Re: [TLS] Consensus Call on MTI Algorithms

Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 02 April 2015 12:52 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 790491A8A12 for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 05:52:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mCabyJPPVs6i for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 05:52:40 -0700 (PDT)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A47861A1B87 for <tls@ietf.org>; Thu, 2 Apr 2015 05:52:39 -0700 (PDT)
Received: by wgdm6 with SMTP id m6so84381692wgd.2 for <tls@ietf.org>; Thu, 02 Apr 2015 05:52:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=Q+ASa5Rd6ZVjdgjFBaOAZIPcPnNy9FTyynynBBFbbQE=; b=DNMUeadMN5gG8ge1mDIo4tzQ7bUlF72uYudXnKyYv3bRUCsQcR0ffZm214zrKKDjKK WilG4wQduf8LCEa3khi2ASMopqSBoUZNEkHk+MGkt2gyCdYtAGEIBOHU7ePJNZGIUC+D XrJCP229rq7P9Y6dc08Zuc8GDmpeyRZSFB1kuiIwpUnsXfg4N1DmwlR5KalA6kUidSf4 T3mAPshyFyQ/rTH5B27cMs4zge8ZKDIS3yU0ZIqGyiagIYhjSEKHVCew4VAM67KkDhFN gUEZPIyn9CQ+J63hnIc1eM1lyRw3Flc2K+pSiKAwwFWzo4t6Rkm3YZtco9GpopYx3+EH +Emg==
X-Received: by 10.180.73.9 with SMTP id h9mr24130003wiv.63.1427979158421; Thu, 02 Apr 2015 05:52:38 -0700 (PDT)
Received: from [10.32.181.183] ([37.205.56.247]) by mx.google.com with ESMTPSA id jt8sm29912582wid.4.2015.04.02.05.52.37 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Apr 2015 05:52:37 -0700 (PDT)
Message-ID: <551D3B94.7070100@gmail.com>
Date: Thu, 02 Apr 2015 05:52:36 -0700
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Martin Thomson <martin.thomson@gmail.com>
References: <CAOgPGoBk+E=cNV1ufBaQ0n7=CJQ34zukPixKCEdpmMLBX=Kg_w@mail.gmail.com> <4EAF777A-0F04-400D-BFCA-AA1F13526770@gmail.com> <551C9170.8050708@gmail.com> <CABkgnnXAUnM6hy0mom5398RP9wJJwxxBxyuqUvdMG-PFAM+F7g@mail.gmail.com> <551D2D06.6000603@gmail.com> <551D3A87.5060801@cs.tcd.ie>
In-Reply-To: <551D3A87.5060801@cs.tcd.ie>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/dqm4XEs20FyN6QteJd861HiIHHk>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Consensus Call on MTI Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 12:52:41 -0000


On 04/02/2015 05:48 AM, Stephen Farrell wrote:
>
>
> On 02/04/15 12:50, Yaron Sheffer wrote:
>>> On 1 April 2015 at 17:46, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:
>>>> AES-256-GCM and SHA-384. Doesn't it make sense to have them as SHOULD,
>>>
>>> I don't see much point.  All involved likely know if they need
>>> something that strong, which is way down there in the "we might need
>>> it someday" category [1].
>>>
>>> [1] http://www.keylength.com/en/3/
>>>
>>
>> The TLS BCP is IETF consensus, not just one person's opinion. If people
>> deploy stuff based on our recommendations, we should ensure that it is
>> still available to them when they migrate to TLS 1.3.
>
> But isn't it likely we revise the TLS BCP once TLS1.3 is done and
> implementations start to become common? We can make sure things
> all add up at that point in time, and are in-whack with what people
> are deploying, but we don't necessarily need to do so now I think.
>

It entirely likely. But even then, I am not sure we'll be able to 
convince people who went to AES-256 (presumably, for "compliance" 
reasons) to move to ChaCha. And certainly not to AES-128...