Re: [TLS] Issue 56: AES as MTI
Russ Housley <housley@vigilsec.com> Thu, 13 September 2007 14:59 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVqAV-0006u9-5S; Thu, 13 Sep 2007 10:59:47 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVqAS-0006u0-Cg for tls@ietf.org; Thu, 13 Sep 2007 10:59:44 -0400
Received: from woodstock.binhost.com ([66.150.120.2]) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1IVqAS-0007g3-2n for tls@ietf.org; Thu, 13 Sep 2007 10:59:44 -0400
Received: (qmail 10557 invoked by uid 0); 13 Sep 2007 14:59:39 -0000
Received: from unknown (HELO THINKPADR52.vigilsec.com) (96.231.48.203) by woodstock.binhost.com with SMTP; 13 Sep 2007 14:59:39 -0000
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Thu, 13 Sep 2007 10:31:23 -0400
To: Eric Rescorla <ekr@networkresonance.com>, tls@ietf.org
From: Russ Housley <housley@vigilsec.com>
Subject: Re: [TLS] Issue 56: AES as MTI
In-Reply-To: <20070912231150.ED1D533C21@delta.rtfm.com>
References: <20070912231150.ED1D533C21@delta.rtfm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Message-Id: <E1IVqAV-0006u9-5S@megatron.ietf.org>
I support this suggestion. S/MIME just made the transition from 3DES to AES as the mandatory to implement encryption algorithm. (3DES is still a SHOULD in S/MIME.) I think the mandatory to implement mode should remain CBC. This will be less of an interoperability concern. Earlier versions of TLS offered support for AES-CBC, but the authenticated encryption modes like AES-GCM will not be available until TLS 1.2 is complete. So, AES-CBC has a much better backward compatibility situation. Russ At 07:11 PM 9/12/2007, Eric Rescorla wrote: >Pasi suggests making AES the mandatory to implement encryption >algorithm in TLS 1.2. Thoughts? > >-Ekr > >_______________________________________________ >TLS mailing list >TLS@lists.ietf.org >https://www1.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Issue 56: AES as MTI Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI Eric Rescorla
- RE: [TLS] Issue 56: AES as MTI Joseph Salowey (jsalowey)
- Re: [TLS] Issue 56: AES as MTI Mike
- [TLS] Re: Issue 56: AES as MTI Simon Josefsson
- Re: [TLS] Issue 56: AES as MTI Russ Housley
- Re: [TLS] Issue 56: AES as MTI Chris Newman
- Re: [TLS] Issue 56: AES as MTI Nelson B Bolyard
- Re: [TLS] Issue 56: AES as MTI Mike
- Re: [TLS] Issue 56: AES as MTI Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI Russ Housley
- Re: [TLS] Issue 56: AES as MTI Chris Newman
- Re: [TLS] Issue 56: AES as MTI Nelson B Bolyard
- Re: [TLS] Issue 56: AES as MTI Nicolas Williams