Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Mon, 01 June 2015 12:53 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E3801AC529 for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 05:53:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdgzWdDhxV2E for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 05:53:05 -0700 (PDT)
Received: from emh01.mail.saunalahti.fi (emh01.mail.saunalahti.fi [62.142.5.107]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C286F1ACD35 for <tls@ietf.org>; Mon, 1 Jun 2015 05:53:04 -0700 (PDT)
Received: from LK-Perkele-VII (a91-155-194-207.elisa-laajakaista.fi [91.155.194.207]) by emh01.mail.saunalahti.fi (Postfix) with ESMTP id 4C617900DD; Mon, 1 Jun 2015 15:53:02 +0300 (EEST)
Date: Mon, 01 Jun 2015 15:53:02 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Aaron Zauner <azet@azet.org>
Message-ID: <20150601125302.GA19269@LK-Perkele-VII>
References: <556C4ACD.9040002@azet.org> <CABcZeBNsYmto4F-J0mFoxcq-qfL=NJrvDu67fyY9bpBmRp16mQ@mail.gmail.com> <556C51FC.807@azet.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <556C51FC.807@azet.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/bQl75pLYbisOg0ub9EsRL7uPjf4>
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 12:53:07 -0000
On Mon, Jun 01, 2015 at 02:37:16PM +0200, Aaron Zauner wrote: > Hi Ekr, > > Eric Rescorla wrote: > > On Mon, Jun 1, 2015 at 5:06 AM, Aaron Zauner <azet@azet.org > > <mailto:azet@azet.org>> wrote: > > > > * I'd also like to get rid of ECDSA ciphersuites alltogether, ideally > > leaving a few real-world, high-performance ciphersuites to use > > > > > > I don't understand this point: ECDSA cipher suites are the ones with the > > best performance at present. > > > > Firstly, as far as I know it's also quite difficult to get ECDSA > certificates in the wild. Has this changed significantly over the past > couple of months? Second - there's a current draft on EdDSA, which I'd > prefer over ECDSA, if somehow possible. I'm more about minimizing the > list of cipher-suites this draft introduces than to point out that I > dislike a particular signature schemes. Well, in TLS 1.2 (and editor's copy 1.3), one could maybe get away with just specifiying (EC)DHE_CERT ciphersuites, leaving certificate negotiation to extension. I think the current plan with EdDSA and related certficates are to reuse ECDSA codepoints, relying on extension (defined by RFC5246) to negotiate. With DH and ECDH codepoints, merging those is not possible in TLS 1.2. This is because DH would need parameters which don't exist for ECDH, and ECDH length field is insufficient for DH. Such merger could be possible for TLS 1.3, since DH has sufficient length field and does not require parameters not present for ECDH. -Ilari
- [TLS] AES-OCB in TLS [New Version Notification fo… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Eric Rescorla
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Eric Rescorla
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Ilari Liusvaara
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Hubert Kario
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Jeffrey Walton
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Peter Bowen
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Russ Housley
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Jeffrey Walton
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Yaron Sheffer
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Jeffrey Walton
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Daniel Kahn Gillmor
- [TLS] EDDSA/Curve25519 identifiers: Was Re: AES-O… Michael StJohns
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Michael Hamburg
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Daniel Kahn Gillmor
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Rob Stradling
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Michael Hamburg
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Gunnar Wolf
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Peter Gutmann
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Simon Josefsson
- Re: [TLS] EDDSA/Curve25519 identifiers: Was Re: A… Simon Josefsson
- Re: [TLS] EDDSA/Curve25519 identifiers: Was Re: A… Salz, Rich
- Re: [TLS] EDDSA/Curve25519 identifiers: Was Re: A… Peter Bowen
- Re: [TLS] EDDSA/Curve25519 identifiers: Was Re: A… Michael StJohns
- Re: [TLS] EDDSA/Curve25519 identifiers: Was Re: A… Nico Williams
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Matt Caswell