RE: [TLS] Suite B compliance of TLS 1.2
"Blumenthal, Uri" <uri.blumenthal@intel.com> Wed, 26 July 2006 14:54 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5km4-0007gF-Eo; Wed, 26 Jul 2006 10:54:12 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5km3-0007g9-Fu for tls@ietf.org; Wed, 26 Jul 2006 10:54:11 -0400
Received: from mga02.intel.com ([134.134.136.20] helo=orsmga101-1.jf.intel.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5km2-0008Dq-30 for tls@ietf.org; Wed, 26 Jul 2006 10:54:11 -0400
Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101-1.jf.intel.com with ESMTP; 26 Jul 2006 07:54:06 -0700
Received: from fmsmsx333.fm.intel.com (HELO fmsmsx333.amr.corp.intel.com) ([132.233.42.2]) by fmsmga001.fm.intel.com with ESMTP; 26 Jul 2006 07:54:06 -0700
X-IronPort-AV: i="4.07,185,1151910000"; d="scan'208"; a="104924582:sNHT22202005"
Received: from fmsmsx311.amr.corp.intel.com ([132.233.42.214]) by fmsmsx333.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Jul 2006 07:54:05 -0700
Received: from hdsmsx412.amr.corp.intel.com ([10.127.2.72]) by fmsmsx311.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Jul 2006 07:53:55 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Suite B compliance of TLS 1.2
Date: Wed, 26 Jul 2006 10:53:53 -0400
Message-ID: <279DDDAFA85EC74C9300A0598E7040565DBF61@hdsmsx412.amr.corp.intel.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Suite B compliance of TLS 1.2
Thread-Index: AcawwdP5zwPHpVCMQ7ay8fQmlaIJpAAAPJvw
From: "Blumenthal, Uri" <uri.blumenthal@intel.com>
To: tls@ietf.org
X-OriginalArrivalTime: 26 Jul 2006 14:53:55.0049 (UTC) FILETIME=[50FCBD90:01C6B0C3]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
>> So in order to remove the dependency, one does not only need >> new TLS ciphersuite, but also a significant change in the >> handshake protocol (hashing of the handshake messages >> and the creation/verification of the finished message). > >Yep. Those changes are already being made :-) >> Hashing the handshakes messages with both, old and new hash >> algorithms and deciding later in the handshake which results >> go into creation/verification of the finished message when >> it has been determined/negotiated which algorithms to use >> should be doable, and just moderately more expensive. I think the preferred direction is to hash with the new negotiated hash. What would be the purpose of hashing with the old one? >> I'm slightly worried about the potential "market pressure" >> which this might cause. I certainly don't mind adoption/offering >> of strong cryptographic protocols/technologies, but right >> now I do NOT consider TLS fundamentally broken or weak, >> and I would prefer if people focus on the acutal weaknesses >> within the technology, rather than replacing the >> (currently) strongest link in a weak chain with a much >> stronger one. > >I'm sensitive to what you're saying and I have the same doubts. >On the other hand, I also worry about the attacks on MD5 and SHA-1 >getting much worse and then having to explain why we didn't >do anything about it Exactly. But I'm confused wrt. what Martin calls "strongest link". Clearly it's not RSA or SHA-1 (and hopefully not MD5 :-)? _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- Re: [TLS] Suite B compliance of TLS 1.2 Brian Minard
- Re: [TLS] Suite B compliance of TLS 1.2 Brian Minard
- Re: [TLS] Suite B compliance of TLS 1.2 David Hopwood
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Vipul Gupta