RE: [TLS] Suite B compliance of TLS 1.2
"Blumenthal, Uri" <uri.blumenthal@intel.com> Wed, 26 July 2006 23:45 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5t4Q-00069G-4a; Wed, 26 Jul 2006 19:45:42 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5t4O-00069B-Ki for tls@ietf.org; Wed, 26 Jul 2006 19:45:40 -0400
Received: from mga01.intel.com ([192.55.52.88] helo=fmsmga101-1.fm.intel.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5t4N-00073O-4f for tls@ietf.org; Wed, 26 Jul 2006 19:45:40 -0400
Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101-1.fm.intel.com with ESMTP; 26 Jul 2006 16:43:27 -0700
Received: from fmsmsx333.fm.intel.com (HELO fmsmsx333.amr.corp.intel.com) ([132.233.42.2]) by fmsmga001.fm.intel.com with ESMTP; 26 Jul 2006 16:43:26 -0700
X-IronPort-AV: i="4.07,185,1151910000"; d="scan'208"; a="105398125:sNHT20020042"
Received: from fmsmsx312.amr.corp.intel.com ([132.233.42.227]) by fmsmsx333.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Jul 2006 16:43:26 -0700
Received: from hdsmsx412.amr.corp.intel.com ([10.127.2.72]) by fmsmsx312.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Jul 2006 16:43:05 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Suite B compliance of TLS 1.2
Date: Wed, 26 Jul 2006 19:43:02 -0400
Message-ID: <279DDDAFA85EC74C9300A0598E7040565DC3F6@hdsmsx412.amr.corp.intel.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Suite B compliance of TLS 1.2
Thread-Index: AcaxBlaseKnswC6JTpWmPh5Zh0bTZgAAE0dg
From: "Blumenthal, Uri" <uri.blumenthal@intel.com>
To: tls@ietf.org
X-OriginalArrivalTime: 26 Jul 2006 23:43:05.0432 (UTC) FILETIME=[3DB0B580:01C6B10D]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Both from my personal opinion as a cryptographer and from a political point of view - one may argue about whether all the OTHER ciphersuites are worth the effort that you so succintly described. Suite B is beyond contest. Protocols WILL migrate to it, like it or not. One might add that Suite B beats other defined ciphersuites and is comparable in strength to the current Russian crypto standard - and I have deep respect for the later. I think enough has been said on this subject. Except that yes there are real benefits - but you need to look deeply at the algorithms to understand it. -----Original Message----- From: Martin Rex [mailto:martin.rex@sap.com] Sent: Wednesday, July 26, 2006 6:38 PM To: Blumenthal, Uri Subject: Re: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri wrote: > > >To me "Suite B compliance of TLS 1.2" sounds like adding several new > >algorithms to the base spec with at least "RECOMMENDED" status, > >and not like "we already have all hooks for proprietary extensions, > >go and write an informational draft if you care". > > In the future it may well be that Suite B ends up being the only > mandatory-to-implement ciphersuite. > > Regardless, I don't understand your comment. New crypto algorithms cause a lot of resources to be burnt, so one should not do it just for the fun of it. Things that come to mind: - export approvals that some governments require - import approvals that some governments require - usage approvals that customers in some countries require - module re-evaluation/re-certification in some cases - implementation&test, interoperability tests - legal dep. will require another risk assessment because of IP issues etc. So if there is no real benefit we should be wary to put it into the base standard because of all the resources that implementors and vendors (incl. OEM vendors) will have to spend on it. The resources that gets spent here will be missing in other areas, where improving the security might be magnitudes more important -- or it will not be adopted by a significant number of installations. As a standars body, all IETF working groups should have an interest in broad adoption of their standards and smooth interoperability. Complexity and feature-creep (to cater niches) are part of the problem trying to reach that goal, not part of the solution. Regards, -Martin _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- Re: [TLS] Suite B compliance of TLS 1.2 Brian Minard
- Re: [TLS] Suite B compliance of TLS 1.2 Brian Minard
- Re: [TLS] Suite B compliance of TLS 1.2 David Hopwood
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Vipul Gupta