IETF Logo Mail Archive

Re: [TLS] Inclusion of OCB mode in TLS 1.3

Nikos Mavrogiannopoulos <nmav@redhat.com> Wed, 14 January 2015 16:44 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C37961A904D for <tls@ietfa.amsl.com>; Wed, 14 Jan 2015 08:44:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4BrCS7wyHgj for <tls@ietfa.amsl.com>; Wed, 14 Jan 2015 08:43:59 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6725B1A8AF8 for <tls@ietf.org>; Wed, 14 Jan 2015 08:43:59 -0800 (PST)
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t0EGhvTf013491 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 14 Jan 2015 11:43:57 -0500
Received: from dhcp-2-127.brq.redhat.com (dhcp-2-127.brq.redhat.com [10.34.2.127]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t0EGhtaA031438 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Wed, 14 Jan 2015 11:43:56 -0500
Message-ID: <1421253834.21577.7.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Aaron Zauner <azet@azet.org>
Date: Wed, 14 Jan 2015 17:43:54 +0100
In-Reply-To: <54B69514.9000508@azet.org>
References: <54B5501A.4070402@azet.org> <D0DA96DB.58455%paul@marvell.com> <54B58F5B.2010704@cs.tcd.ie> <54B6815A.7060102@azet.org> <54B68A97.3010007@azet.org> <1421250687.2899.2.camel@redhat.com> <54B69514.9000508@azet.org>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/lymC_hU7PE0MzasbLQDudQ9zE5U>
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] Inclusion of OCB mode in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2015 16:44:02 -0000

On Wed, 2015-01-14 at 17:11 +0100, Aaron Zauner wrote:

> > This is not the case in the latest draft. Defining only 3 ciphersuites
> > means that PSK will not take advantage of the OCB mode. Is there a
> > reason for that?
> No. If PSK is still going to be supported in TLS 1.3 then I'll have to
> add that as well. This was the newest draft on ChaCha20/Poly1305 I could
> find on the IETF website. Still not that bad in comparison to adding all
> the cipher-suites that conforming with TLS 1.2 would mean.

 Hi,
I don't see why OCB has to be tied to TLS 1.3. The last time such move
was made with having GCM/AEAD restricted to TLS 1.2, it proved quite
wrong (in the sense that not doing it would have avoided the majority of
the problems we saw the last years). TLS 1.3 is a draft document to be
deployed in 2-3 years after published (in the best case scenario). There
is no reason the existing implementations cannot take advantage of OCB,
if ever defined. 

regards,
Nikos

v2.23.0 | Report a Bug | By Email