IETF Logo Mail Archive

[TLS] Suite B compliance of TLS 1.2

Wan-Teh Chang <wtchang@redhat.com> Wed, 26 July 2006 00:33 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5XL6-0001DK-KB; Tue, 25 Jul 2006 20:33:28 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5XL5-0001D6-CB for tls@ietf.org; Tue, 25 Jul 2006 20:33:27 -0400
Received: from mx1.redhat.com ([66.187.233.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5XL4-0006FY-4V for tls@ietf.org; Tue, 25 Jul 2006 20:33:27 -0400
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k6Q0XPde010100 for <tls@ietf.org>; Tue, 25 Jul 2006 20:33:25 -0400
Received: from potter.sfbay.redhat.com (potter.sfbay.redhat.com [172.16.27.15]) by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k6Q0XP4O007080 for <tls@ietf.org>; Tue, 25 Jul 2006 20:33:25 -0400
Received: from [127.0.0.1] (dhcp-172-16-25-208.sfbay.redhat.com [172.16.25.208]) by potter.sfbay.redhat.com (8.12.8/8.12.8) with ESMTP id k6Q0XMcm022656 for <tls@ietf.org>; Tue, 25 Jul 2006 20:33:24 -0400
Message-ID: <44C6B8C1.3040500@redhat.com>
Date: Tue, 25 Jul 2006 17:35:13 -0700
From: Wan-Teh Chang <wtchang@redhat.com>
User-Agent: Thunderbird 2.0a1 (Windows/20060724)
MIME-Version: 1.0
To: tls@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a8a20a483a84f747e56475e290ee868e
Cc:
Subject: [TLS] Suite B compliance of TLS 1.2
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1002661092=="
Errors-To: tls-bounces@lists.ietf.org

At the 2005 RSA Conference, the US National
Security Agency (NSA) announced Suite B Crytography
(http://www.nsa.gov/ia/industry/crypto_suite_b.cfm).
This suite of cryptographic algorithms includes AES,
ECDSA, ECDH, ECMQV, and SHA-256/SHA-384.

I'm interested in the Suite B compliance of TLS 1.2.
Simply put, it means the ability to do TLS 1.2 using
only Suite B algorithms.

The primary goal of TLS 1.2, to remove the protocol's
dependency on the MD5 and SHA-1 digest algorithms, is
in line with Suite B compliance.  I'd like to start
the discussion by proposing additional goals:
- merge in or reference RFC 4492
- add sha384 to the enumerated HashType
- define cipher suites whose MAC algorithm is Suite B
   compliant. Since Suite B doesn't include any MAC
   algorithms and the recent collision attack on SHA-1
   doesn't extend to HMAC-SHA-1, this goal may be
   controversial.

Wan-Teh Chang

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email