Re: [TLS] New version of draft-ietf-tls-psk-new -mac-aes-gcm
badra@isima.fr Fri, 26 September 2008 21:54 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C32C93A6922; Fri, 26 Sep 2008 14:54:20 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 965403A68FE for <tls@core3.amsl.com>; Fri, 26 Sep 2008 14:54:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.602
X-Spam-Level:
X-Spam-Status: No, score=-0.602 tagged_above=-999 required=5 tests=[AWL=-0.664, BAYES_20=-0.74, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZSkbDB6rvfWH for <tls@core3.amsl.com>; Fri, 26 Sep 2008 14:54:19 -0700 (PDT)
Received: from sp.isima.fr (sp.isima.fr [193.55.95.1]) by core3.amsl.com (Postfix) with ESMTP id 9D6DC3A67FF for <tls@ietf.org>; Fri, 26 Sep 2008 14:54:18 -0700 (PDT)
Received: from www.isima.fr (www-data@www.isima.fr [193.55.95.79]) by sp.isima.fr (8.13.8/8.13.8) with SMTP id m8QMsXgh978962; Fri, 26 Sep 2008 23:54:33 +0100
Received: from 88.164.98.77 (SquirrelMail authenticated user badra) by www.isima.fr with HTTP; Fri, 26 Sep 2008 23:53:38 +0200 (CEST)
Message-ID: <53627.88.164.98.77.1222466018.squirrel@www.isima.fr>
In-Reply-To: <5FD537098FD21B439D882EEDD9299A233B2666@TUS1XCHCLUPIN09.enterprise.ver itas.com>
References: <mailman.81.1222455607.10569.tls@ietf.org> <5FD537098FD21B439D882EEDD9299A233B2666@TUS1XCHCLUPIN09.enterprise.veritas.com>
Date: Fri, 26 Sep 2008 23:53:38 +0200
From: badra@isima.fr
To: Mark� Tillinghast� <Mark_Tillinghast@symantec.com>
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
X-Priority: 3
Importance: Normal
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (sp.isima.fr [193.55.95.1]); Fri, 26 Sep 2008 23:54:33 +0100 (WEST)
Cc: tls@ietf.org
Subject: Re: [TLS] New version of draft-ietf-tls-psk-new -mac-aes-gcm
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
Dear Mark, Thank you for your comments. > Regarding > http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-new-mac-aes-gcm-0 > 3.txt > > 1. Please Replace: > Due to recent analytic work on SHA-1 [Wang05], the IETF > is gradually moving away from SHA-1 and towards stronger hash > algorithms. > > with: > Due to recent analytic work on SHA-1 [Wang05], the IETF > is moving away from SHA-1 and towards stronger hash > algorithms. OK > 2. I think it would be good to see some comment in the 4. security > considerations regarding NULL_SHA384 NULL_SHA256. What about adopting the same text of RFC 4785: OLD: The security considerations in [RFC4279], [RFC4758] and [RFC5288] apply to this document as well. In addition, as described in [RFC5288], these cipher suites may only be used with TLS 1.2 or greater. NEW: The security considerations in [RFC4279], [RFC4758] and [RFC5288] apply to this document as well. In particular, as authentication-only ciphersuites (with no encryption) defined here do not support confidentiality, care should be taken not to send sensitive information (such as passwords) over connections protected with one of the ciphersuites with NULL encryption defined in this document. As described in [RFC5288], the cipher suites defined in this document may only be used with TLS 1.2 or greater. > Thanks, > Mark Best regards, Badra _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls