[TLS] Re: draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
badra@isima.fr Thu, 21 August 2008 19:35 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82F623A6ABC; Thu, 21 Aug 2008 12:35:09 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D46F23A6ABC for <tls@core3.amsl.com>; Thu, 21 Aug 2008 12:35:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.528
X-Spam-Level:
X-Spam-Status: No, score=-0.528 tagged_above=-999 required=5 tests=[AWL=1.269, BAYES_00=-2.599, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AFB7pqj6z-nt for <tls@core3.amsl.com>; Thu, 21 Aug 2008 12:35:07 -0700 (PDT)
Received: from sp.isima.fr (sp.isima.fr [193.55.95.1]) by core3.amsl.com (Postfix) with ESMTP id 582903A69C1 for <tls@ietf.org>; Thu, 21 Aug 2008 12:35:07 -0700 (PDT)
Received: from www.isima.fr (www-data@www.isima.fr [193.55.95.79]) by sp.isima.fr (8.13.8/8.13.8) with SMTP id m7LKZRKr848076; Thu, 21 Aug 2008 21:35:27 +0100
Received: from 88.164.98.77 (SquirrelMail authenticated user badra) by www.isima.fr with HTTP; Thu, 21 Aug 2008 21:30:02 +0200 (CEST)
Message-ID: <58117.88.164.98.77.1219347002.squirrel@www.isima.fr>
In-Reply-To: <90E934FC4BBC1946B3C27E673B4DB0E441A37590AA@LLE2K7-BE01.mitll.ad.local >
References: <90E934FC4BBC1946B3C27E673B4DB0E441A37590AA@LLE2K7-BE01.mitll.ad.local>
Date: Thu, 21 Aug 2008 21:30:02 +0200
From: badra@isima.fr
To: Blumenthal=?utf-8?Q?=2C=C2_Uri=C2?= <uri@ll.mit.edu>
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
X-Priority: 3
Importance: Normal
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (sp.isima.fr [193.55.95.1]); Thu, 21 Aug 2008 21:35:27 +0100 (WEST)
Cc: "'ah@tr-sys.de'�" <ah@tr-sys.de>, "� 'tls@ietf.org'�" <tls@ietf.org>
Subject: [TLS] Re: draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
> Out of hand option B looks better for cryptographic reasons. With regards to RFC 5289 and 5288, option B seems to be the appropriate option. I will update the document to include only AES-128 with SHA-256 and AES-256 with SHA-384. Best regards Badra > > > -- > Regards, > Uri > > ----- Original Message ----- > From: tls-bounces@ietf.org <tls-bounces@ietf.org> > To: tls@ietf.org <tls@ietf.org> > Sent: Wed Aug 20 16:06:32 2008 > Subject: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question > > During off-list discussions of the changes for the -01 version > of draft-ietf-tls-psk-new-mac-aes-gcm, it became apparent that > there's a certain degree of imbalance in the draft regarding the > portfolio of combinations of AES-{128|256} with SHA-{256|384} . > > Looking into the IANA TLS Cipher Suite Registry, I found a similar > lack of balance for the SHA-2 cipher suites already registered: > > - RFC 5246 has registered cipher suites employing both AES-128 > and AES-256 *with SHA-256 only* ; > > - both RFC 5288 and RFC 5289 (posted yesterday [PDT]) > *only* combine AES-128 with SHA-256 > and AES-256 with SHA-384 . > > Notwithstanding any applicable 'hard' cryptographic arguments, > I suggest that in draft-ietf-tls-psk-new-mac-aes-gcm, > simply for self-consistency of the portfolio ... > > either: > > a) Section 2 be amended with the missing combinations > for TLS_DHE_PSK_* and TLS_RSA_PSK_* (two each), > thus achieving an orthogonal portfolio of combinations > of AES-{128|256} with SHA-{256|384} for all flavors of > authentication, > > or: > > b) the TLS_DHE_PSK_* and TLS_RSA_PSK_* portfolio in Section 2 > be reverted to the -00 (and pre-WG draft) portfolio > (combining AES-128 with SHA-256 and AES-256 with SHA-384 only), > and all combinations of AES-128 with SHA-384 as well as > all combinations of AES-256 with SHA-256 be removed from > the portfolio in Sections 2, 31., 3.2, and 3.3, leaving only > combinations of AES-128 with SHA-256 and AES-256 with SHA-384 > in the draft. > > I see work in progress throughout the IETF (and elsewhere) > following both ways of combining block ciphers with various > key strenghts (like AES-xxx) and the SHA-2 variants. > > The major PRO for a) seems to be completeness and orthogonality, > and the major PRO for b) might be containment of the growing > "TLS Cipher Suite zoo". > > Any opinions? (In particular, 'crypto geek' voices welcome!) > > > Kind regards, > Alfred HÎnes. > > -- > > +------------------------+--------------------------------------------+ > | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | > | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | > | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | > +------------------------+--------------------------------------------+ > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Peter Gutmann
- [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : por… Alfred Hönes
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Blumenthal, Uri
- [TLS] Re: draft-ietf-tls-psk-new-mac-aes-gcm-01 … badra
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Peter Gutmann
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Blumenthal, Uri
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Peter Gutmann
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Eric Rescorla
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Blumenthal, Uri
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Eric Rescorla
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Peter Gutmann
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Mohamad Badra
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Martin Rex
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Eric Rescorla
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Peter Gutmann
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 :… Peter Gutmann