Re: [TLS] Consensus Call on MTI Algorithms

Hubert Kario <hkario@redhat.com> Thu, 02 April 2015 17:03 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF8301ACEB8 for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 10:03:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9V4rH2eNbt7R for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 10:03:57 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51ECB1ACE9E for <tls@ietf.org>; Thu, 2 Apr 2015 10:03:57 -0700 (PDT)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t32H3upT010972 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <tls@ietf.org>; Thu, 2 Apr 2015 13:03:56 -0400
Received: from pintsize.usersys.redhat.com (dhcp-0-197.brq.redhat.com [10.34.0.197]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t32H3tlw016999 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <tls@ietf.org>; Thu, 2 Apr 2015 13:03:56 -0400
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Thu, 02 Apr 2015 19:03:49 +0200
Message-ID: <2049332.0fGm7COnvG@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.4 (Linux/3.18.9-100.fc20.x86_64; KDE/4.14.6; x86_64; ; )
In-Reply-To: <CAOgPGoBk+E=cNV1ufBaQ0n7=CJQ34zukPixKCEdpmMLBX=Kg_w@mail.gmail.com>
References: <CAOgPGoBk+E=cNV1ufBaQ0n7=CJQ34zukPixKCEdpmMLBX=Kg_w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart2227252.6movqKVf5F"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/EIwlqMef4PL7uaG8lN4FYP0BZFs>
Subject: Re: [TLS] Consensus Call on MTI Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 17:03:59 -0000

On Wednesday 01 April 2015 11:12:19 Joseph Salowey wrote:
> We did not get a chance to talk about MTI algorithms in Dallas, but the
> chairs would like to judge consensus for the algorithms discussed in the
> interim.  The CFRG has closed or will close soon on ChaCha20 and curve
> 25519 recommendations so they are included.  We will be calling for
> acceptance to bring drafts on these into the working group shortly.
> 
> Keep in mind that mandatory to implement (MTI) is not mandatory to use and
> that it is expected that there will be profiles for specific environments.
> 
> Below is the proposed algorithm list that had consensus at the Seattle
> Interim. Please reply on the TLS mailing list indicating whether or not you
> agree with the consensus.  If not, please indicate why.  This consensus
> call will close on April, 23, 2015.
> 
> o Symmetric:
>         MUST AES-GCM 128
>         SHOULD ChaCha20-Poly1305
> 
> o Hash:
>         MUST SHA-256
> 
> o Key Agreement: ECDH
>         MUST P-256
>         SHOULD 25519
> 
> o Signature:
>         MUST ECDSA P-256
>         MUST RSA
> 
> Thanks,
> 
> J&S

Yes

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic