymxNYQLbiBMsGSDfL2Ogw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 68C948F2-CFC4-11E3-8475-6F330E5B5709-38729857!a-pb-sasl-quonix.pobox.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Dl8HicOFr00_nO9MPPUJwCSOhXA
Subject: Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2014 17:33:49 -0000

Martin Thomson wrote:
>> I suggest [not naming a mandatory-to-implement cipher suite in the
>> TLS 1.3 spec.].  There are too many [cipher suites] to choose from
>> and nobody will listen anyway.
> 
> That's a recipe for interoperability failure.

I'm suggesting that the TLS 1.3 spec. is not the place for this piece
of information since it is a moving target:

     TLS 1.0 required TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.
     TLS 1.1 required TLS_RSA_WITH_3DES_EDE_CBC_SHA.
     TLS 1.2 required TLS_RSA_WITH_AES_128_CBC_SHA

Current consensus says none of those previously-mandatory ciphers will
even be compatible with TLS 1.3.

A Best Current Practice document like draft-sheffer-tls-bcp-02 that
tracks best practices is more useful than having the TLS spec. become
obsolete soon after it's published.  BTW that draft suggests these
cipher suites:

     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Mike