Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]

Gunnar Wolf <gwolf@gwolf.org> Tue, 02 June 2015 01:46 UTC

Return-Path: <gwolf@gwolf.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59BD51A882C for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 18:46:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.665
X-Spam-Level:
X-Spam-Status: No, score=-3.665 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_MX=0.535, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T-WcSEwoYDQU for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 18:46:57 -0700 (PDT)
Received: from mail.iiec.unam.mx (mail.iiec.unam.mx [132.248.241.1]) by ietfa.amsl.com (Postfix) with ESMTP id 235251A8829 for <tls@ietf.org>; Mon, 1 Jun 2015 18:46:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.iiec.unam.mx (Postfix) with ESMTP id E14F017854E; Mon, 1 Jun 2015 20:46:53 -0500 (CDT)
Received: from mail.iiec.unam.mx ([127.0.0.1]) by localhost (mail.iiec.unam.mx [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WU9_J1KZap5K; Mon, 1 Jun 2015 20:46:53 -0500 (CDT)
Received: from v.gwolf.org (unknown [132.248.72.123]) by mail.iiec.unam.mx (Postfix) with ESMTP id AECDD17844B; Mon, 1 Jun 2015 20:46:53 -0500 (CDT)
Received: by v.gwolf.org (Postfix, from userid 1000) id 75EEB2B4E4; Mon, 1 Jun 2015 20:46:53 -0500 (CDT)
Date: Mon, 01 Jun 2015 20:46:53 -0500
From: Gunnar Wolf <gwolf@gwolf.org>
To: Aaron Zauner <azet@azet.org>
Message-ID: <20150602014653.GB56774@gwolf.org>
References: <556C4ACD.9040002@azet.org> <CABcZeBNsYmto4F-J0mFoxcq-qfL=NJrvDu67fyY9bpBmRp16mQ@mail.gmail.com> <556C51FC.807@azet.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <556C51FC.807@azet.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/MDen9yYBFf1-hGvws4iFxLl0hBU>
Cc: Phillip Rogaway <rogaway@cs.ucdavis.edu>, TLS Mailing List <tls@ietf.org>, Charanjit Jutla <csjutla@us.ibm.com>
Subject: Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 01:46:58 -0000

Aaron Zauner dijo [Mon, Jun 01, 2015 at 02:37:16PM +0200]:
> >      * I'd also like to get rid of ECDSA ciphersuites alltogether, ideally
> >        leaving a few real-world, high-performance ciphersuites to use
> > 
> > 
> > I don't understand this point: ECDSA cipher suites are the ones with the
> > best performance at present.
> > 
> 
> Firstly, as far as I know it's also quite difficult to get ECDSA
> certificates in the wild. Has this changed significantly over the past
> couple of months? Second - there's a current draft on EdDSA, which I'd
> prefer over ECDSA, if somehow possible. I'm more about minimizing the
> list of cipher-suites this draft introduces than to point out that I
> dislike a particular signature schemes.

I'd venture to say that's a consequence of them having been around
much less time than the other schemes; not only have had crypto
libraries to gain widespread support for them to be interoperable
enough, but also the involved individuals/companies (mostly thinking
about CAs.