Re: [TLS] Confirming Consensus on supporting only AEAD ciphers

Watson Ladd <watsonbladd@gmail.com> Tue, 29 April 2014 16:26 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5772C1A08DB for <tls@ietfa.amsl.com>; Tue, 29 Apr 2014 09:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NkI81kUkJ6kX for <tls@ietfa.amsl.com>; Tue, 29 Apr 2014 09:26:24 -0700 (PDT)
Received: from mail-yk0-x22d.google.com (mail-yk0-x22d.google.com [IPv6:2607:f8b0:4002:c07::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 1D9711A090A for <tls@ietf.org>; Tue, 29 Apr 2014 09:26:24 -0700 (PDT)
Received: by mail-yk0-f173.google.com with SMTP id 131so391303ykp.32 for <tls@ietf.org>; Tue, 29 Apr 2014 09:26:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=c17zWrox/gwpC2fo55S6MCiUpMTQURsnMVkokvp28KU=; b=WeYSSfJVLD4/49nlO2qWQPh3qLdUYk7fUNAwVcdvp0Sk+BYjrMU43VOnITrpLutGrA ndhwrl45I+BCspar9iNo5OPw2O6jD1yhpma5Opz48KIg9MiYWW3NDJBB3Her7cQMI7Pw vhNFD7cYAEuXkOP1YoXosk1z7+3kZ031hu07R+1OB0P++B6uDrERoFx2TVxJ5CjzPCE6 njcsCsFID21rHn93BlvwyxKe+SV5XI69BB5g+3ITVW9l56Z903CkdqZ7wR6jwRr5hLB6 KYwwPNiUSYGFDoWtphIEdtVF935MAvLiyTE1vUj22DMI+WKe5ayAC2piT09bfZfoTGkE 4aJw==
MIME-Version: 1.0
X-Received: by 10.236.137.8 with SMTP id x8mr47251813yhi.4.1398788782854; Tue, 29 Apr 2014 09:26:22 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Tue, 29 Apr 2014 09:26:22 -0700 (PDT)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C738AC0A34B@uxcn10-tdc06.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C738AC0A34B@uxcn10-tdc06.UoA.auckland.ac.nz>
Date: Tue, 29 Apr 2014 09:26:22 -0700
Message-ID: <CACsn0cnY+m7RPzTQwL9+xW+9LR+n5NzM5_MkixhLEfx+V33K_g@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/ErHczsAR96F0AoExv2jum18CLC4
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2014 16:26:26 -0000

On Tue, Apr 29, 2014 at 8:55 AM, Peter Gutmann
<pgut001@cs.auckland.ac.nz> wrote:
> Fedor Brunner <fedor.brunner@azet.sk> writes:
>
>>The Mandatory Cipher Suite for TLS 1.2 was TLS_RSA_WITH_AES_128_CBC_SHA. What
>>is the mandatory cipher in TLS 1.3 ? Maybe
>>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 using Curve25519 for ECDHE ?
>
> Ugh, no.  That takes the ciphers from <industry-standard>+<industry-standard>
> +<industry-standard> to <oddball-nonstandard>+<oddball-nonstandard>+<oddball-
> nonstandard>+<industry-standard>.  Make the defaults something that can be
> implemented with a standard crypto library, and leave the oddball stuff as
> optional fashion statements.
>
> (No disrespect intended for the algorithms I've designated as "oddball", but I
> want something where the default is built from standard, accepted, widely-
> recognised algorithms so I don't have to explain to every customer what
> ChaCha20 is and why it's being used to protect their banking transactions).

Well, Vanguard uses RC4. That said I think
TLS_ECDHE_RSA_AES_GCM_SHA256 with P256 as ECDHE is implemented widely,
and pretty secure. Yes, there is a performance gain from Curve25519,
but that's not necessary.

Sincerely,
Watson Ladd


>
> Peter.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin