Re: [TLS] Registering SHA256 null encryption ciphersuites
Patrick Pelletier <code@funwithsoftware.org> Wed, 06 June 2012 07:35 UTC
Return-Path: <code@funwithsoftware.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F25B21F85AD for <tls@ietfa.amsl.com>; Wed, 6 Jun 2012 00:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.185
X-Spam-Level:
X-Spam-Status: No, score=-0.185 tagged_above=-999 required=5 tests=[BAYES_40=-0.185]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jGpoHbFG5bND for <tls@ietfa.amsl.com>; Wed, 6 Jun 2012 00:35:47 -0700 (PDT)
Received: from asbnvacz-mailrelay01.megapath.net (asbnvacz-mailrelay01.megapath.net [207.145.128.243]) by ietfa.amsl.com (Postfix) with ESMTP id DC23221F85A3 for <tls@ietf.org>; Wed, 6 Jun 2012 00:35:29 -0700 (PDT)
Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net [69.17.117.39]) by asbnvacz-mailrelay01.megapath.net (Postfix) with ESMTP id 0934C3CB148 for <tls@ietf.org>; Wed, 6 Jun 2012 03:29:51 -0400 (EDT)
Received: (qmail 4819 invoked from network); 6 Jun 2012 07:29:41 -0000
Received: by simscan 1.4.0 ppid: 18881, pid: 31332, t: 1.2360s scanners: clamav: m:
Received: from dsl017-096-185.lax1.dsl.speakeasy.net (HELO PatrickMBP.local) (ppelleti@[69.17.96.185]) (envelope-sender <code@funwithsoftware.org>) by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <tls@ietf.org>; 6 Jun 2012 07:29:40 -0000
Message-ID: <4FCF06DB.6050302@funwithsoftware.org>
Date: Wed, 06 Jun 2012 00:29:31 -0700
From: Patrick Pelletier <code@funwithsoftware.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: tls@ietf.org
References: <AAE0766F5AF36B46BAB7E0EFB92732060686EE495F@GBTWK10E001.Technology.local>
In-Reply-To: <AAE0766F5AF36B46BAB7E0EFB92732060686EE495F@GBTWK10E001.Technology.local>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Registering SHA256 null encryption ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jun 2012 07:35:48 -0000
On 5/30/12 2:23 AM, Lewis, Nick wrote: > Although not required in our application, is it also worth including > ECDH_anon_WITH_NULL_SHA256 and SHA384 variants of the ciphersuites too? I could easily be missing something, but what would the intended use of this ciphersuite (or any "*_anon_WITH_NULL_*" ciphersuite) be? Since it has no encryption, it doesn't offer any protection against passive eavesdroppers. But since it has no authentication, it doesn't offer any protection against active attackers. What sort of attack is it meant to protect against? (There is currently one "*_anon_WITH_NULL_*" ciphersuite registered with IANA, TLS_ECDH_anon_WITH_NULL_SHA, and my puzzlement extends to that ciphersuite, as well.) --Patrick
- [TLS] Registering SHA256 null encryption ciphersu… Lewis, Nick
- Re: [TLS] Registering SHA256 null encryption ciph… Patrick Pelletier
- Re: [TLS] Registering SHA256 null encryption ciph… Lewis, Nick