Re: [TLS] New version of draft-ietf-tls-psk-new -mac-aes-gcm
"Mark Tillinghast" <Mark_Tillinghast@symantec.com> Fri, 26 September 2008 22:20 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 38FB43A6A8E; Fri, 26 Sep 2008 15:20:19 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7EB1A3A6A8E for <tls@core3.amsl.com>; Fri, 26 Sep 2008 15:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.697
X-Spam-Level:
X-Spam-Status: No, score=-5.697 tagged_above=-999 required=5 tests=[AWL=0.450, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVJgwdkadNoJ for <tls@core3.amsl.com>; Fri, 26 Sep 2008 15:20:16 -0700 (PDT)
Received: from extu-mxob-1.symantec.com (extu-mxob-1.symantec.com [216.10.194.28]) by core3.amsl.com (Postfix) with ESMTP id A00213A6A30 for <tls@ietf.org>; Fri, 26 Sep 2008 15:20:16 -0700 (PDT)
Received: from tus1opsmtapin01.ges.symantec.com (tus1opsmtapin01.ges.symantec.com [192.168.214.43]) by extu-mxob-1.symantec.com (8.14.1/8.14.1) with ESMTP id m8QMJpIJ014479 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 26 Sep 2008 15:19:51 -0700
Received: from reserved-155-64-230-19.ges.symantec.com ([155.64.230.19] helo=TUS1XCHECNPIN02.enterprise.veritas.com) by tus1opsmtapin01.ges.symantec.com with esmtp (Exim 4.67) (envelope-from <Mark_Tillinghast@symantec.com>) id 1KjLfD-0000ti-8l; Fri, 26 Sep 2008 15:19:51 -0700
Received: from TUS1XCHEVSPIN04.enterprise.veritas.com ([155.64.230.53]) by TUS1XCHECNPIN02.enterprise.veritas.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 26 Sep 2008 15:19:51 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Fri, 26 Sep 2008 15:19:42 -0700
Message-ID: <5FD537098FD21B439D882EEDD9299A233A4E54@TUS1XCHCLUPIN09.enterprise.veritas.com>
In-Reply-To: <53627.88.164.98.77.1222466018.squirrel@www.isima.fr>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] New version of draft-ietf-tls-psk-new -mac-aes-gcm
thread-index: AckgInfN+nlkPiBnTNGB/Q+2XFI08wAA0UiA
References: <mailman.81.1222455607.10569.tls@ietf.org> <5FD537098FD21B439D882EEDD9299A233B2666@TUS1XCHCLUPIN09.enterprise.veritas.com> <53627.88.164.98.77.1222466018.squirrel@www.isima.fr>
From: Mark Tillinghast <Mark_Tillinghast@symantec.com>
To: badra@isima.fr
X-OriginalArrivalTime: 26 Sep 2008 22:19:51.0156 (UTC) FILETIME=[FE726B40:01C92025]
Cc: tls@ietf.org
Subject: Re: [TLS] New version of draft-ietf-tls-psk-new -mac-aes-gcm
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
I am good with 4 Security Considerations amendments. That was exactly what I was hoping for. Thanks Mark -----Original Message----- From: badra@isima.fr [mailto:badra@isima.fr] Sent: Friday, September 26, 2008 2:54 PM To: Mark Tillinghast Cc: tls@ietf.org Subject: Re: [TLS] New version of draft-ietf-tls-psk-new -mac-aes-gcm Dear Mark, Thank you for your comments. > Regarding > http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-new-mac-aes-gcm-0 > 3.txt > > 1. Please Replace: > Due to recent analytic work on SHA-1 [Wang05], the IETF > is gradually moving away from SHA-1 and towards stronger hash > algorithms. > > with: > Due to recent analytic work on SHA-1 [Wang05], the IETF > is moving away from SHA-1 and towards stronger hash > algorithms. OK > 2. I think it would be good to see some comment in the 4. security > considerations regarding NULL_SHA384 NULL_SHA256. What about adopting the same text of RFC 4785: OLD: The security considerations in [RFC4279], [RFC4758] and [RFC5288] apply to this document as well. In addition, as described in [RFC5288], these cipher suites may only be used with TLS 1.2 or greater. NEW: The security considerations in [RFC4279], [RFC4758] and [RFC5288] apply to this document as well. In particular, as authentication-only ciphersuites (with no encryption) defined here do not support confidentiality, care should be taken not to send sensitive information (such as passwords) over connections protected with one of the ciphersuites with NULL encryption defined in this document. As described in [RFC5288], the cipher suites defined in this document may only be used with TLS 1.2 or greater. > Thanks, > Mark Best regards, Badra _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls