Re: [TLS] WGLC for draft-ietf-tls-ecdhe-psk-aead
Martin Thomson <martin.thomson@gmail.com> Wed, 21 December 2016 01:24 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19EBE129BBD for <tls@ietfa.amsl.com>; Tue, 20 Dec 2016 17:24:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vwe7TnQSwufB for <tls@ietfa.amsl.com>; Tue, 20 Dec 2016 17:24:55 -0800 (PST)
Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEF9F129BA4 for <tls@ietf.org>; Tue, 20 Dec 2016 17:24:54 -0800 (PST)
Received: by mail-qt0-x232.google.com with SMTP id c47so193414466qtc.2 for <tls@ietf.org>; Tue, 20 Dec 2016 17:24:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rTrGh+Segh2THiXH1jpJZebWoJv5bTatXJv1yRcx3rU=; b=I0HfAeQZv5hV60siazPw7oqzsPX5tSRZ/w1ZKHyKZFAEjjtVO5/x9LWf2XCvmxRegN Uo8hLweaMiiHkmfSgKlrRCpOFrhqLLzgIC2vtuCVc4f1AbrO0ZLgm7mYawJdBP3bNoWR kHuwQYuZU8mVNiaWmBQ2iyV4VQglgk4X63m5UMBgUWeg/h2lc1eyNCbqsbYdz89BFE/X xfWStP6jibCMdlCzfIHDptvf9F8CjGvSGog+pGGQOkTLPTez0t2YynVUiYJsuAKrcF68 9oVWItGSFv7rmrpZGGLiYg79US11hSYXHJLVcVLHwo94lCKbjiWotPGsigLlO9JzO4zC lfUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rTrGh+Segh2THiXH1jpJZebWoJv5bTatXJv1yRcx3rU=; b=nBb6uJ5EvRZdpMaMHVybQqN+zzZyPB+KZ9ruwkOfOrGkbgs2HTf2CsUkjPyAVZ3Is7 cgyPkpsxfrJXBjk1KuxJskSkXw9mRgQU2edgRMBT6mnJLeMOLL376OKmA/VQgqZ5yk2T anx4B7ul+ky9eDd0h0RIq/bF6Kj+F1gNg24S1CGeOszvbVp3d2w2VOxDAdgR4OFN9p/S YLlCUymRuVU9CLmTBQlUibXwbcJxjUY3EnLA5NCK45+ke4xvGvjzlyCgcppOl1JWGmkP C4T5B5bMXXvhK/9wO136W0O4aGRWw1icKrnf+drLls3Ij/Bc54Zuv0/6aag9L88ZIhSj Bp1Q==
X-Gm-Message-State: AIkVDXJwG7+G309sPImeDtdYR9gAH1Ssq3l2wLPlYHdkIoH5iuXB+3cahZ8ZnJBLFbOAOdSCghP9NYwoU2F8MA==
X-Received: by 10.237.44.161 with SMTP id g30mr2412445qtd.144.1482283494105; Tue, 20 Dec 2016 17:24:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.38.233 with HTTP; Tue, 20 Dec 2016 17:24:53 -0800 (PST)
In-Reply-To: <4E4365B2-FE35-4294-8C43-F7EA88AEC313@vigilsec.com>
References: <13231BFA-5D9B-4706-A7D8-F6697631F625@sn3rd.com> <4E4365B2-FE35-4294-8C43-F7EA88AEC313@vigilsec.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 21 Dec 2016 12:24:53 +1100
Message-ID: <CABkgnnWVL6aCAAyRMxG4JQO9FgQLc2P8Jyqxv3zsQ=9ZGwSNGg@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/de5JM_E2jXw-PuXd02AvlJJagEI>
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ecdhe-psk-aead
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Dec 2016 01:24:56 -0000
On 21 December 2016 at 01:45, Russ Housley <housley@vigilsec.com> wrote: > I am curious about the choice of hash function for TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA256. All of the other AES-256 ciphersuites defined in this document that use SHA-384. Why does the one with a truncated authentication tag use SHA-256? I would go further than Russ and challenge the value of the ciphersuite entirely. Though I think that we've already discussed this before, several times. For some reason I can't remember ever having had my mind changed on this point, though I think John pointed at the larger key size having some advantage with respect to (mumble), even if you aren't concerned about active forgery.
- [TLS] WGLC for draft-ietf-tls-ecdhe-psk-aead Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-ecdhe-psk-aead Russ Housley
- Re: [TLS] WGLC for draft-ietf-tls-ecdhe-psk-aead Martin Thomson