IETF Logo Mail Archive

Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC

<Pasi.Eronen@nokia.com> Thu, 02 October 2008 08:29 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 988AD3A6AAF; Thu, 2 Oct 2008 01:29:47 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F16DC3A6AAF for <tls@core3.amsl.com>; Thu, 2 Oct 2008 01:29:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.296
X-Spam-Level:
X-Spam-Status: No, score=-6.296 tagged_above=-999 required=5 tests=[AWL=0.303, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id drizTbji2ZO2 for <tls@core3.amsl.com>; Thu, 2 Oct 2008 01:29:45 -0700 (PDT)
Received: from mgw-mx09.nokia.com (smtp.nokia.com [192.100.105.134]) by core3.amsl.com (Postfix) with ESMTP id 1AD4F3A677D for <tls@ietf.org>; Thu, 2 Oct 2008 01:29:45 -0700 (PDT)
Received: from vaebh105.NOE.Nokia.com (vaebh105.europe.nokia.com [10.160.244.31]) by mgw-mx09.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id m928SwnS016630; Thu, 2 Oct 2008 03:30:09 -0500
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by vaebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Oct 2008 11:29:22 +0300
Received: from vaebe104.NOE.Nokia.com ([10.160.244.59]) by esebh102.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Oct 2008 11:29:22 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 02 Oct 2008 11:29:21 +0300
Message-ID: <1696498986EFEC4D9153717DA325CB7201C760D1@vaebe104.NOE.Nokia.com>
In-Reply-To: <48E38DC2.9010906@isima.fr>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
Thread-Index: Ackj1Q8JCwWmkpKNT0KzGNai3Ua2fwAk25Iw
References: <48E0AD6A.3070705@isima.fr> <1696498986EFEC4D9153717DA325CB7201C31635@vaebe104.NOE.Nokia.com> <48E38DC2.9010906@isima.fr>
From: Pasi.Eronen@nokia.com
To: badra@isima.fr
X-OriginalArrivalTime: 02 Oct 2008 08:29:22.0110 (UTC) FILETIME=[F87FE5E0:01C92468]
X-Nokia-AV: Clean
Cc: tls@ietf.org
Subject: Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

Mohamad Badra wrote:
> 
> Dear Pasi,
> 
>> The contents of the draft have changed quite a bit since version
>> -02 (which was posted just before the Dublin meeting), and I have
>> some comments about the changes:
> 
> 
> In fact, we discussed adding SHA256 and SHA348 to the document to
> avoid publishing several seperated documents; and if I recall well,
> your recommendation was to do that in one single document. If the
> group doesn't agree with this change, I will post the old version.

I think having them all in a single document is better; it's 
the other changes in -03 I commented.

>  > It's a bit surprising that
>  > e.g. TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, when negotiated in TLS
>  > 1.2, would use the TLS PRF with SHA-1 as the hash function. Note
>  > that e.g.  TLS_DHE_PSK_WITH_AES_128_CBC_SHA (from RFC 4279) would
>  > in this situation use the TLS PRF with SHA-256.
> 
> In this case, I would know where I can read that cipher suites
> described in RFC 4492, when negotiated in TLS 1.2, will use the TLS
> PRF with SHA-256. Do you refer to Section 5 of TLS 1.2?
> 
> The same for TLS_DHE_PSK_WITH_AES_128_CBC_SHA.

Yes, I'm referring to Section 5 of TLS 1.2.

>  > My suggestion would be to say that all these cipher suites can be
>  > negotiated with any TLS version; when used with TLS <1.2, they use
>  > the PRF from that version; when used with TLS >=1.2, they use the
>  > TLS PRF with SHA-256 or SHA-384. (In other words: they'd work the
>  > same way as the cipher suites in RFC 4492/4279/4785.)
>  >
>  > This change would probably allow us to remove the SHA-1 suites
>  > completely.
> 
> With regard to version 2 of the document, only SHA-1 suites are 
> described. So why we need to do this step?

I would ask it this way: if the document has SHA-256/384 based
suites, why does it need the SHA-1 suites?

(Cipher suites isn't one of those things where having more
is automatically better.)

>  > Also, while I can understand combining AES-128 with
>  > SHA-256, and AES-256 with SHA-384, I'm not sure why we need to
>  > combine NULL encryption with three different MACs...
> 
> In the case we are going to remove the SHA-1 suites with NULL
> encryption, only 2 combinations will be available (if we keep the
> logic of moving away from SHA-1 and towards stronger hash
> algorithms, as RFC 5288 and 5289 do).

Yes, but why do we need two combinations? What problem is solved
by having two, instead of just one?

Best regards,
Pasi
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email