Re: [TLS] draft-mcgrew-aead-aes-cbc-hmac-sha2 can't be used as TLS 1.2 AEAD ciphers

"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Wed, 21 August 2013 18:57 UTC

Return-Path: <prvs=194521709e=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 894C021F9E48 for <tls@ietfa.amsl.com>; Wed, 21 Aug 2013 11:57:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.6
X-Spam-Level:
X-Spam-Status: No, score=-5.6 tagged_above=-999 required=5 tests=[AWL=0.998, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sddWmY7esX8t for <tls@ietfa.amsl.com>; Wed, 21 Aug 2013 11:57:05 -0700 (PDT)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id 431DE21F9E2B for <tls@ietf.org>; Wed, 21 Aug 2013 11:57:04 -0700 (PDT)
Received: from LLE2K7-HUB01.mitll.ad.local (LLE2K7-HUB01.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id r7LIv2l5013390; Wed, 21 Aug 2013 14:57:03 -0400
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: Adam Langley <agl@google.com>
Date: Wed, 21 Aug 2013 14:56:56 -0400
Thread-Topic: [TLS] draft-mcgrew-aead-aes-cbc-hmac-sha2 can't be used as TLS 1.2 AEAD ciphers
Thread-Index: Ac6eoDgmVOvo1bFiQ52LSyI2udyGSg==
Message-ID: <CE3A856E.105B1%uri@ll.mit.edu>
In-Reply-To: <CAL9PXLwHOaFU8kYQ+hqT+3J47yMXE4LxkG=GDyPdZFmfGQ+n-Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.6.130613
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3459941816_6204267"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-08-21_08:2013-08-21, 2013-08-21, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1308210139
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-mcgrew-aead-aes-cbc-hmac-sha2 can't be used as TLS 1.2 AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 18:57:10 -0000

On 8/21/13 14:02 , "Adam Langley" <agl@google.com> wrote:


>On Wed, Aug 21, 2013 at 1:49 PM, Wan-Teh Chang <wtc@google.com> wrote:
>> Is this a known problem with TLS 1.2 AEAD ciphers?
>
>I hit the same issue while planning to move OpenSSL's TLS CBC decoding
>into EVP (a lower-layer of OpenSSL). I couldn't figure out a way
>around it and gave up.

I personally would just use AES-GCM and be content. There's no reason
(AFAIK :) to use CBC-HMAC-SHA any more. ;)