Re: [TLS] Consensus Call on MTI Algorithms

James Cloos <cloos@jhcloos.com> Thu, 02 April 2015 22:23 UTC

Return-Path: <cloos@jhcloos.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9BA01A7028 for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 15:23:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C2nARZL2LarC for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 15:23:08 -0700 (PDT)
Received: from ore.jhcloos.com (ore.jhcloos.com [198.147.23.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FFF81A1BF8 for <tls@ietf.org>; Thu, 2 Apr 2015 15:23:08 -0700 (PDT)
Received: by ore.jhcloos.com (Postfix, from userid 10) id 77C211EF73; Thu, 2 Apr 2015 22:23:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore14; t=1428013387; bh=Gdnn+5cx12zwF59wONkW7H1Hnis3mS3orJaIi4j96HE=; h=From:To:Subject:In-Reply-To:References:Date:From; b=OaUbXiRKhOrXi3NauWrfS5LFANSX8jwI9hG5KqsEi5pBoYowoVeAdTuP2Kc5LIy6u bJ3g+nZyGqz60u7sNSWB+/cOkScI82rlW/Ju6e2hLa4AnBkn9suIm+CT2SKnK8gubP f6aC3prSZtoLPhieSHCT4JqGqj69IAjL6XwKftrU=
Received: by carbon.jhcloos.org (Postfix, from userid 500) id 95B32106FD882; Thu, 2 Apr 2015 22:22:59 +0000 (UTC)
From: James Cloos <cloos@jhcloos.com>
To: tls@ietf.org
In-Reply-To: <20150402191657.43cd35ee@pc1.fritz.box> ("Hanno =?iso-8859-1?Q?B=F6ck=22's?= message of "Thu, 2 Apr 2015 19:16:57 +0200")
References: <CAOgPGoBk+E=cNV1ufBaQ0n7=CJQ34zukPixKCEdpmMLBX=Kg_w@mail.gmail.com> <20150402191657.43cd35ee@pc1.fritz.box>
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Copyright: Copyright 2015 James Cloos
OpenPGP: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc
OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
Date: Thu, 02 Apr 2015 18:22:59 -0400
Message-ID: <m3lhiacgqk.fsf@carbon.jhcloos.org>
Lines: 12
MIME-Version: 1.0
Content-Type: text/plain
X-Hashcash: 1:28:150402:tls@ietf.org::IUm8TXqDAdM5M78i:00001J4o5
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/jMczlwsCbg5hICQqW0HpmSW6nxw>
Subject: Re: [TLS] Consensus Call on MTI Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 22:23:10 -0000

For symmetric, chacha20-poly1305 ought to be MUST, and the MUST AES
should be at (about) the same security level, ie AES256.

Even on slow hardware the speed difference between aes128 and aes256 is
not enough to make 128 mandatory and 256 optional, rather than vice-versa.

On a pi b+, openssl's implementation of 256 is about 7/8ths as fast as 128.

-JimC
-- 
James Cloos <cloos@jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6