IETF Logo Mail Archive

Re: [TLS] Last call comments and WG Chair review of draft-ietf-tls-ecdhe-psk-aead

Aaron Zauner <azet@azet.org> Wed, 01 March 2017 14:35 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B18D1294E0 for <tls@ietfa.amsl.com>; Wed, 1 Mar 2017 06:35:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=azet.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rZC2e6KkkiL9 for <tls@ietfa.amsl.com>; Wed, 1 Mar 2017 06:35:25 -0800 (PST)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9782B1293E0 for <tls@ietf.org>; Wed, 1 Mar 2017 06:35:25 -0800 (PST)
Received: by mail-wm0-x22d.google.com with SMTP id u199so37928585wmd.1 for <tls@ietf.org>; Wed, 01 Mar 2017 06:35:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=CShkxmpa0M7dVygEplHVHFSZmvV6++NN7ZcuNx0kOlA=; b=Ir5B3ip20afs1TV3pQ3vV2RmNLOhUYCjZsz0O9i4dzPe6jCny0r35u/a6iaGAEzPdb 65nJTqsjG9fmWYJ6hM+vP8MSwTKB5LqI3/5TlURKomUjj/GkkO17IitKc3xFSmSu87IF CSAlUu5/txFVksTwCGcEyLnePzrwQKnR0p7wE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=CShkxmpa0M7dVygEplHVHFSZmvV6++NN7ZcuNx0kOlA=; b=FBKxWSHyLT8T9qaBcVZ32Vjhw2fMCBJY7zUviy4sQya0wUN7Utr7QfkmRanBKBUnfE tb1cROwSryQXKCYMZbedkJh/gVtYuk40HdJF0utbPZE3X/fefc90KLmRto5ltcNgN5/J XQnYvNbbcRhXAVrvcPVPGNcg9nze1uWuJUj6vlFbXMsUNRanMi0f/kQhQ/5YHYaOsAqU Qwx214ShgvfbUTVkZQwgZxnT6GTU/R2iTUCEbCLJNcOs44yj3Fpghx4jbigTmutz3vfo uGxWN8l5FBJcfrYU81tOG58EMEDK+xl2lUAkIoyYrke6hU4aVY98ZdWSE1W7uY/w5kcA oZhw==
X-Gm-Message-State: AMke39nzG2H44aSt75oEJ4z8cAYDb0468yJS2CfQNM7Z0+wmdgemEp1VLCgqX4BCowftuw==
X-Received: by 10.28.57.131 with SMTP id g125mr3596894wma.33.1488378924020; Wed, 01 Mar 2017 06:35:24 -0800 (PST)
Received: from [192.168.1.121] ([160.178.204.57]) by smtp.gmail.com with ESMTPSA id d6sm23120173wmd.6.2017.03.01.06.35.16 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 01 Mar 2017 06:35:23 -0800 (PST)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_8BF68E03-ECBD-4CD4-B762-DA92D3E2B615"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail
From: Aaron Zauner <azet@azet.org>
In-Reply-To: <B6D8E0C7-CC3A-445E-BE6D-EF22A2A0DB69@gmail.com>
Date: Wed, 01 Mar 2017 14:35:11 +0000
Message-Id: <F53AC06B-F71D-48DA-B7A1-97B0A4C19813@azet.org>
References: <CAOgPGoA0tTmwkcC3CPdgUd=6QNTpTxRT8pkXLD-Yezzh05b+KA@mail.gmail.com> <CABkgnnVTWmwyyBQrTLZ1up09vTfwKpUj_-FriEspEXD5hevshA@mail.gmail.com> <f79b14ab6eaf4ab6b18323b569337583@usma1ex-dag1mb1.msg.corp.akamai.com> <20170222171156.GA31015@LK-Perkele-V2.elisa-laajakaista.fi> <CAOgPGoDtSpwimU_EZvdRmCb_hAVJmTauS62qgPznaZJy6V7mJA@mail.gmail.com> <1CAE4CFE-2A9D-4A8D-93D4-2BA304894F96@gmail.com> <91c7562e92814e3a9ebb57dfa6c59610@usma1ex-dag1mb1.msg.corp.akamai.com> <F64543BE-679E-4CB4-9397-7931FA8C59D9@azet.org> <B6D8E0C7-CC3A-445E-BE6D-EF22A2A0DB69@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mQbbZl1c4Rpai5UaXd38VjwUFpQ>
Cc: "draft-ietf-tls-ecdhe-psk-aead@tools.ietf.org" <draft-ietf-tls-ecdhe-psk-aead@tools.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Last call comments and WG Chair review of draft-ietf-tls-ecdhe-psk-aead
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 14:35:27 -0000

> On 01 Mar 2017, at 14:29, Yoav Nir <ynir.ietf@gmail.com> wrote:
> 
> 
>> On 1 Mar 2017, at 15:06, Aaron Zauner <azet@azet.org> wrote:
>> 
>> 
>>> On 24 Feb 2017, at 14:07, Salz, Rich <rsalz@akamai.com> wrote:
>>> 
>>>> Assuming 256-bit AES-CCM suites are needed, I think the better place to put
>>>> them is in the TLS 1.3 document.
>>> 
>>> That's a really big assumption. ;)
>>> 
>>> I think the burden is on folks to *prove* (yeah, I know) that additional cipher suites are needed.
>> 
>> +1. I'm against adding CCM based suites to the TLS 1.3 spec.
> 
> Hold on.  CCM with a 128-bit key suites are already in the current version of the spec. CCM with a 256-bit key suites are not.
> 
> Are you advocating just not adding the 256-bit key ciphersuites, or removing those already in?

Both. I don't see why we need to keep legacy cruft around in a new protocol because of some embedded corner case, sorry.

Also, OCB would be much faster as it's is a single-pass scheme (and all patent restrictions that had been the reason CCM was initially invented anyway have been resolved for TLS), but for the sake of not ending up with countless cipher-suites again I'm not advocating adding that either.

Also: what Rich Salz said.

Aaron

v2.23.0 | Report a Bug | By Email