IETF Logo Mail Archive

Re: [TLS] Inclusion of OCB mode in TLS 1.3

Nico Williams <nico@cryptonector.com> Wed, 21 January 2015 16:46 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E6A91A1B24 for <tls@ietfa.amsl.com>; Wed, 21 Jan 2015 08:46:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.066
X-Spam-Level:
X-Spam-Status: No, score=-1.066 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_64=0.6, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K7Rh4SkEr9sY for <tls@ietfa.amsl.com>; Wed, 21 Jan 2015 08:45:56 -0800 (PST)
Received: from homiemail-a74.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id BDFAF1A1B1E for <tls@ietf.org>; Wed, 21 Jan 2015 08:45:56 -0800 (PST)
Received: from homiemail-a74.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a74.g.dreamhost.com (Postfix) with ESMTP id 882B267C073; Wed, 21 Jan 2015 08:45:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=LPw/qI+NbFkafO BeYimqSvVeTWQ=; b=y8MOvMQmCUswPF2N7pg2DTkTaWdSvaU0kz5bc4DW/K+w4Y IoFPpZ6nbN3vOQo5s/ZQ4H5B51rdGJO9L5V90kiEXPexJpHP102nflC+D7mOJyDA UFefiXL2/ejeS6ZpVJRt9e9Jn7HqDkQtfCvNb3e7pUiRsrwEcdfmDG+x6OJdQ=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a74.g.dreamhost.com (Postfix) with ESMTPA id 1CABF67C072; Wed, 21 Jan 2015 08:45:55 -0800 (PST)
Date: Wed, 21 Jan 2015 10:45:49 -0600
From: Nico Williams <nico@cryptonector.com>
To: "Salz, Rich" <rsalz@akamai.com>
Message-ID: <20150121164544.GP2350@localhost>
References: <54B5501A.4070402@azet.org> <20150120191819.GA8165@typhoon.azet.org> <6d7dec54c4da410e9a395af0688322df@usma1ex-dag1mb2.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <6d7dec54c4da410e9a395af0688322df@usma1ex-dag1mb2.msg.corp.akamai.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/kjo-GTRTgQBuWWU-ogYU26GumhA>
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] Inclusion of OCB mode in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2015 16:46:00 -0000

On Wed, Jan 21, 2015 at 04:21:38PM +0000, Salz, Rich wrote:
> What does OCB bring to the table that justifies such a huge increase
> (10%) in the number of ciphers.

Cartesian explosion of unrelated things is a problem TLS has that it
doesn't need to have in 1.3.

Key exchange, server authentication, PRF, hash functions, and
cipher+mode, should all be negotiated separately (but cipher and mode
must be negotiated together).  Yes, in some cases key exchange and
server authentication can be very closely tied, e.g., RSA key transport.
SSHv2 gets all of this right; why can't TLS 1.3?

> We need a cipher cage match.  They call go in, and only a couple come
> out.

That seems unrealistic :(

Nico
--

v2.23.0 | Report a Bug | By Email