IETF Logo Mail Archive

Re: [TLS] Call for WG adoption of draft-mattsson-tls-ecdhe-psk-aead

Dave Garrett <davemgarrett@gmail.com> Tue, 26 April 2016 19:13 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EC0012D56C for <tls@ietfa.amsl.com>; Tue, 26 Apr 2016 12:13:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27lGW4faBBUs for <tls@ietfa.amsl.com>; Tue, 26 Apr 2016 12:13:03 -0700 (PDT)
Received: from mail-qg0-x233.google.com (mail-qg0-x233.google.com [IPv6:2607:f8b0:400d:c04::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4427712D1D1 for <tls@ietf.org>; Tue, 26 Apr 2016 12:13:03 -0700 (PDT)
Received: by mail-qg0-x233.google.com with SMTP id c6so10017466qga.1 for <tls@ietf.org>; Tue, 26 Apr 2016 12:13:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-transfer-encoding:message-id; bh=2viXXHbd8JBA1aI8PD7lZYsn4tT/rJfhwAiDtHdsk6U=; b=gQFYUQlOdBDvwOpVn/x0o30LHWob5zR+sznBZz8fN6rRqkzMyEt29F6c4CBUADMdB8 y8v/0ZFY7tLR95Wl0J9Is3HvB6yC8XQn5BAltRlX5IntzhcYYdUnOIYukbjOS28C6ZHX YwNm2E1z/MH9b+ilm0p+VF1cZbJ6KD7R40k39kRyy2ax45i7Sqxb6M8mnkVvvbxY0mhZ xOmRgAPfTND9ij5U27hZfTrfQM//ltxI35RWX1rZFVi19Ozsui6Gbt2RO8A6mFw/lcAs 1CsSqyO9UKuwTxj9NZZS0lbMC/suS0Z0auMiAtbCPUE/MN/d9/lEZi/M+hgjDo+JWncs A9IA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-transfer-encoding:message-id; bh=2viXXHbd8JBA1aI8PD7lZYsn4tT/rJfhwAiDtHdsk6U=; b=X7JVv2Me/dAgeK6JC6qiXNOk1xvYauDAlNU7/+sKmd/Ya5+6G83j8O7bQsveghCQRI zn1PCIi4KcEddR8QoOh0Q7yr4ulHlv7rIkVr7WmuEwuX3tSOcJmEDEWpFYlHLnPThXtj yuGZL7NaAfqoSjMWtZzFGLc379nz5ELk5iKJp1rZGHZ0X8K5V9g4jGbUcV6YUPCpSEpq NuxKY158sQMWuz+VnR2MFqhHU2OMjoy8AHxrKrJMyoF38ztyYofdSIK59wJC/057uLvX B10UvZluxkusXhEiKdgblnGVKR/AT6QCwHlfw3OsmYLsWyawyg6LQ55JJ4xXtoCM+thb tXtA==
X-Gm-Message-State: AOPr4FWsScMJIcg2JxL3TPuqlDekdcL4R95tXfrldRcU9CE+n+M2Qf3UVLm6hNcxTvsjfg==
X-Received: by 10.140.82.69 with SMTP id g63mr4016851qgd.106.1461697982213; Tue, 26 Apr 2016 12:13:02 -0700 (PDT)
Received: from dave-laptop.localnet (pool-72-94-36-244.phlapa.fios.verizon.net. [72.94.36.244]) by smtp.gmail.com with ESMTPSA id y200sm9250962qka.48.2016.04.26.12.13.01 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 26 Apr 2016 12:13:01 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Tue, 26 Apr 2016 15:13:00 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <E7FC2BE3-0BEF-4F1C-A394-73A54701803E@sn3rd.com> <571F8748.1000202@gmx.net>
In-Reply-To: <571F8748.1000202@gmx.net>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201604261513.00630.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/sZIf9CNfg5OM84dov6gGlGJhv3s>
Subject: Re: [TLS] Call for WG adoption of draft-mattsson-tls-ecdhe-psk-aead
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 19:13:04 -0000

On Tuesday, April 26, 2016 11:20:40 am Hannes Tschofenig wrote:
> If you are already paying the price of the asymmetric crypto (in terms
> of flash usage/CPU speed/RAM utilization then just switch to a raw
> public key or a certificate based ciphersuite (since there is very
> little additional overhead).
> 
> I suspect the usage is more for the we or so?

(assuming that was supposed to be "web")

With resumption now done through PSK in TLS 1.3, these suites will be desired for that in addition to systems that will be using PSK as their primary suite. Without them, the only FS AEAD PSK AES suites are DHE, and we'd much prefer ECDHE be available.


Dave

v2.23.0 | Report a Bug | By Email