IETF Logo Mail Archive

Re: [TLS] Comments on various things on agenda (Was: Re: TLS Interim - update and agenda)

Dave Garrett <davemgarrett@gmail.com> Sun, 08 March 2015 18:50 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82AEB1A00D8 for <tls@ietfa.amsl.com>; Sun, 8 Mar 2015 11:50:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f456vn6k8AIs for <tls@ietfa.amsl.com>; Sun, 8 Mar 2015 11:50:07 -0700 (PDT)
Received: from mail-qc0-x229.google.com (mail-qc0-x229.google.com [IPv6:2607:f8b0:400d:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 104071A00CA for <tls@ietf.org>; Sun, 8 Mar 2015 11:50:06 -0700 (PDT)
Received: by qcyl6 with SMTP id l6so3842671qcy.13 for <tls@ietf.org>; Sun, 08 Mar 2015 11:50:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=0P33BYa3XVVm/hlyts3oGNhtPIAxjKbthjVhB3flTrQ=; b=0BXxRlzdEl2oGHk4C37FvULbHdTKBOuneAhUSBd3FXwcuofLURx6futSepdFrnZdHd kLpq+E1CjnGYvDon9A4+79rt6CKccnRpqdfnOd6tUy6S3T/mF2gUelDA3AqBVPlK1KnB qHFw1nzfm3PAtZUNmjGHAd574tDh7wjpf/rmS2AMuo6V/+alkk91pQiCnCTm5P+XNLr/ fEJ7v1XJrathy4FT9NGVY18Bwbu3h4SPd2XPY/PFzNRbrZCWgecIzIyePSKvmKZfddEB h0eu/cZJBhYKEQ4En3d6NXpu1p4yJ4JbQIBjP1HKTTqWNKYuzF4Ptco0Y8m5F/fy7ZOc ZI2w==
X-Received: by 10.55.24.160 with SMTP id 32mr31338819qky.23.1425840606289; Sun, 08 Mar 2015 11:50:06 -0700 (PDT)
Received: from dave-laptop.localnet (pool-96-245-254-195.phlapa.fios.verizon.net. [96.245.254.195]) by mx.google.com with ESMTPSA id q193sm10056690qha.14.2015.03.08.11.50.05 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 08 Mar 2015 11:50:05 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 08 Mar 2015 14:50:04 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-71-generic-pae; KDE/4.4.5; i686; ; )
References: <CAOgPGoCcexve9+C2bNSGVWUksZCva66OWbf8nrxkg0PquOpZ_w@mail.gmail.com> <201503081424.24976.davemgarrett@gmail.com> <CABcZeBNbjUOJdXM22LNzWJxnvQdGPTwBuLMouEH9FSx=J86xhw@mail.gmail.com>
In-Reply-To: <CABcZeBNbjUOJdXM22LNzWJxnvQdGPTwBuLMouEH9FSx=J86xhw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201503081450.04610.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/YcnqRWC7TQOwuj70vPq-TA8lw_c>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Comments on various things on agenda (Was: Re: TLS Interim - update and agenda)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Mar 2015 18:50:08 -0000

On Sunday, March 08, 2015 02:36:15 pm Eric Rescorla wrote:
> On Sun, Mar 8, 2015 at 11:24 AM, Dave Garrett <davemgarrett@gmail.com> > wrote:
> > On Sunday, March 08, 2015 02:03:10 pm Ilari Liusvaara wrote:
> > > MTI cipher suites:
> > > ------------------
> > > I see there being only two realistic AEAD ciphers:
> > >
> > > - AES-GCM (if you have hardware support)
> > > - Chacha20-Poly1305-AEAD (no need for hardware support)
> >
> > On this topic, a thought to consider:
> > If Chacha20-Poly1305-AEAD were made MTI for TLS 1.3, that would greatly
> > increase roll-out of the new cipher. AES-GCM could be listed as SHOULD
> > support. Existing TLS 1.2 implementations generally support it already, so
> > this would most likely provide two cipher suites that most can be expected
> > to have available. On the other hand, if AES-GCM were chosen as MTI, then
> > we would have to rely on merely encouraging implementations to consider
> > alternatives.
> 
> I tend to take the opposite attitude. The purpose of MTI is to provide a guaranteed
> minimum for interoperabilty, and given that GCM is generally supported, that
> seems like the natural choice.

It is of course the obvious choice, which is why I'm speaking up to encourage an alternative. TLS 1.3 is on track to have a one-true-cipher of AES-GCM, with alternatives slowly coming into play. This is something many would like to avoid, so a different decision here could affect that. ChachaPoly also has the benefit of playing nice with hardware, making MTI potentially easier on some. It's not a bad decision if AES-GCM is picked as MTI, but I do think it is very much worth considering the total end result and not just the minimum interop.


Dave

v2.23.0 | Report a Bug | By Email