Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
Watson Ladd <watsonbladd@gmail.com> Tue, 29 April 2014 16:26 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5772C1A08DB for <tls@ietfa.amsl.com>; Tue, 29 Apr 2014 09:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NkI81kUkJ6kX for <tls@ietfa.amsl.com>; Tue, 29 Apr 2014 09:26:24 -0700 (PDT)
Received: from mail-yk0-x22d.google.com (mail-yk0-x22d.google.com [IPv6:2607:f8b0:4002:c07::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 1D9711A090A for <tls@ietf.org>; Tue, 29 Apr 2014 09:26:24 -0700 (PDT)
Received: by mail-yk0-f173.google.com with SMTP id 131so391303ykp.32 for <tls@ietf.org>; Tue, 29 Apr 2014 09:26:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=c17zWrox/gwpC2fo55S6MCiUpMTQURsnMVkokvp28KU=; b=WeYSSfJVLD4/49nlO2qWQPh3qLdUYk7fUNAwVcdvp0Sk+BYjrMU43VOnITrpLutGrA ndhwrl45I+BCspar9iNo5OPw2O6jD1yhpma5Opz48KIg9MiYWW3NDJBB3Her7cQMI7Pw vhNFD7cYAEuXkOP1YoXosk1z7+3kZ031hu07R+1OB0P++B6uDrERoFx2TVxJ5CjzPCE6 njcsCsFID21rHn93BlvwyxKe+SV5XI69BB5g+3ITVW9l56Z903CkdqZ7wR6jwRr5hLB6 KYwwPNiUSYGFDoWtphIEdtVF935MAvLiyTE1vUj22DMI+WKe5ayAC2piT09bfZfoTGkE 4aJw==
MIME-Version: 1.0
X-Received: by 10.236.137.8 with SMTP id x8mr47251813yhi.4.1398788782854; Tue, 29 Apr 2014 09:26:22 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Tue, 29 Apr 2014 09:26:22 -0700 (PDT)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C738AC0A34B@uxcn10-tdc06.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C738AC0A34B@uxcn10-tdc06.UoA.auckland.ac.nz>
Date: Tue, 29 Apr 2014 09:26:22 -0700
Message-ID: <CACsn0cnY+m7RPzTQwL9+xW+9LR+n5NzM5_MkixhLEfx+V33K_g@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/ErHczsAR96F0AoExv2jum18CLC4
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2014 16:26:26 -0000
On Tue, Apr 29, 2014 at 8:55 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > Fedor Brunner <fedor.brunner@azet.sk> writes: > >>The Mandatory Cipher Suite for TLS 1.2 was TLS_RSA_WITH_AES_128_CBC_SHA. What >>is the mandatory cipher in TLS 1.3 ? Maybe >>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 using Curve25519 for ECDHE ? > > Ugh, no. That takes the ciphers from <industry-standard>+<industry-standard> > +<industry-standard> to <oddball-nonstandard>+<oddball-nonstandard>+<oddball- > nonstandard>+<industry-standard>. Make the defaults something that can be > implemented with a standard crypto library, and leave the oddball stuff as > optional fashion statements. > > (No disrespect intended for the algorithms I've designated as "oddball", but I > want something where the default is built from standard, accepted, widely- > recognised algorithms so I don't have to explain to every customer what > ChaCha20 is and why it's being used to protect their banking transactions). Well, Vanguard uses RC4. That said I think TLS_ECDHE_RSA_AES_GCM_SHA256 with P256 as ECDHE is implemented widely, and pretty secure. Yes, there is a performance gain from Curve25519, but that's not necessary. Sincerely, Watson Ladd > > Peter. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [TLS] Confirming Consensus on supporting only AEA… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Russ Housley
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Peter Gutmann
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] Confirming Consensus on supporting only… Watson Ladd
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Fedor Brunner
- Re: [TLS] Confirming Consensus on supporting only… Peter Gutmann
- Re: [TLS] Confirming Consensus on supporting only… Watson Ladd
- Re: [TLS] Confirming Consensus on supporting only… Peter Bowen
- Re: [TLS] Confirming Consensus on supporting only… Michael D'Errico
- Re: [TLS] Confirming Consensus on supporting only… Martin Thomson
- Re: [TLS] Confirming Consensus on supporting only… Ralph Holz
- Re: [TLS] Confirming Consensus on supporting only… Michael D'Errico
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] Confirming Consensus on supporting only… Michael StJohns
- Re: [TLS] Confirming Consensus on supporting only… Martin Rex
- Re: [TLS] Confirming Consensus on supporting only… Michael StJohns
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Fedor Brunner
- [TLS] (offline note) Re: Confirming Consensus on … Rene Struik
- Re: [TLS] (offline note) Re: Confirming Consensus… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Michael StJohns
- Re: [TLS] (offline note) Re: Confirming Consensus… Martin Rex
- Re: [TLS] (offline note) Re: Confirming Consensus… Michael StJohns
- Re: [TLS] (offline note) Re: Confirming Consensus… Michael StJohns
- Re: [TLS] (offline note) Re: Confirming Consensus… Manuel Pégourié-Gonnard
- Re: [TLS] (offline note) Re: Confirming Consensus… Michael StJohns
- Re: [TLS] Confirming Consensus on supporting only… Manuel Pégourié-Gonnard
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Martin Thomson
- [TLS] [PATCH] Clean up removal of all non-AEAD mo… Daniel Kahn Gillmor
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Eric Rescorla
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Daniel Kahn Gillmor
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Eric Rescorla