Re: [TLS] I-D Action: draft-ietf-tls-ecdhe-psk-aead-00.txt

Peter Dettman <peter.dettman@bouncycastle.org> Sun, 10 July 2016 10:51 UTC

Return-Path: <peter.dettman@bouncycastle.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ECD512D0FB for <tls@ietfa.amsl.com>; Sun, 10 Jul 2016 03:51:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lo_i6SvKEAmO for <tls@ietfa.amsl.com>; Sun, 10 Jul 2016 03:51:22 -0700 (PDT)
Received: from tauceti.org.au (mail.tauceti.org.au [203.32.61.25]) by ietfa.amsl.com (Postfix) with ESMTP id F04F012D0F9 for <tls@ietf.org>; Sun, 10 Jul 2016 03:51:21 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=ppp-49-237-162-110.revip6.asianet.co.th;
To: tls@ietf.org
References: <20160527171935.11166.82258.idtracker@ietfa.amsl.com>
From: Peter Dettman <peter.dettman@bouncycastle.org>
Message-ID: <7a3597ae-92b8-23c8-b2c3-357f6fdb6792@bouncycastle.org>
Date: Sun, 10 Jul 2016 17:51:06 +0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <20160527171935.11166.82258.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Authenticated-User: peter.dettman@bouncycastle.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/onEkdgH30eZgWs8v5Rp-CUqCHds>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-ecdhe-psk-aead-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jul 2016 10:51:24 -0000

Hi,
I've just implemented these ciphersuites in BouncyCastle TLS, and have a
couple of questions:

In Section 3., should

   TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA256 = {0xTBD,0xTBD};

end with ...SHA384 instead?

   For the AES-256 cipher suites, the TLS PRF with SHA-384 as the hash
   function SHALL be used and Clients and Servers MUST NOT negotiate
   curves of less than 384 bits.

requires SHA384 as the PRF, and I don't know what else SHA256 could
refer to for an AEAD ciphersuite.

I'm also curious whether there is a precedent in other RFCs for an
explicit minimum curve bits, or perhaps a de facto implementer's rule?

Regards,
Pete Dettman

On 28/05/2016 12:19 AM, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Transport Layer Security of the IETF.
> 
>         Title           : ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites for Transport Layer Security (TLS)
>         Authors         : John Mattsson
>                           Daniel Migault
> 	Filename        : draft-ietf-tls-ecdhe-psk-aead-00.txt
> 	Pages           : 7
> 	Date            : 2016-05-27
> 
> Abstract:
>    This document defines several new cipher suites for the Transport
>    Layer Security (TLS) protocol.  The cipher suites are all based on
>    the Ephemeral Elliptic Curve Diffie-Hellman with Pre-Shared Key
>    (ECDHE_PSK) key exchange together with the Authenticated Encryption
>    with Associated Data (AEAD) algorithms AES-GCM and AES-CCM.  PSK
>    provides light and efficient authentication, ECDHE provides perfect
>    forward secrecy, and AES-GCM and AES-CCM provides encryption and
>    integrity protection.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-psk-aead/
> 
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-tls-ecdhe-psk-aead-00
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>