RE: [TLS] Suite B compliance of TLS 1.2

"Blumenthal, Uri" <uri.blumenthal@intel.com> Wed, 26 July 2006 20:44 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5qF5-00038r-Pd; Wed, 26 Jul 2006 16:44:31 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5qF4-00038G-IA for tls@ietf.org; Wed, 26 Jul 2006 16:44:30 -0400
Received: from mga01.intel.com ([192.55.52.88] helo=fmsmga101-1.fm.intel.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5qF3-00022C-3C for tls@ietf.org; Wed, 26 Jul 2006 16:44:30 -0400
Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101-1.fm.intel.com with ESMTP; 26 Jul 2006 13:37:13 -0700
Received: from fmsmsx333.fm.intel.com (HELO fmsmsx333.amr.corp.intel.com) ([132.233.42.2]) by fmsmga001.fm.intel.com with ESMTP; 26 Jul 2006 13:37:00 -0700
X-IronPort-AV: i="4.07,185,1151910000"; d="scan'208"; a="105235211:sNHT4764088042"
Received: from fmsmsx311.amr.corp.intel.com ([132.233.42.214]) by fmsmsx333.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Jul 2006 13:36:59 -0700
Received: from hdsmsx412.amr.corp.intel.com ([10.127.2.72]) by fmsmsx311.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Jul 2006 13:36:41 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Suite B compliance of TLS 1.2
Date: Wed, 26 Jul 2006 16:36:37 -0400
Message-ID: <279DDDAFA85EC74C9300A0598E7040565DC343@hdsmsx412.amr.corp.intel.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Suite B compliance of TLS 1.2
Thread-Index: Acaw8XnYJ30mjGzfR36ySRk6fBtNdwAAQ9+g
From: "Blumenthal, Uri" <uri.blumenthal@intel.com>
To: <tls@ietf.org>
X-OriginalArrivalTime: 26 Jul 2006 20:36:41.0164 (UTC) FILETIME=[3358D8C0:01C6B0F3]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f60d0f7806b0c40781eee6b9cd0b2135
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

I think that (a) specifying a reliable hash-function, and (b) defining
self-consistent ciphersuites is a requirement that we must satisfy - and
NOT a "feature-creep".

The smallest iteration on base spec is to keep SSLv3. And it is already
deployed.

-----Original Message-----
From: Martin Rex [mailto:martin.rex@sap.com] 
Sent: Wednesday, July 26, 2006 4:20 PM
To: Blumenthal, Uri
Cc: martin.rex@sap.com; tls@ietf.org
Subject: Re: [TLS] Suite B compliance of TLS 1.2

Blumenthal, Uri wrote:
> 
> I.e. you're arguing that cryptography is the strongest link in the
> Navigator and similar products, and therefore efforts should be made
in
> addressing the weaknesses, not improving what's already "strong"? Then
I
> sympathize, but...
> 
> To this my answer would be: we as TLS WG have no power over
> implementation bugs. However we have the power to make sure that the
> specified cryptography is not only "Navigator's strongest link" but is
> strong according to the today's cryptologic science and technology.

I was thinking in a more general fashion, and I'm getting off-topic.

This is more geared towards "where do we as the IETF" should we put
our efforts.

Within the IETF we have been having a problem of insufficient
"cross-pollination" between the security area and the other areas,
because we security geeks are constantly busy improving our own
stuff and making it ever more complex.  We do not spent sufficient
time to help the non-security guys to use the existing standards
and protocols, even those that are already pretty good.

Within Software development (in particular when one is not a
niche-only provider of just a particular middleware component),
there are limits to the available resources, what one can buy
(if it is OEM) or what one can do (if you're implementing it yourself).


I want to slightly caution about feature creep.  There was a discussion
at the IETF plenary about why so few documents/protocol advance on the
standards track, and feature creep is the predominant reason.


For the integrity protection, TLS is about protecting online
communication
and therefore must provide integrity protection against real-time
attacks.
The encryption algorithms, on the other hand, should be strong enough
to provide confidentiality for many years.  Digital signatures on
archived documents is the area that has to focus on updating their
hash algorithms.


The "smaller" an iteration of the base spec is, the more likely
it will be implemented/adopted widely, and the more likely there
will be interoperability on newer features, because of the
lower cost to implement/adopt it.


-Martin

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls