Re: [TLS] AEAD only for TLS1.3 revisit
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 02 October 2014 07:30 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A31E1A0121 for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 00:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.586
X-Spam-Level:
X-Spam-Status: No, score=-3.586 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0dV1T_ucR_Bn for <tls@ietfa.amsl.com>; Thu, 2 Oct 2014 00:30:07 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 696E51A00FE for <tls@ietf.org>; Thu, 2 Oct 2014 00:30:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1412235007; x=1443771007; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=xK60BUKRLdlioUqw+VJsFrvV7UEZ667FjLXy+fB+p1M=; b=NWwK7HHW3219BnTqG6trR5pn0hAewKjDygIV81b3qzBAMUkGddTUL9C+ fRYi3MqjEAGCpYuCep3xoI46zQQpf/wrNavDvGcj9TE/d/m7fTxeOoDJ+ fDfhICfrynUAzzAbbO583s8/FExMR0VY9PfsoTczLbX52y76YMWoardXW M=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="279961462"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 02 Oct 2014 20:30:00 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.70]) by uxchange10-fe2.UoA.auckland.ac.nz ([169.254.27.86]) with mapi id 14.03.0174.001; Thu, 2 Oct 2014 20:30:00 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] AEAD only for TLS1.3 revisit
Thread-Index: Ac/eEqu9dVwppUQ6R+iEUqbjuJOv7A==
Date: Thu, 02 Oct 2014 07:29:58 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9BF853@uxcn10-tdc05.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/WOsgg9gMC11-unkJb_JSZnN4rLo
Subject: Re: [TLS] AEAD only for TLS1.3 revisit
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 07:30:16 -0000
"Salz, Rich" <rsalz@akamai.com> writes: >Stick with TLS 1.2 The new version doesn't meet the customer needs. Stick >with the old one. Yes, some customers will be upset at not being able to use >the absolute latest standard. I'm not unsympathetic to that feeling, but my >empathy only goes so far. :) Unfortunately this doesn't work too well in practice, most industry standards bodies/groups always want to specify the latest version of any crypto protocol because, you know, it has a bigger number so it has to be more cromulent. While this can prove quite lucrative (and I'm thinking of the number of industry standards that mandated TLS 1.2 when next to no implementations were actually available), it does mean that you can't escape having to support every new protocol fashion statement that comes down the line. (Hmm, come to think of it I never tried advertising TLS 1.2 when someone asked for it but always falling back to 1.1, that would give "TLS 1.2" but still interoperate with other implementations that hadn't got past 1.1). Peter.
- [TLS] AEAD only for TLS1.3 revisit Michael StJohns
- Re: [TLS] AEAD only for TLS1.3 revisit Salz, Rich
- Re: [TLS] AEAD only for TLS1.3 revisit Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] AEAD only for TLS1.3 revisit Joseph Salowey (jsalowey)
- Re: [TLS] AEAD only for TLS1.3 revisit Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] AEAD only for TLS1.3 revisit Michael StJohns
- Re: [TLS] AEAD only for TLS1.3 revisit Martin Thomson
- Re: [TLS] AEAD only for TLS1.3 revisit Joseph Salowey (jsalowey)
- Re: [TLS] AEAD only for TLS1.3 revisit Joseph Salowey (jsalowey)
- Re: [TLS] AEAD only for TLS1.3 revisit Michael StJohns
- Re: [TLS] AEAD only for TLS1.3 revisit Stephen Farrell
- Re: [TLS] AEAD only for TLS1.3 revisit Nikos Mavrogiannopoulos
- Re: [TLS] AEAD only for TLS1.3 revisit Michael StJohns
- Re: [TLS] AEAD only for TLS1.3 revisit Salz, Rich
- Re: [TLS] AEAD only for TLS1.3 revisit Michael StJohns
- Re: [TLS] AEAD only for TLS1.3 revisit Dan Harkins
- Re: [TLS] AEAD only for TLS1.3 revisit Ilari Liusvaara
- Re: [TLS] AEAD only for TLS1.3 revisit Michael StJohns
- Re: [TLS] AEAD only for TLS1.3 revisit Salz, Rich
- Re: [TLS] AEAD only for TLS1.3 revisit Peter Gutmann
- Re: [TLS] AEAD only for TLS1.3 revisit Hubert Kario
- Re: [TLS] AEAD only for TLS1.3 revisit Salz, Rich
- Re: [TLS] AEAD only for TLS1.3 revisit Peter Gutmann