Re: [TLS] Confirming Consensus on supporting only AEAD ciphers

Peter Gutmann <> Tue, 29 April 2014 15:56 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2D0F81A090A for <>; Tue, 29 Apr 2014 08:56:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fIpeOn7QWDGF for <>; Tue, 29 Apr 2014 08:55:57 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id EC8411A08DB for <>; Tue, 29 Apr 2014 08:55:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=uoa; t=1398786956; x=1430322956; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=bBy7gJR9C0RciUhEeUY5eI/BNde0i8GAzlzJ0UOAkmE=; b=OLO2ufuiVTHy/3tZ50L4n09HABGJHX6WtTWkspIA0GslmT5b8dDx4y4J 8WgeoMIu4fbhTxsJ6mOBfVIgxs4N3WCXC5fBPVoVguQ3rendPE+FmixFp 93ofrlngnRqhl+WDGVp928g6nzsIaAfkoTKYd8Ll3OwzQTne0843j0Y+5 g=;
X-IronPort-AV: E=Sophos;i="4.97,951,1389697200"; d="scan'208";a="249373904"
X-Ironport-Source: - Outgoing - Outgoing
Received: from ([]) by with ESMTP/TLS/AES128-SHA; 30 Apr 2014 03:55:55 +1200
Received: from ([]) by ([]) with mapi id 14.03.0174.001; Wed, 30 Apr 2014 03:55:54 +1200
From: Peter Gutmann <>
To: "<>" <>
Thread-Topic: [TLS] Confirming Consensus on supporting only AEAD ciphers
Thread-Index: Ac9jw4B82N4QNQZ+TAK0cXf/4WEl0g==
Date: Tue, 29 Apr 2014 15:55:54 +0000
Message-ID: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 29 Apr 2014 15:56:03 -0000

Fedor Brunner <> writes:

>The Mandatory Cipher Suite for TLS 1.2 was TLS_RSA_WITH_AES_128_CBC_SHA. What
>is the mandatory cipher in TLS 1.3 ? Maybe
>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 using Curve25519 for ECDHE ?

Ugh, no.  That takes the ciphers from <industry-standard>+<industry-standard>
+<industry-standard> to <oddball-nonstandard>+<oddball-nonstandard>+<oddball-
nonstandard>+<industry-standard>.  Make the defaults something that can be
implemented with a standard crypto library, and leave the oddball stuff as
optional fashion statements.

(No disrespect intended for the algorithms I've designated as "oddball", but I
want something where the default is built from standard, accepted, widely-
recognised algorithms so I don't have to explain to every customer what
ChaCha20 is and why it's being used to protect their banking transactions).