Re: [TLS] draft-mcgrew-tls-aes-ccm-ecc-00 (again)

Juho Vähä-Herttua <juhovh@iki.fi> Thu, 06 January 2011 14:50 UTC

Return-Path: <juhovh@iki.fi>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D1B2C3A6F16 for <tls@core3.amsl.com>; Thu, 6 Jan 2011 06:50:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.962
X-Spam-Level:
X-Spam-Status: No, score=-0.962 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, SARE_HELO_EQ_DSL_3=1.022, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iDkkRV4WUKZl for <tls@core3.amsl.com>; Thu, 6 Jan 2011 06:50:49 -0800 (PST)
Received: from jenni2.inet.fi (mta-out.inet.fi [195.156.147.13]) by core3.amsl.com (Postfix) with ESMTP id 8D4733A6F02 for <tls@ietf.org>; Thu, 6 Jan 2011 06:50:48 -0800 (PST)
Received: from smtp.vaha-herttua.fi (88.192.241.223) by jenni2.inet.fi (8.5.133) id 4D061FFC00C6AE72; Thu, 6 Jan 2011 16:52:53 +0200
Received: from dsl-hkibrasgw3-ffffc000-19.dhcp.inet.fi (dsl-hkibrasgw3-ffffc000-19.dhcp.inet.fi [88.192.255.19]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.vaha-herttua.fi (Postfix) with ESMTPSA id A52281FCFE; Thu, 6 Jan 2011 16:52:57 +0200 (EET)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: multipart/signed; boundary=Apple-Mail-1-338275942; protocol="application/pkcs7-signature"; micalg=sha1
From: =?iso-8859-1?Q?Juho_V=E4h=E4-Herttua?= <juhovh@iki.fi>
In-Reply-To: <008d01cbadaf$2de31550$89a93ff0$@sturek@att.net>
Date: Thu, 6 Jan 2011 16:52:51 +0200
Message-Id: <BBB467C5-5FF5-4B73-84CF-3831281D08A4@iki.fi>
References: <008d01cbadaf$2de31550$89a93ff0$@sturek@att.net>
To: tls@ietf.org
X-Mailer: Apple Mail (2.1082)
Subject: Re: [TLS] draft-mcgrew-tls-aes-ccm-ecc-00 (again)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jan 2011 14:50:51 -0000

On 6.1.2011, at 16.36, Don Sturek wrote:
> I wanted to bring up the draft presented by David McGrew last July (in Maastricht) one more time.  The draft (now expired I think) is  "AES-CCM ECC Cipher Suites for TLS", draft-mcgrew-tls-aes-ccm- ecc-00.
>  
> I know there was a thread last summer on this.  I am part of the ZigBee Alliance implementing TLS for an IEEE 802.15.4 application.   We would like the TLS group to consider (or maybe re-consider though I never saw any formal disposition of this on the reflector) the use of David’s draft for IEEE 802.15.4 networks.

The discussion thread can be seen in http://www.ietf.org/mail-archive/web/tls/current/msg06716.html and the main problems are pretty much mentioned in the later post http://www.ietf.org/mail-archive/web/tls/current/msg06761.html

Basically the proposed draft should probably be divided into smaller parts. One part would define the AES-CCM cipher suites in a way that would be interoperable with existing TLS cipher suites. Another part would describe the use of TLS and AES-CCM in IEEE 802.15.4 networks, including forbidding the use of other than ECDSA certificates and forbidding the elliptic_curves and ec_point_formats extension.

> I think CCM is a common cipher suite for IEEE802 and this draft matches what is specified in IEEE (and implemented in hardware in millions of devices).

From what I can tell, the draft was not interoperable with existing cipher suites for no apparent reason (other than that's how ZigBee uses it). But if that can be fixed then there should be no problem including AES-CCM in TLS.


Juho