Re: [TLS] Consensus Call on MTI Algorithms

Aaron Zauner <azet@azet.org> Thu, 02 April 2015 19:28 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7B091A000B for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 12:28:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.579
X-Spam-Level:
X-Spam-Status: No, score=-1.579 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XxvdBLtiyE9d for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 12:28:34 -0700 (PDT)
Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com [209.85.212.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6812C1A0016 for <tls@ietf.org>; Thu, 2 Apr 2015 12:28:34 -0700 (PDT)
Received: by wiaa2 with SMTP id a2so117023842wia.0 for <tls@ietf.org>; Thu, 02 Apr 2015 12:28:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:cc :subject:references:in-reply-to:content-type; bh=ZYcPD3Ahf6m94EHAaWi4FH3q3LliR26XT+6hV/L7M4c=; b=NlZvufTKgKZrTMpwz+ZO7NQ0v2VHzO2ScE+EXcMXIqwPM6Ydd+5/jqvHZWoICDloNa EppSUt7Q/EOgX9Pfa2rawZWcg4xpd2Aot6Yylqzut7k9JlF+nSR5UvvaOq5/MNGAqYm2 or6ulwcRD1DdE+szJPUGAPFA8VYAVdXpMGTieFq0djX5BXWnZWii0B/oW7tSOBzFx7+P is2aH253kz0qta7XXGJ2tFvwlWaYmUCgdJ9Tz0938YYGVHtA/1Afbf2GvTLzKWHuSFK5 ucYrUvLsqnIdD4esINxarU6CwjF5MfFWf54u7ZeQ+BJMuYzJPcVJa1Y6/YuNDdZjCRpU 0YvA==
X-Gm-Message-State: ALoCoQkY2O96odxxqD1nJPPYUkoMb2YaGxt9SUsianWDKqONTfu4j9PAR55rjWVdaqBQrc0hSb1G
X-Received: by 10.194.142.205 with SMTP id ry13mr99447203wjb.73.1428002913042; Thu, 02 Apr 2015 12:28:33 -0700 (PDT)
Received: from [10.0.0.142] (chello080108032135.14.11.univie.teleweb.at. [80.108.32.135]) by mx.google.com with ESMTPSA id o5sm2600173wia.0.2015.04.02.12.28.31 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 02 Apr 2015 12:28:32 -0700 (PDT)
Message-ID: <551D985B.6080204@azet.org>
Date: Thu, 02 Apr 2015 21:28:27 +0200
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
References: <CAOgPGoBk+E=cNV1ufBaQ0n7=CJQ34zukPixKCEdpmMLBX=Kg_w@mail.gmail.com> <20150402184849.GF10960@localhost> <a4de167f0d684690a0fe2439171f65c5@ustx2ex-dag1mb2.msg.corp.akamai.com>
In-Reply-To: <a4de167f0d684690a0fe2439171f65c5@ustx2ex-dag1mb2.msg.corp.akamai.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigA69C028056E9F82F1AE9C9D2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/r3iXr6Bo1Vbrn6kehHlJwrn61jc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Consensus Call on MTI Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 19:28:39 -0000

Hi,

Hmm.

I'd agree that an alternative to AES-GCM (still AES based) would be nice
-- I have this AES-OCB draft still floating around, if anybody is
interested. IBM is currently working through IPR stuff as far as I
understand. :)

Suggestion:
MUST    - AES-GCM, ChaCha20/Poly1305
SHOULD  - AES-CCM or AES-OCB

Thinking about ECDH, why even make the NIST curve mandatory to
implement? Just go with 25519 & maybe (!) a secondary non-NIST curve.

What about Ed448 as a second alternative (SHOULD) for signatures?

Aaron