Re: [TLS] Inclusion of OCB mode in TLS 1.3
Aaron Zauner <azet@azet.org> Wed, 21 January 2015 17:20 UTC
Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CB891A1B37 for <tls@ietfa.amsl.com>; Wed, 21 Jan 2015 09:20:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_64=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4pEveqCHF21u for <tls@ietfa.amsl.com>; Wed, 21 Jan 2015 09:20:20 -0800 (PST)
Received: from mail-we0-f174.google.com (mail-we0-f174.google.com [74.125.82.174]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50A441A1B2F for <tls@ietf.org>; Wed, 21 Jan 2015 09:20:20 -0800 (PST)
Received: by mail-we0-f174.google.com with SMTP id x3so10844366wes.5 for <tls@ietf.org>; Wed, 21 Jan 2015 09:20:19 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=whB88E2uWbQ/7MEZS+GlyLuONsc7+NQL77pJ4hKz0vw=; b=lBRqQCZpNWpohUGcvPf1tvObJZbxkrSjxBlkFGWEaYGw3XKna7gjqq++CXd5qeyEy/ pobeDQ9VcBDoUOg3QbMwM7SJeKdNQ4gwhGORLuPAA6dP8m4n35OeDd/Z75VtHM3+2HmZ LfRLOwEE609oieOzeUI5KdNUi4JHTNaEE1NqljFU6ibHWuv7NMh3RFl4v/3hUfpZ+91c pVU0PSHcrpgkCOBIZ6E/wKSJyVLBa3XIIYY4gbE0yDo8gs5woIJiVGdRD0EUovSyBBVj 1/vvhhKw8Ay52i1oLo7aQC/c+P+CUPeBHP5ytDVqVbgsE4DQQZoyqqX884ULSaYs1Juf ihEA==
X-Gm-Message-State: ALoCoQmmgbM2W6mnFAzPS+LaAttEuXhW+NxuiLo+qtpQWGwmpgKIbLD2z81Qon9sZInPYYM98VVA
X-Received: by 10.180.74.147 with SMTP id t19mr21885276wiv.6.1421860819086; Wed, 21 Jan 2015 09:20:19 -0800 (PST)
Received: from [172.16.1.132] ([188.21.236.102]) by mx.google.com with ESMTPSA id cx3sm8099170wib.10.2015.01.21.09.20.17 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 21 Jan 2015 09:20:18 -0800 (PST)
Message-ID: <54BFDFD0.2050801@azet.org>
Date: Wed, 21 Jan 2015 18:20:16 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <20150120191819.GA8165@typhoon.azet.org> <20150120193412.GA10140@typhoon.azet.org> <CABkgnnWSNtREGMYoT9nL9WWas5TZGqnW=qEcg9h_WvzMr8U8KQ@mail.gmail.com> <20150120225335.GA871@typhoon.azet.org> <CABkgnnWbFciZD=ja2bD+tZfFnniWWm=5zH5kL1x_UQEa4rbQ8w@mail.gmail.com> <20150121004704.GA15203@typhoon.azet.org> <54BFC326.4010302@azet.org> <CABcZeBMcsr7bnw8UmxesWC5fdiV==ZgfqoTYa-AmBmX6v5mKpw@mail.gmail.com> <20150121165008.GQ2350@localhost> <54BFDAD1.6050403@azet.org> <20150121170922.GS2350@localhost>
In-Reply-To: <20150121170922.GS2350@localhost>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enigE3D86AC9621E8A98A8FA3001"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/jfTZY1oqiEibzU_cHqHlw8Tl1-c>
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] Inclusion of OCB mode in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2015 17:20:23 -0000
Nico Williams wrote: > Sure, but why not just deprecate/remove non-ECDH ciphersuites and be done? That'd be the best option, I agree. But Nikos pointed out that people might still want PSK without diffie-hellman at all for confined environments/embedded. Otherwise I wouldn't have put it in there in the first place. I'm happy to remove these ciphersuites if there's consensus. > Negotiate key exchange, server authentication, PRF, hash, and > cipher+mode separately. (Cipher and mode go together, as not every mode > makes sense for every cipher, but key exchange should have no relation > to the choice of cipher+mode.) Key exchange and server authentication > are closely tied in some cases (e.g., RSA key transport), but that's not > a problem (SSHv2 managed). Sounds like a plan. But more like something for the TLS spec than this ID, right? RSA as key transport doesn't concern this ID anyway. And AFAIK it's going deprecated with TLS 1.3 because of security concerns. I've even explicitly stated it in the security considerations section of my ID. Aaron
- [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Russ Housley
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Watson Ladd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Paul Lambert
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Stephen Farrell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Viktor Dukhovni
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Brian Smith
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jacob Appelbaum
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Joachim Strömbergson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Eric Rescorla
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] Inclusion of OCB mode in TLS 1.3 Phillip Rogaway
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Manuel Pégourié-Gonnard
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Alex Elsayed
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Eric Rescorla
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Watson Ladd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Henrik Grubbström
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Dmitry Belyavsky
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] GOST in TLS (Re: Inclusion of OCB mode in T… Martin Rex
- Re: [TLS] GOST in TLS (Re: Inclusion of OCB mode … Dmitry Belyavsky
- Re: [TLS] GOST in TLS (Re: Inclusion of OCB mode … Martin Rex
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] PSK [was: Re: Inclusion of OCB mode in TLS … Daniel Kahn Gillmor
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Roland Zink
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner