Re: [TLS] Suite B compliance of TLS 1.2

Eric Rescorla <ekr@networkresonance.com> Thu, 27 July 2006 00:13 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5tVE-0008Ae-TF; Wed, 26 Jul 2006 20:13:24 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5tVE-0008AV-Bb for tls@ietf.org; Wed, 26 Jul 2006 20:13:24 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5ocx-0004fQ-Cc for tls@ietf.org; Wed, 26 Jul 2006 15:01:03 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1G5oSL-0007Jc-J0 for tls@ietf.org; Wed, 26 Jul 2006 14:50:07 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 678FC1E8C1C; Wed, 26 Jul 2006 11:49:56 -0700 (PDT)
To: Brian Minard <bminard@certicom.com>
Subject: Re: [TLS] Suite B compliance of TLS 1.2
References: <44C6B8C1.3040500@redhat.com> <86fygpyoir.fsf@raman.networkresonance.com> <20060726184648.GE14789@certicom.com>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Wed, 26 Jul 2006 11:49:56 -0700
In-Reply-To: <20060726184648.GE14789@certicom.com> (Brian Minard's message of "Wed, 26 Jul 2006 14:46:48 -0400")
Message-ID: <861ws8w697.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: -2.4 (--)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Brian Minard <bminard@certicom.com>; writes:

> On Tue, Jul 25, 2006 at 09:32:28PM -0700, Eric Rescorla wrote:
>
>> Wan-Teh Chang <wtchang@redhat.com>; writes:
>>
>> > - define cipher suites whose MAC algorithm is Suite B
>> > compliant. Since Suite B doesn't include any MAC algorithms
>> > and the recent collision attack on SHA-1 doesn't extend to
>> > HMAC-SHA-1, this goal may be controversial.
>>
>> I'm not that familiar with Suite B, but if it, as you say,
>> it doesn't include a MAC algorithm, I'm not sure what you're
>> suggesting for message integrity.
>
> I don't entirely understand these statements. Is there a reason
> why new cipher suites supporting SHA-256, -384, or -512, couldn't
> be defined using the existing HMAC? 
>
> Why doesn't this solve the message integrity issue?

I was wondering the same thing... I.e., why Wan-Teh called
the issue "controversial". Anyway, I was expecting that
there would eventually be HMAC-XXX cipher suites.

-Ekr



_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls