Re: [TLS] Inclusion of OCB mode in TLS 1.3
Aaron Zauner <azet@azet.org> Tue, 13 January 2015 17:43 UTC
Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B661F1A8BB2 for <tls@ietfa.amsl.com>; Tue, 13 Jan 2015 09:43:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TLXnkhFVzuOA for <tls@ietfa.amsl.com>; Tue, 13 Jan 2015 09:43:50 -0800 (PST)
Received: from mail-we0-f176.google.com (mail-we0-f176.google.com [74.125.82.176]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2C421A6FF7 for <tls@ietf.org>; Tue, 13 Jan 2015 09:43:49 -0800 (PST)
Received: by mail-we0-f176.google.com with SMTP id w61so4303175wes.7 for <tls@ietf.org>; Tue, 13 Jan 2015 09:43:48 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=FZyHJfZWAar/6Y6CCwCQFfpTXAI02CxeSuRVgs49NUE=; b=RE6D6vBa2RO5oXiHIShlOXlG0L1bN/7lYBlz1sJdh7cm69cE/qEQVn/oSl/5u9j8bY ZMHG8BVx15oY04LiqcNvOnQTHANKPEg8uRnDRFx5B2oCElMPLuhnW+ZYOzPrLqPeS1uO WXkP6YJGLU5s1/XTUF60bFtnK0C57FvQMmn90TxB+or8CaXxzFt/kPtgU2FwiB40OtuO ywbyAim1QFj950z7LQ+pewQ7F/vV/JQUz/pwMPsNEhTX2n9gdkQFCczQVnMehN5qAeDN +u+qdePG9NNXJiZShg/gZY9b+MM9CADE3ab5x6olIBZWr84RQDFfGVxstquofbhi8nO3 iHcw==
X-Gm-Message-State: ALoCoQk6/Pw3Srz0K0A2nv3KDEe8s/Ep2lxjU4+AJ4BSMvCUTdMflkmTmIw9lj/5V9QdR3O8FozJ
X-Received: by 10.180.198.52 with SMTP id iz20mr42839940wic.60.1421171028511; Tue, 13 Jan 2015 09:43:48 -0800 (PST)
Received: from [192.168.23.139] (chello084112076043.34.11.vie.surfer.at. [84.112.76.43]) by mx.google.com with ESMTPSA id vj1sm26565556wjc.49.2015.01.13.09.43.47 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 13 Jan 2015 09:43:47 -0800 (PST)
Message-ID: <54B55950.4090606@azet.org>
Date: Tue, 13 Jan 2015 18:43:44 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Martin Thomson <martin.thomson@gmail.com>
References: <54B5501A.4070402@azet.org> <CABkgnnWoyDHndgARGLVv0PV3SDr-FCyq_PiiG=knKtz6fEbjXA@mail.gmail.com>
In-Reply-To: <CABkgnnWoyDHndgARGLVv0PV3SDr-FCyq_PiiG=knKtz6fEbjXA@mail.gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enigA014A117FA4EB62FA2BB6E02"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/rEa1WLGzhVd_hvydI8uyKHVRSok>
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] Inclusion of OCB mode in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 17:43:53 -0000
Martin Thomson wrote: > On 13 January 2015 at 09:04, Aaron Zauner <azet@azet.org> wrote: >> Now I'm a bit clueless as to how new AEAD modes are supposed to be >> added to TLS 1.3. > > > In this case, I would suggest writing an Internet Draft describing how > the cipher suite is identified and how it operates. That would be a > relatively short document. > > Unless there are specific reasons not to, a new AEAD cipher should be > defined for TLS 1.2 as well. One reason (that doesn't apply to OCB) > is that it might require non-deterministic padding, for which there is > a bug in the TLS 1.2 AEAD construction (see > https://github.com/tlswg/tls13-spec/issues/47). Thanks for this piece of information! So that would be an ID to the extent of RFC5288 or RFC6655. > There are, of course, reasons why people would not want to accept a > proposal like that. More cipher suites isn't strictly a good thing. > Of course, if OCB is demonstrably better in some fashion (speed, > security, whatever it happens to be), then that makes the case easier. Generally I would agree, but I think for now OCB mode would be a very good addition to AEAD in TLS. Let's see what the CAESAR competition brings us in 2017,.. Aaron
- [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Russ Housley
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Watson Ladd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Paul Lambert
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Stephen Farrell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Viktor Dukhovni
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Brian Smith
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jacob Appelbaum
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Joachim Strömbergson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Eric Rescorla
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] Inclusion of OCB mode in TLS 1.3 Phillip Rogaway
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Manuel Pégourié-Gonnard
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Alex Elsayed
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Eric Rescorla
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Watson Ladd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Henrik Grubbström
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Dmitry Belyavsky
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] GOST in TLS (Re: Inclusion of OCB mode in T… Martin Rex
- Re: [TLS] GOST in TLS (Re: Inclusion of OCB mode … Dmitry Belyavsky
- Re: [TLS] GOST in TLS (Re: Inclusion of OCB mode … Martin Rex
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] PSK [was: Re: Inclusion of OCB mode in TLS … Daniel Kahn Gillmor
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Roland Zink
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner