IETF Logo Mail Archive

Re: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate

EKR <ekr@networkresonance.com> Sun, 19 November 2006 22:07 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GluoZ-0006ON-3E; Sun, 19 Nov 2006 17:07:03 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GluoX-0006OI-Fh for tls@ietf.org; Sun, 19 Nov 2006 17:07:01 -0500
Received: from c-69-181-78-47.hsd1.ca.comcast.net ([69.181.78.47] helo=delta.rtfm.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GluoW-0003KZ-6w for tls@ietf.org; Sun, 19 Nov 2006 17:07:01 -0500
Received: by delta.rtfm.com (Postfix, from userid 1001) id A0B1C1CC24; Sun, 19 Nov 2006 14:06:29 -0800 (PST)
To: Peter Williams <home_pw@msn.com>
Subject: Re: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
References: <BAY103-W425006445E9C98E58DDC792EE0@phx.gbl>
From: EKR <ekr@networkresonance.com>
Date: Sun, 19 Nov 2006 14:06:29 -0800
In-Reply-To: <BAY103-W425006445E9C98E58DDC792EE0@phx.gbl> (Peter Williams's message of "Sun, 19 Nov 2006 13:45:53 -0800")
Message-ID: <86ac2nrt0a.fsf@delta.rtfm.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Peter:

1. TLS has always included NULL cipher suites. They are in RFC 2246.
2. The IESG has already approved this document. It's in the 
   RFC Editor queue.
3. I think the current security considerations text is clear and 
   yours doesn't seem to to substantially improve matters.

-Ekr


Peter Williams <home_pw@msn.com> writes:

> FINANCIAL DATA PROTECTION caveat , in INTEL null confidentiality scheme
> Im going to assume that Intel is only sponsoring this for "quality" PSK environments.. perhaps by supporting integration with TPM cores in Intel CPUs, which support external key fill, and thus support PSK by providing hardware-based external key management for TLS-PSK-based confidentiality services.
>  
> Perhaps, we can cut a deal. Change the text in the draft, security sections. 
>  
> There is a example disclaimer...which says something like "be advised: dont use this technique for sensitive information exchange. E.g. passwords". 
>  
> Change the example list to include specific financial account types: i) creditcard numbers, ii) bankaccount numbers, or iii) other Personal Identifying Financial Information
> As it stands, the goals of Intel as stated in the email (presumably addressing a few repressive regimes that want confidentiality - for any purpose - to be lowered to less than 40bit encryption (despite 40 bit encryption being shown even 10 years ago to be compromised in 3h, using a bit of brute-forcing commodity equipment!) ) is not compatible with the security section - which indicates that the technique is not appropriate for "sensitive information exchange". That incongruity aside, we can address my objection by listing - as inappropirate - those financial data -related account data types that I enumerate. 
>  
> Deal? 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.31.3 | Report a Bug | By Email | System Status