Re: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?

Benjamin Beurdouche <benjamin.beurdouche@inria.fr> Wed, 16 March 2016 19:27 UTC

Return-Path: <benjamin.beurdouche@inria.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B04512DAF0 for <tls@ietfa.amsl.com>; Wed, 16 Mar 2016 12:27:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mdWf1NQEGlIh for <tls@ietfa.amsl.com>; Wed, 16 Mar 2016 12:27:50 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7DD312DADE for <tls@ietf.org>; Wed, 16 Mar 2016 12:27:48 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.24,346,1454972400"; d="scan'208,217";a="208184939"
Received: from lfbn-1-4428-119.w92-170.abo.wanadoo.fr (HELO mbbp.home) ([92.170.166.119]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Mar 2016 20:27:43 +0100
Content-Type: multipart/alternative; boundary="Apple-Mail=_65546849-159C-46FB-A3BD-3ECCEC0DC571"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Benjamin Beurdouche <benjamin.beurdouche@inria.fr>
In-Reply-To: <CAAF6GDcEawWkmcJ2yQsqwH6MNJOgNEZaQEF6qwLVbWyEyppHWw@mail.gmail.com>
Date: Wed, 16 Mar 2016 20:27:42 +0100
Message-Id: <2626B234-D6FB-4560-B9B1-C7A99BC0F863@inria.fr>
References: <CAAF6GDekw3stfYGd1q+Zzde--g5M0h9ZTWrVLVJxEwp+frQTHQ@mail.gmail.com> <D30F5033.66E40%kenny.paterson@rhul.ac.uk> <CAAF6GDcEawWkmcJ2yQsqwH6MNJOgNEZaQEF6qwLVbWyEyppHWw@mail.gmail.com>
To: =?utf-8?Q?Colm_MacC=C3=A1rthaigh?= <colm@allcosts.net>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/PeIu0uTMntZccfDuODbwP1M_5J0>
Cc: ML IETF TLS <tls@ietf.org>
Subject: Re: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2016 19:27:53 -0000

Hi all !

> On 16 Mar 2016, at 19:49, Colm MacCárthaigh <colm@allcosts.net>; wrote:
> 
> On Wed, Mar 16, 2016 at 2:14 PM, Paterson, Kenny <Kenny.Paterson@rhul.ac.uk <mailto:Kenny.Paterson@rhul.ac.uk>> wrote:
> Much better would be implementing an optional padding feature for the AEAD
> modes. Something like this draft proposes:
> 
> https://tools.ietf.org/html/draft-pironti-tls-length-hiding-02 <https://tools.ietf.org/html/draft-pironti-tls-length-hiding-02>
> 
> I hadn't seen that! I wonder is there an appetite here for including more robust LH in TLS1.2 in some form? I mean a real one; as in - let’s it get it into servers and browsers sooner than TLS1.3. 

FYI, the experimental length-hiding feature from miTLS described by Alexandre earlier implements the draft specification linked by Kenny…

Best, 
B.