Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]

Russ Housley <housley@vigilsec.com> Mon, 01 June 2015 16:30 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F1BA1B2CE3 for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 09:30:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aw2udW0kvFfK for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 09:30:01 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 69A521B2CE2 for <tls@ietf.org>; Mon, 1 Jun 2015 09:30:01 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id C3AB59A404B; Mon, 1 Jun 2015 12:29:50 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id 9U8Qoe8UFaia; Mon, 1 Jun 2015 12:28:30 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 26DA89A404C; Mon, 1 Jun 2015 12:29:30 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20150601125302.GA19269@LK-Perkele-VII>
Date: Mon, 1 Jun 2015 12:29:19 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <E0C6092D-EFC0-43F9-8807-5D8CE8FF00B8@vigilsec.com>
References: <556C4ACD.9040002@azet.org> <CABcZeBNsYmto4F-J0mFoxcq-qfL=NJrvDu67fyY9bpBmRp16mQ@mail.gmail.com> <556C51FC.807@azet.org> <20150601125302.GA19269@LK-Perkele-VII>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/IeTC0rjypeZrMzPFJry1r1wMsrE>
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 16:30:04 -0000

Ilari:

> I think the current plan with EdDSA and related certficates are to reuse
> ECDSA codepoints, relying on extension (defined by RFC5246) to negotiate.

When we were doing to work for RSA PKCS #1 v1.5, OAEP, and PSS, it was unclear whether using the same key pair with all of these schemes would lead to trouble.  For this reason, the certificate can allow the key pair to be used for just on or all of them.

The same question needs to be asked here.  I hope a more definitive answer becomes available this time.

Russ