Re: [TLS] Confirming Consensus on supporting only AEAD ciphers

Nikos Mavrogiannopoulos <nmav@redhat.com> Fri, 28 March 2014 09:14 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A44DE1A04A6 for <tls@ietfa.amsl.com>; Fri, 28 Mar 2014 02:14:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j6N89oApxtNo for <tls@ietfa.amsl.com>; Fri, 28 Mar 2014 02:14:50 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by ietfa.amsl.com (Postfix) with ESMTP id 1CBA51A02CB for <tls@ietf.org>; Fri, 28 Mar 2014 02:14:49 -0700 (PDT)
Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2S9Ef54012593 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 28 Mar 2014 05:14:42 -0400
Received: from [10.34.2.127] (dhcp-2-127.brq.redhat.com [10.34.2.127]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s2S9EdvW001897 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 28 Mar 2014 05:14:40 -0400
Message-ID: <1395998078.19721.60.camel@dhcp-2-127.brq.redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Date: Fri, 28 Mar 2014 10:14:38 +0100
In-Reply-To: <F8DB048B-24D0-4B97-85F0-39807B54EDDB@cisco.com>
References: <9A043F3CF02CD34C8E74AC1594475C7372394B6C@uxcn10-6.UoA.auckland.ac.nz> <F8DB048B-24D0-4B97-85F0-39807B54EDDB@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/_1ij64M3IDifoTSru4SUwH-IEAk
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 09:14:51 -0000

On Fri, 2014-03-28 at 04:42 +0000, Joseph Salowey (jsalowey) wrote:

> >> Please look at RFC 6476.  In that document, Peter Gutmann uses traditional
> >> encryption and integrity functions to make an AEAD cipher.  Does this
> >> decision allow or prohibit such ciphers?
> > 
> > I had a similar question, the EtM draft uses the existing CBC as part of an
> > AEAD mechanism, in a manner that requires minimal changes and no
> > implementation of new cipher modes.  Does that count as AEAD, or does it have
> > to be a combined cipher mode?
> [Joe] I don't think it counts as an AEAD mechanism.  It is not using the AEAD  cipher type defined in RFC 5246.   You could define EtM using CBC so that it fits the AEAD interface.  

I don't think this is possible. Don't forget that the AEAD mechanism in
TLS is only applicable to stream ciphers, i.e, for ciphers that
plaintext equals ciphertext. So moving everything to "AEAD" would have
to create a new AEAD mode.

Overall, I think that this discussion about allowing only the true
"AEAD" is pointless. All TLS ciphersuites are Authenticated Encryption
by definition and there is no advantage by require them to fit into the
TLS true "AEAD" mode.

regards,
Nikos