Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
Aaron Zauner <azet@azet.org> Mon, 01 June 2015 16:23 UTC
Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9780F1B2C00 for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 09:23:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NTWHYAFlHyAJ for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 09:23:56 -0700 (PDT)
Received: from mail-wg0-f43.google.com (mail-wg0-f43.google.com [74.125.82.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBD6E1A015F for <tls@ietf.org>; Mon, 1 Jun 2015 09:23:28 -0700 (PDT)
Received: by wgme6 with SMTP id e6so119026774wgm.2 for <tls@ietf.org>; Mon, 01 Jun 2015 09:23:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=a7Gpk4TqqnVF00ddWnFuDz39PISwx0lC0KVMDjez1Gs=; b=UdMrxv4cEX6d7QtWSDvEwMrhQYKXTzpA+/D/uTQ37YYqgFIVk1TgoBsN3ItLUctlRw nMGGUqB4NYNgN1O9LLj8vADaIq8NumXafdSmc7rTu5qvluSzC/Sf0achHcZ8s6lj1UNJ b9gfulLx5/4dMmaU31bZiCuJmblcHFdnwsbUXPs0QIqFPMsRYWyQcVfHbuPkbxSI7X+y n44tK/o6uA0R0QCQzNINZ4Nx4x3PjWz6t4FMC72lqfSwDF4TQazLpwMen3b069rJdoPG 04JMq+uuRI89TgOo9d4N4JNnYQUSL+G2EB8d2TCmYcW45f5Cs4RGMHz3nTpHzulAaYT0 hwWQ==
X-Gm-Message-State: ALoCoQlPAOE4vxRxPMy/gU8iEtDJ0b7TJf1U6yP4a6SNp3p28YnvcJX5NQ+cNNvAl46ESZNMOSN/
X-Received: by 10.180.211.196 with SMTP id ne4mr11178719wic.23.1433175807716; Mon, 01 Jun 2015 09:23:27 -0700 (PDT)
Received: from [10.0.0.142] (chello080108032135.14.11.univie.teleweb.at. [80.108.32.135]) by mx.google.com with ESMTPSA id k2sm17396548wix.4.2015.06.01.09.23.25 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 01 Jun 2015 09:23:26 -0700 (PDT)
Message-ID: <556C86FA.3000901@azet.org>
Date: Mon, 01 Jun 2015 18:23:22 +0200
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Peter Bowen <pzbowen@gmail.com>
References: <556C4ACD.9040002@azet.org> <CABcZeBNsYmto4F-J0mFoxcq-qfL=NJrvDu67fyY9bpBmRp16mQ@mail.gmail.com> <556C51FC.807@azet.org> <5878037.eTrqDl0Ll5@pintsize.usersys.redhat.com> <556C5881.4080902@azet.org> <CAH8yC8nCCNF9B72yNgM-hOkCYJrc2ZU0PmpeBrnbknKO92OZtA@mail.gmail.com> <556C8320.2010705@azet.org> <CAK6vND9MoyWVnitb5CDZzF_RoChbQJt-b5ue+WhXHHvHmsxJLQ@mail.gmail.com>
In-Reply-To: <CAK6vND9MoyWVnitb5CDZzF_RoChbQJt-b5ue+WhXHHvHmsxJLQ@mail.gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig2CF0548FCBE49F65B449E3B8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/eRvLKf6j5QUHAxaNKWkOVPY8K24>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 16:23:57 -0000
Peter Bowen wrote: > On Mon, Jun 1, 2015 at 9:06 AM, Aaron Zauner <azet@azet.org> wrote: >> I agree, but am unsure to what extent they are used in real life. I'm >> trying to reduce the number of cipher-suites that would have to be added >> to the IANA TLS parameter list; since PSK is unsupported with GCM >> cipher-suites it seems only logical to exclude them here as well. > > Some TLS implementations (notably BoringSSL) have ended up assigning > non-standard ciphersuites ECDHE+PSK+AES-GCM for this very reason. I > think the lack of this combination is more of an oversight than > anything. > Unsure if RFC5478 got introduced after the fact, but this document seems to be the one defining those cipher-suites. In addition it defines PSK cipher-suites in CBC-mode using SHA256+. https://tools.ietf.org/html/rfc5487 This is all quite confusing and spread over a lot of different documents. PSK in CBC-mode (with < SHA256) for example is a different document (RFC4279). I'll leave it up to long-time TLS-WG members to decide where these PSK cipher-suites /would/ fit best. I'm not sure that this document is the right place -- but that's only because, in the past, PSK cipher-suite were dealt with exclusively in separate documents as it seems. Aaron
- [TLS] AES-OCB in TLS [New Version Notification fo… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Eric Rescorla
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Eric Rescorla
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Ilari Liusvaara
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Hubert Kario
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Jeffrey Walton
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Peter Bowen
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Russ Housley
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Jeffrey Walton
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Yaron Sheffer
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Jeffrey Walton
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Daniel Kahn Gillmor
- [TLS] EDDSA/Curve25519 identifiers: Was Re: AES-O… Michael StJohns
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Michael Hamburg
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Daniel Kahn Gillmor
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Rob Stradling
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Michael Hamburg
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Gunnar Wolf
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Peter Gutmann
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Simon Josefsson
- Re: [TLS] EDDSA/Curve25519 identifiers: Was Re: A… Simon Josefsson
- Re: [TLS] EDDSA/Curve25519 identifiers: Was Re: A… Salz, Rich
- Re: [TLS] EDDSA/Curve25519 identifiers: Was Re: A… Peter Bowen
- Re: [TLS] EDDSA/Curve25519 identifiers: Was Re: A… Michael StJohns
- Re: [TLS] EDDSA/Curve25519 identifiers: Was Re: A… Nico Williams
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Aaron Zauner
- Re: [TLS] AES-OCB in TLS [New Version Notificatio… Matt Caswell