Re: [TLS] Confirming Consensus on supporting only AEAD ciphers

Russ Housley <housley@vigilsec.com> Thu, 27 March 2014 06:33 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD21A1A029E for <tls@ietfa.amsl.com>; Wed, 26 Mar 2014 23:33:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.13
X-Spam-Level:
X-Spam-Status: No, score=-101.13 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SORBS_WEB=0.77, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZcTCfDzjlcqa for <tls@ietfa.amsl.com>; Wed, 26 Mar 2014 23:33:08 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [209.135.209.4]) by ietfa.amsl.com (Postfix) with ESMTP id AC4771A0295 for <tls@ietf.org>; Wed, 26 Mar 2014 23:33:08 -0700 (PDT)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 83D8F9A43D6; Thu, 27 Mar 2014 02:32:57 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id X+dLNf5Agfmv; Thu, 27 Mar 2014 02:32:36 -0400 (EDT)
Received: from [10.59.80.125] (unknown [210.229.158.64]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 36EBC9A43CA; Thu, 27 Mar 2014 02:32:36 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <86E69268-DC0A-43E7-8CF5-0DAE39FD4FD5@cisco.com>
Date: Thu, 27 Mar 2014 02:32:27 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <3EAC453F-7902-48FC-B255-4416F50BBF82@vigilsec.com>
References: <86E69268-DC0A-43E7-8CF5-0DAE39FD4FD5@cisco.com>
To: Joseph Salowey (jsalowey) <jsalowey@cisco.com>
X-Mailer: Apple Mail (2.1085)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/KrVLuHdGUgHYafiBIsPNc4ygwrU
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2014 06:33:10 -0000

I'd like to ask a clarifying question.

Please look at RFC 6476.  In that document, Peter Gutmann uses traditional encryption and integrity functions to make an AEAD cipher.  Does this decision allow or prohibit such ciphers?

Russ


On Mar 26, 2014, at 2:43 PM, Joseph Salowey (jsalowey) wrote:

> TLS has supported a number of different cipher types for protecting the record layer.   In TLS 1.3 these include Stream Cipher, CBC Block Cipher and AEAD Cipher.  The construction of the CBC mode within TLS has been shown to be flawed and stream ciphers are not generally applicable to DTLS. Using a single mechanism for cryptographic transforms would make security analysis easier.   AEAD ciphers can be constructed from stream ciphers and block ciphers and are defined as protocol independent transforms.  The consensus in the room at IETF-89 was to only support AEAD ciphers in TLS 1.3. If you have concerns about this decision please respond on the TLS list by April 11, 2014.
> 
> Thanks,
> 
> Joe
> [Speaking for the TLS chairs]
>