Re: [TLS] (offline note) Re: Confirming Consensus on supporting only AEAD ciphers
Michael StJohns <msj@nthpermutation.com> Tue, 06 May 2014 16:35 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26CD11A017E for <tls@ietfa.amsl.com>; Tue, 6 May 2014 09:35:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZHgshBNNpu7D for <tls@ietfa.amsl.com>; Tue, 6 May 2014 09:35:44 -0700 (PDT)
Received: from mail-qa0-f44.google.com (mail-qa0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id B5FB81A0189 for <tls@ietf.org>; Tue, 6 May 2014 09:35:42 -0700 (PDT)
Received: by mail-qa0-f44.google.com with SMTP id j7so3118751qaq.17 for <tls@ietf.org>; Tue, 06 May 2014 09:35:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=beQIXPTkYPpOWZUo9HDb1+rsccAwwMRaOKFOKLCAqEQ=; b=SJAiCsOTwvOLAGvNtfRXRk8kxq7PHWO0QNhLwP+gApTIT6w70BiTMTceq/krbLU0Cr tjJ/Zsm7xvEaL3XqTAErlS/gn+EYUTyssexzILlW+SWHMA1WIjNNXrTjwPByKSySL4+y +UkwmD66a9/9gKwL+QAAjZB7iMFdzA/lF7J1TyXF5CT8vjMkjnup80/93Mto3GZXBCop I0sfxJ+ujIMkjPNRjnutM9MLo5oLDOu2SJ4PlelOnk7+swm1qIJAukyIZD13qBlWWXh2 WNO+cAxGfxgOKMRvqf6KFuMikKrvXTG26N1I1S3JxnSiKUj8zCPHoApz1l+Vi7T3XdlC kP2g==
X-Gm-Message-State: ALoCoQkNVxulCrlcrE1y3ZaO/6FC6NHPXWWOo4O7r8AOCYSN0KnJd+J+DqoAi3Tooo3UNZBQXxvq
X-Received: by 10.224.35.209 with SMTP id q17mr57206308qad.9.1399394138802; Tue, 06 May 2014 09:35:38 -0700 (PDT)
Received: from [192.168.1.105] (c-68-34-113-195.hsd1.md.comcast.net. [68.34.113.195]) by mx.google.com with ESMTPSA id z4sm24378286qas.8.2014.05.06.09.35.38 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 06 May 2014 09:35:38 -0700 (PDT)
Message-ID: <53690F62.408@nthpermutation.com>
Date: Tue, 06 May 2014 12:35:46 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: mrex@sap.com, Rene Struik <rstruik.ext@gmail.com>
References: <20140506162032.AEC6A1ACF7@ld9781.wdf.sap.corp>
In-Reply-To: <20140506162032.AEC6A1ACF7@ld9781.wdf.sap.corp>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/a4XLJ_9s3IW-s39UpLRvU0yZF_8
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] (offline note) Re: Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 16:35:46 -0000
On 5/6/2014 12:20 PM, Martin Rex wrote:
> I can not correlate your most recent response to the prior question:
>
>> Michael StJohns wrote:
>>> Sorry - I'm coming late here. Does this also imply the complete
>>> elimination of the integrity only cipher suites?
> I understand this to refer to these cipher suites:
> CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00,0x01 };
> CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00,0x02 };
>
> which provide authentication PLUS integrity, but no confidentiality.
That and about 2 dozen others that are WITH_NULL.
>
> Rene Struik wrote:
>> In general, an AEAD mode takes as input two strings a and m and a key k,
>> and authenticates a and m, while encrypting m. If m is the empty string,
>> this results in an authentication-only mode.
>>
>> Thus, AEAD modes can be used to provide suitable combinations of
>> authentication and/or encryption. Examples hereof include the GCM mode
>> and CCM mode.
> Now this seems to refer to an idea to provide only (initial) authentication,
> but no integrity protection of the actual application data (m).
Nope. AEAD ciphers provide integrity protection across the entire
message, plaintext and associated data. So if the message consists only
of associated data, that associated data data is still protected.
(m) and (a) together are the application data, not solely (m). (m) is
just the data to be encrypted.
Mike
>
> -Martin
>
>
- [TLS] Confirming Consensus on supporting only AEA… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Russ Housley
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Peter Gutmann
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] Confirming Consensus on supporting only… Watson Ladd
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Fedor Brunner
- Re: [TLS] Confirming Consensus on supporting only… Peter Gutmann
- Re: [TLS] Confirming Consensus on supporting only… Watson Ladd
- Re: [TLS] Confirming Consensus on supporting only… Peter Bowen
- Re: [TLS] Confirming Consensus on supporting only… Michael D'Errico
- Re: [TLS] Confirming Consensus on supporting only… Martin Thomson
- Re: [TLS] Confirming Consensus on supporting only… Ralph Holz
- Re: [TLS] Confirming Consensus on supporting only… Michael D'Errico
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] Confirming Consensus on supporting only… Michael StJohns
- Re: [TLS] Confirming Consensus on supporting only… Martin Rex
- Re: [TLS] Confirming Consensus on supporting only… Michael StJohns
- Re: [TLS] Confirming Consensus on supporting only… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Fedor Brunner
- [TLS] (offline note) Re: Confirming Consensus on … Rene Struik
- Re: [TLS] (offline note) Re: Confirming Consensus… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on supporting only… Michael StJohns
- Re: [TLS] (offline note) Re: Confirming Consensus… Martin Rex
- Re: [TLS] (offline note) Re: Confirming Consensus… Michael StJohns
- Re: [TLS] (offline note) Re: Confirming Consensus… Michael StJohns
- Re: [TLS] (offline note) Re: Confirming Consensus… Manuel Pégourié-Gonnard
- Re: [TLS] (offline note) Re: Confirming Consensus… Michael StJohns
- Re: [TLS] Confirming Consensus on supporting only… Manuel Pégourié-Gonnard
- Re: [TLS] Confirming Consensus on supporting only… Eric Rescorla
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Martin Thomson
- [TLS] [PATCH] Clean up removal of all non-AEAD mo… Daniel Kahn Gillmor
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Eric Rescorla
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Daniel Kahn Gillmor
- Re: [TLS] [PATCH] Clean up removal of all non-AEA… Eric Rescorla