Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CCM: a meta-analysis

Joe Hall <joe@cdt.org> Mon, 26 January 2015 18:47 UTC

Return-Path: <jhall@cdt.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9332C1ACDDC for <tls@ietfa.amsl.com>; Mon, 26 Jan 2015 10:47:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dtrD78S6FWYe for <tls@ietfa.amsl.com>; Mon, 26 Jan 2015 10:47:12 -0800 (PST)
Received: from mail-la0-f50.google.com (mail-la0-f50.google.com [209.85.215.50]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AFA41ACDDB for <tls@ietf.org>; Mon, 26 Jan 2015 10:47:12 -0800 (PST)
Received: by mail-la0-f50.google.com with SMTP id hs14so9258835lab.9 for <tls@ietf.org>; Mon, 26 Jan 2015 10:47:10 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=PAl9Lc/NbT3zQMHHAEu5KcOnx2iBlNZ5se3tuATr2bo=; b=WNJJYGRGQ6hWywp1Ki5ye9GyO+HzaX594ypPFnxEslFYXBIC0wWFnh8w4V0Q5p/Iv/ r0iREsME/kh0o/k7Fu8PIJpmJLYuMTMIMGObJNxNXtZYFvJ+qQptiqOhw/jz3vgwnfRo iZnGCkovpNkWZaS6KiuCw7Qe0JjjRtApJC5OrdKPiaSzMJeck7wATaSbZkVRwdB9MfHl OVT7vLM1lvyWN0IJNJHMO2W5lHCWo3bVg4fFqulRMOKnHlSGrP81PLpMVQy3XmtWvhq7 Vj3NU6KoVHCrELZThjH8B0DgqjjhmxJg0IPH74ySFrxai1rHoAKPc9U/6rSaR0P+uynZ kvlg==
X-Gm-Message-State: ALoCoQnjPJ6XVTWMbjbEH6YamTLWwFqWmdL7PqZLVWkPFkg1SBf8CgFKqmk4zL79ghT32hmeHnHF
X-Received: by 10.152.88.44 with SMTP id bd12mr3232792lab.86.1422298030726; Mon, 26 Jan 2015 10:47:10 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.211.132 with HTTP; Mon, 26 Jan 2015 10:46:49 -0800 (PST)
In-Reply-To: <CA+cU71=Zs3zkfsxiYev-E9Wqg=nYTtUbiizoJCJ4QUVc=qpRRw@mail.gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C73AAF525B9@uxcn10-tdc05.UoA.auckland.ac.nz> <D0D16976.3BD1D%kenny.paterson@rhul.ac.uk> <54B54A5F.7020401@polarssl.org> <D0DB0820.3C588%kenny.paterson@rhul.ac.uk> <CACsn0c=oYuUhkPi2QO=qPy95X4v+xXViTyi+XzyRrO1BKLnnLg@mail.gmail.com> <D0DB1039.3C5D9%kenny.paterson@rhul.ac.uk> <CACsn0ck-2_348SkASvkCrP7r3HoD-G8t590WRzWkQpj6TjBMqg@mail.gmail.com> <CABkgnnWLUsKuJ71dbpSps5bErbrjGnYe-_BjDpJGmMkD-O0BUw@mail.gmail.com> <54B65AF0.1080503@metaparadigm.com> <CABkgnnUmoA4mMqbgVaKgebmC-PzvSBeRQ_=eoCSaNp9C2mtg=Q@mail.gmail.com> <CA+cU71=Zs3zkfsxiYev-E9Wqg=nYTtUbiizoJCJ4QUVc=qpRRw@mail.gmail.com>
From: Joe Hall <joe@cdt.org>
Date: Mon, 26 Jan 2015 13:46:49 -0500
Message-ID: <CABtrr-VJRqw6oG6e7DxuBaXq8DM2Y9WxLjJ=Z9BEchceoh00ow@mail.gmail.com>
To: Tom Ritter <tom@ritter.vg>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/N5-pIK2IwJGUbzSvzCBquNnYdiY>
Cc: =?UTF-8?Q?Manuel_P=C3=A9gouri=C3=A9=2DGonnard?= <mpg@polarssl.org>, tls@ietf.org
Subject: Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CCM: a meta-analysis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jan 2015 18:47:13 -0000

On Fri, Jan 23, 2015 at 8:26 PM, Tom Ritter <tom@ritter.vg>; wrote:
>
> On Jan 14, 2015 11:20 AM, "Martin Thomson" <martin.thomson@gmail.com>; wrote:
>>
>> On 14 January 2015 at 04:02, Michael Clark <michael@metaparadigm.com>;
>> wrote:
>> > Interesting. Should draft-pironti-tls-length-hiding-01 be added to
>> > Related Active Documents (not working group documents) section
>>
>> That's an automatically generated list.  I suspect the reason that it
>> doesn't appear is that it is presently expired.
>
> Something I feel very bad about. I am a big proponent of making length
> hiding possible in 1.3 and need to find time to put more effort into this.
> I encourage the chairs or WG to bug me if they don't see anything about this
> in a timeframe they expect.

Wasn't the discussion in Denver of the flavor that applications will
have to do length-hiding right if they want it to be secure so it
doesn't make sense to do it in TLS? I'm probably mischaracterizing
that, but I thought the outcome was more definitive than "maybe
someone will get to it". (i.e., some thought it would be a bad idea to
do it at all as it would be easy for applications to use it in an
insecure manner)

Apologies if this question is horribly naive. best, Joe

-- 
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871