Re: [TLS] (offline note) Re: Confirming Consensus on supporting only AEAD ciphers

Michael StJohns <msj@nthpermutation.com> Tue, 06 May 2014 16:24 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21B131A01AE for <tls@ietfa.amsl.com>; Tue, 6 May 2014 09:24:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y9B16n5EJc0X for <tls@ietfa.amsl.com>; Tue, 6 May 2014 09:24:18 -0700 (PDT)
Received: from mail-qg0-f45.google.com (mail-qg0-f45.google.com [209.85.192.45]) by ietfa.amsl.com (Postfix) with ESMTP id D551F1A01A6 for <tls@ietf.org>; Tue, 6 May 2014 09:24:17 -0700 (PDT)
Received: by mail-qg0-f45.google.com with SMTP id z60so3725961qgd.4 for <tls@ietf.org>; Tue, 06 May 2014 09:24:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=eziJKUM7EHRpAi7Ria2+VH3j3wfb0MxwTF9KrnlZBZk=; b=kpkT7oCWrMnIGJ859m8TS3YSNyVQ0J4U5zjv4T/eGdVAkvD0W8FzLboern8iGxTzie 8vA+BMXlX/6FeiOuZjq4sz7Rk8u2gatUACl22Q5mXDHGgvmaJXYMjSGu3ZioNoT/8S6T Wcj3CIOqOVv4hE7zcolbf/c6aDswvgQFIHZsvEW21ubDqjk0O9MA1GmzPcDzfSlZ4zcY La6HCfvFD0I2/UDILH7BrZL9g8LCn0fVat4xFoqBoiGemlbajsvY0Z67EgbH76teHB4D tA1O1yXouXLcnB26Me/hFvVLB+xJa9R7Nbeazp6QoZj3BVdDLFJ7I5MoBCv6mL5ptqt2 YtuA==
X-Gm-Message-State: ALoCoQklnl2VAI+cMCEQNVini4+7C+4gStTeb9YdVrSTNec16CtoC9sioz1uUK1pRRtYMfJeTe6j
X-Received: by 10.224.79.143 with SMTP id p15mr56316873qak.57.1399393453717; Tue, 06 May 2014 09:24:13 -0700 (PDT)
Received: from [192.168.1.105] (c-68-34-113-195.hsd1.md.comcast.net. [68.34.113.195]) by mx.google.com with ESMTPSA id j7sm24316868qab.27.2014.05.06.09.24.13 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 06 May 2014 09:24:13 -0700 (PDT)
Message-ID: <53690CB5.1060704@nthpermutation.com>
Date: Tue, 06 May 2014 12:24:21 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, Rene Struik <rstruik.ext@gmail.com>
References: <86E69268-DC0A-43E7-8CF5-0DAE39FD4FD5@cisco.com> <84C4848E-7843-4372-93AA-C1F017C3E088@cisco.com> <535FE558.2090306@nthpermutation.com> <C7763F74-94D4-4E18-86FC-F0E70488B5BD@cisco.com> <5368DAED.3020000@gmail.com> <5528AE3F-2483-42EA-949F-E3FC6774A4FC@cisco.com>
In-Reply-To: <5528AE3F-2483-42EA-949F-E3FC6774A4FC@cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/IMP_O8IbltSv5fDOY8x8GNcKDcE
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] (offline note) Re: Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 16:24:19 -0000

On 5/6/2014 11:11 AM, Joseph Salowey (jsalowey) wrote:
> On May 6, 2014, at 5:51 AM, Rene Struik <rstruik.ext@gmail.com> wrote:
>
>> Hi Joe:
>>
>> In general, an AEAD mode takes as input two strings a and m and a key k, and authenticates a and m, while encrypting m. If m is the empty string, this results in an authentication-only mode.
>>
>> Thus, AEAD modes can be used to provide suitable combinations of authentication and/or encryption. Examples hereof include the GCM mode and CCM mode.
>>
> [Joe] Yes, but I don't think any of the defined cipher suites for AES-GCM or AES-CCM support an authentication-only mode.  If authentication-only support is desired then additional cipher suites would have to be defined.

If a message consists of 100 bytes of AAD and 0 bytes of plaintext, then the output of an AEAD cipher is the integrity tag over the 100 bytes of AAD and no cipher text.  That's pretty much authentication-only.

Not optimized for that though.

Mike