Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Sat, 26 April 2014 15:24 UTC
Return-Path: <jsalowey@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F03B1A0503 for <tls@ietfa.amsl.com>; Sat, 26 Apr 2014 08:24:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.773
X-Spam-Level:
X-Spam-Status: No, score=-9.773 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4SS499PbVMfU for <tls@ietfa.amsl.com>; Sat, 26 Apr 2014 08:24:32 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) by ietfa.amsl.com (Postfix) with ESMTP id 1973B1A04F6 for <tls@ietf.org>; Sat, 26 Apr 2014 08:24:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1214; q=dns/txt; s=iport; t=1398525865; x=1399735465; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=3vQoDXw2SlJYg4y5yWKzQO95nIfcjGHOOW5cxBZEQoU=; b=LgAl1ODPzmfWcSgJ7XBg7TacbqnBj3NZcobeynHzPl2XMdLGWC2veeFt +OPGLVkRiejjACSMTjTNzn8tMulSEUrwtkbyzMSqg+TMmgfiVlNemUp/M VggmcOCIn35KR6MDxHbElC1zZCzg4tF2yX1r62dlzS/1k9F/4FF4DnN4Y o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtQFAMDOW1OtJA2B/2dsb2JhbABZgwZPSwEBCr0hhzmBCxZ0giUBAQEDAQEBATc0CwULAgEINhAnCyUCBA4FiDkIDcoCEwSOJjMHgySBFQSZDJJegzGCKw
X-IronPort-AV: E=Sophos;i="4.97,933,1389744000"; d="scan'208";a="38999400"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-3.cisco.com with ESMTP; 26 Apr 2014 15:24:24 +0000
Received: from xhc-rcd-x14.cisco.com (xhc-rcd-x14.cisco.com [173.37.183.88]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id s3QFOOGh016475 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <tls@ietf.org>; Sat, 26 Apr 2014 15:24:24 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.100]) by xhc-rcd-x14.cisco.com ([173.37.183.88]) with mapi id 14.03.0123.003; Sat, 26 Apr 2014 10:24:24 -0500
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Thread-Topic: [TLS] Confirming Consensus on supporting only AEAD ciphers
Thread-Index: AQHPSSM6qiIeFUDRHUase0LCUT6SLpskiL+A
Date: Sat, 26 Apr 2014 15:24:22 +0000
Message-ID: <84C4848E-7843-4372-93AA-C1F017C3E088@cisco.com>
References: <86E69268-DC0A-43E7-8CF5-0DAE39FD4FD5@cisco.com>
In-Reply-To: <86E69268-DC0A-43E7-8CF5-0DAE39FD4FD5@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.85.164.213]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <AFBCFC09A8FBED46A9983F7456CFE890@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/TFhtZ--Fbed39F7w5l3t3BwL0UA
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Apr 2014 15:24:34 -0000
The consensus from the IETF-89 meeting holds, TLS 1.3 will only use record layer protection of type AEAD. The Editor is requested to make the appropriate changes to the draft on github. Joe [For the chairs] On Mar 26, 2014, at 11:43 AM, Joseph Salowey (jsalowey) <jsalowey@cisco.com> wrote: > TLS has supported a number of different cipher types for protecting the record layer. In TLS 1.3 these include Stream Cipher, CBC Block Cipher and AEAD Cipher. The construction of the CBC mode within TLS has been shown to be flawed and stream ciphers are not generally applicable to DTLS. Using a single mechanism for cryptographic transforms would make security analysis easier. AEAD ciphers can be constructed from stream ciphers and block ciphers and are defined as protocol independent transforms. The consensus in the room at IETF-89 was to only support AEAD ciphers in TLS 1.3. If you have concerns about this decision please respond on the TLS list by April 11, 2014. > > Thanks, > > Joe > [Speaking for the TLS chairs] > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Confirming Consensus on supporting only AEA… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Russ Housley
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Peter Gutmann
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] Confirming Consensus on supporting only… Watson Ladd
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Fedor Brunner
- Re: [TLS] Confirming Consensus on supporting only… Peter Gutmann
- Re: [TLS] Confirming Consensus on supporting only… Watson Ladd
- Re: [TLS] Confirming Consensus on supporting only… Peter Bowen
- Re: [TLS] Confirming Consensus on supporting only… Michael D'Errico
- Re: [TLS] Confirming Consensus on supporting only… Martin Thomson
- Re: [TLS] Confirming Consensus on supporting only… Ralph Holz
- Re: [TLS] Confirming Consensus on supporting only… Michael D'Errico
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] Confirming Consensus on supporting only… Michael StJohns
- Re: [TLS] Confirming Consensus on supporting only… Martin Rex
- Re: [TLS] Confirming Consensus on supporting only… Michael StJohns
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Fedor Brunner
- [TLS] (offline note) Re: Confirming Consensus on … Rene Struik
- Re: [TLS] (offline note) Re: Confirming Consensus… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Michael StJohns
- Re: [TLS] (offline note) Re: Confirming Consensus… Martin Rex
- Re: [TLS] (offline note) Re: Confirming Consensus… Michael StJohns
- Re: [TLS] (offline note) Re: Confirming Consensus… Michael StJohns
- Re: [TLS] (offline note) Re: Confirming Consensus… Manuel Pégourié-Gonnard
- Re: [TLS] (offline note) Re: Confirming Consensus… Michael StJohns
- Re: [TLS] Confirming Consensus on supporting only… Manuel Pégourié-Gonnard
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Martin Thomson
- [TLS] [PATCH] Clean up removal of all non-AEAD mo… Daniel Kahn Gillmor
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Eric Rescorla
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Daniel Kahn Gillmor
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Eric Rescorla