Re: [TLS] Last Call: <draft-kanno-tls-camellia-00.txt> (Additionx
Nikos Mavrogiannopoulos <nmav@gnutls.org> Wed, 09 March 2011 09:09 UTC
Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B73FF3A67E2; Wed, 9 Mar 2011 01:09:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hNySRtlgRbmD; Wed, 9 Mar 2011 01:09:01 -0800 (PST)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by core3.amsl.com (Postfix) with ESMTP id 996243A68AA; Wed, 9 Mar 2011 01:09:01 -0800 (PST)
Received: by qwh6 with SMTP id 6so264730qwh.31 for <multiple recipients>; Wed, 09 Mar 2011 01:10:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=u1YJUSG2BuVPmlpq/vov+F4/pDlk7+GRASuZ+1Esc9k=; b=VCNPUpEIWYPc72YpUX/T5upxHQfpEBx+CKr1SWQPMAEN/+CaYfya63LYV5nI6t9ur9 1VGDxTqsVT3RNXxQ1Arowybk3M6kjPaYgnlwFVHSgNXEeLovQz1wDrKeNc6DMXdciMK7 cZMBu53o6dAKEPXDM24dZN+QDaJ+cm5mMV0Yg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=PoUSS1/+GKCPxTnzeCpktH1qlO2j9NkQo8kDCQXLwbnIeSFAm1wwcHPmh8s8L/55ao 52H1B527h/E6TlVZpBMWjs5RaNajfV2Y9J2rft1g7yBsoViplI/WJUPUiaqYmUdAikQ7 Wy1Rm1uFGQ5Hz7YRlUMUvlYCk8O/RdEIAgHtY=
MIME-Version: 1.0
Received: by 10.229.79.196 with SMTP id q4mr4933161qck.132.1299661817309; Wed, 09 Mar 2011 01:10:17 -0800 (PST)
Sender: n.mavrogiannopoulos@gmail.com
Received: by 10.229.20.71 with HTTP; Wed, 9 Mar 2011 01:10:17 -0800 (PST)
In-Reply-To: <AANLkTim=g981ne+Y-ZdgATdimRmgfjyM81YEuPAhyhCV@mail.gmail.com>
References: <AANLkTik07Zte5ERfG_+GHd_ag9o3UguzCE6gEzjnSHKe@mail.gmail.com> <201103081845.p28IjCY0007292@fs4113.wdf.sap.corp> <AANLkTim=g981ne+Y-ZdgATdimRmgfjyM81YEuPAhyhCV@mail.gmail.com>
Date: Wed, 09 Mar 2011 10:10:17 +0100
X-Google-Sender-Auth: ubB3Ve5dc5xJjvtQg1gPbYsz8rE
Message-ID: <AANLkTimJzVoobdBTLEKbBdm2SLMaoRC3XLKQxXDZZ7tQ@mail.gmail.com>
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Cc: tls@ietf.org, ietf@ietf.org
Subject: Re: [TLS] Last Call: <draft-kanno-tls-camellia-00.txt> (Additionx
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 09:09:03 -0000
On Tue, Mar 8, 2011 at 7:51 PM, Eric Rescorla <ekr@rtfm.com> wrote: >>> Perhaps, but this isn't a digest but rather a MAC, and so the attack >>> model is different. >> You seem to be forgetting that the finished messages have been reused >> for other purposes already: > No, I'm not forgetting that. That doesn't change the fact that the > computation is > a MAC. I'm not a specialist in MAC algorithms but by checking the ECRYPT II[0] report of 2009-2010, I can try making some points. A MAC has a security level that depends on the size of the MAC and the size of the key. That is a 12-byte MAC has security level of MIN(2^{key_size}, 2^{96}) [1], irrespective of the key size used. As I understand the addition of SHA-384 as PRF was to increase the security margin of TLS comparing to the SHA-1 PRF. This is not occuring now because a MAC based on algorithm that returns 384-bits and truncates it to 96 can offer nothing more than an algorithm that outputs 160 bits and are trucated to 96. Hence there is no significant difference than SHA-1 or SHA-384 in that case, so why define SHA-384 anyway? For me the ciphersuites defined in TLS should have a uniform security level. I.E. why use AES-256 with security level of 2^256 but use a MAC for a handshake of 2^96 bits? regards, Nikos [0]. http://www.ecrypt.eu.org/documents/D.SPA.13.pdf [1]. For an HMAC the square root of the internal state of the hash algorithm is also affecting the security level.
- [TLS] Last Call: <draft-kanno-tls-camellia-00.txt… The IESG
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Satoru Kanno
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Sean Turner
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Marsh Ray
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Marsh Ray
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Marsh Ray
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Hovav Shacham
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Marsh Ray
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Marsh Ray
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Hovav Shacham
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Peter Gutmann
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Peter Gutmann
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Peter Gutmann
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Yoav Nir
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Peter Gutmann
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Stephen Kent
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Eric Rescorla
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Stephen Kent
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Martin Rex
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Marsh Ray
- Re: [TLS] Last Call: <draft-kanno-tls-camellia-00… Nikos Mavrogiannopoulos