IETF Logo Mail Archive

Re: [TLS] Inclusion of OCB mode in TLS 1.3

Aaron Zauner <azet@azet.org> Wed, 14 January 2015 15:46 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2B481A8A57 for <tls@ietfa.amsl.com>; Wed, 14 Jan 2015 07:46:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aXChqw0X3utG for <tls@ietfa.amsl.com>; Wed, 14 Jan 2015 07:46:40 -0800 (PST)
Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 624C21A8958 for <tls@ietf.org>; Wed, 14 Jan 2015 07:46:40 -0800 (PST)
Received: by mail-wi0-f181.google.com with SMTP id hi2so11764437wib.2 for <tls@ietf.org>; Wed, 14 Jan 2015 07:46:39 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=Zwq9ZnZmVZRVAXuWPFEvKkFI853ZVtQ0uEJvvge7fZo=; b=cjqymneCBP15sHRxDt728q6fYP+f3uopyqKOgGcDSYpneFkqVa+iJmDD2kviegYBbD vM4SdMs2RAOvXMPDQhhIMo/fB9d2/1ZY1M9Zx/p8W3pUEE2w10LvhO7wC4IMyhdssITp hziNe1IVX9urKl68fEUE1tOmG4BuZGLVZEqA9SC0deFiRqwrvftiJnzoll0EtADH5eO1 AG5LmRnrgYDO2+vIjlC2jNeHxAc9ej7CDwSfzR01hUQYnVzlBtfcx61zlkkzUCiEkNrV jsQSso1JE1hEjOvRFbSELcS2+mogUhYMhrWu34OM1qLLXfJjFlEjOaDYyTpX8O7pcWDA CAnA==
X-Gm-Message-State: ALoCoQkK+6gu3DlqDw11d9PLptzbWcTd/kORkJVlNGUPG0EIj1EG1qfMGrUlqPay+ZOsqBg0BHNT
X-Received: by 10.180.221.201 with SMTP id qg9mr15904287wic.29.1421250399094; Wed, 14 Jan 2015 07:46:39 -0800 (PST)
Received: from [10.60.20.30] ([193.170.94.190]) by mx.google.com with ESMTPSA id ei5sm19164190wid.2.2015.01.14.07.46.37 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 14 Jan 2015 07:46:38 -0800 (PST)
Message-ID: <54B68F5B.7070803@azet.org>
Date: Wed, 14 Jan 2015 16:46:35 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: "Salz, Rich" <rsalz@akamai.com>
References: <54B5501A.4070402@azet.org> <D0DA96DB.58455%paul@marvell.com> <54B58F5B.2010704@cs.tcd.ie> <54B6815A.7060102@azet.org> <54B68A97.3010007@azet.org> <2A0EFB9C05D0164E98F19BB0AF3708C71D55AEC6A9@USMBX1.msg.corp.akamai.com>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C71D55AEC6A9@USMBX1.msg.corp.akamai.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig4FD662B287C145246EB0F560"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/oapa6_ZgMyLKSKiorUi6Gs64Un0>
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] Inclusion of OCB mode in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2015 15:46:43 -0000


Salz, Rich wrote:
> TLS 1.3 is already AEAD and PFS only, since draft-02:
> 	Removed support for static RSA and DH key exchange.
> 	Removed support for non-AEAD ciphers
Yes, I know. Exactly.

One previous suggestion in this thread was to add ciphersuites down to
TLS 1.2, which would result in an enormous amount of ciphersuites as
Stephen Farrell pointed out earlier. Hence the title of this thread and
my asking if a proposal that only adds TLS 1.3 compatible ciphersuites
would be acceptable by the WG.

Aaron

v2.23.0 | Report a Bug | By Email