Re: [TLS] I-D Action: draft-ietf-tls-rfc4492bis-02.txt
Yoav Nir <ynir.ietf@gmail.com> Tue, 10 March 2015 11:09 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01DF51A8799 for <tls@ietfa.amsl.com>; Tue, 10 Mar 2015 04:09:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B5ux-rPs5Wgy for <tls@ietfa.amsl.com>; Tue, 10 Mar 2015 04:09:13 -0700 (PDT)
Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3955E1A8769 for <tls@ietf.org>; Tue, 10 Mar 2015 04:09:13 -0700 (PDT)
Received: by wibbs8 with SMTP id bs8so1921549wib.4 for <tls@ietf.org>; Tue, 10 Mar 2015 04:09:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=HZ+3epc4hb2rmR+dYFkuqOn3YLblKBA/fdHdv1EAWE4=; b=RGQgVv3WRl8lHfzhIk7aENmY9Lgox+PhyQCO5pspgtk7lxhOCcGCwvBwFx1TcKtsyI 2+y+rZdwjNrU/3X2u64iQPX3BT5ZFqTU/UxoVrWgXAhuc5YExCnzuMgY4mKKwNxhoui+ KmUgfCcmLaYmBAkxIRoG06PKS6WvqcSl8zdt4OJy2JQPdLEyl+yMoAmNSHolhAJcMvQG bmHOkMuDDkGW6eVJpgeA0lxSVxjplBapJlFBiPaq4fDcPK12535XZrk0uyNZduCKcTbW AseNlNJSVyi524oIlpQM69Xja9Eupf1unql3iEF9x0s/Vg/v3zZttlExOBuwTMnZ0NSJ S43g==
X-Received: by 10.180.211.73 with SMTP id na9mr60468733wic.60.1425985751807; Tue, 10 Mar 2015 04:09:11 -0700 (PDT)
Received: from [172.24.249.226] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id u16sm416699wjr.5.2015.03.10.04.09.10 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 10 Mar 2015 04:09:11 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_A9E26167-DCF9-4AC3-B4D4-61BBF2F7C362"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <54FEA30C.6080608@bouncycastle.org>
Date: Tue, 10 Mar 2015 13:09:08 +0200
Message-Id: <ECF306A3-A6C0-4AA9-8FAA-DDF4127913A6@gmail.com>
References: <20150309212339.6861.62405.idtracker@ietfa.amsl.com> <54FEA30C.6080608@bouncycastle.org>
To: Peter Dettman <peter.dettman@bouncycastle.org>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/se-8mUSkTVqXMGwSM1je7NCgeBY>
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action: draft-ietf-tls-rfc4492bis-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 11:09:20 -0000
Actually only the last one has issues. Tthe full list should be: o TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 o TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA o TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 o TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA While there are _SHA256 versions for the second and forth ciphersuites, these are pre-1.2 ciphersuites where the _SHA and _SHA256 refer to HMAC-SHA1 and HMAC-SHA256 respectively as MAC functions. There is no particular reason to switch to HMAC-SHA256, so we’d rather stay with the previous recommendation. Going forward (1.3+) only the GCM ciphersuites will be supported, so you need those. Thanks. I’ll fix it in the next version after the meeting. Yoav > On Mar 10, 2015, at 9:53 AM, Peter Dettman <peter.dettman@bouncycastle.org> wrote: > > On the very last lineof "6. Cipher Suites", the list of cipher suites that SHOULD be supported includes TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - is that a typo that should be ..._ECDHE_...? > > In that same list, should TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA be ..._SHA256? > > Regards, > Pete Dettman > > On 10/03/2015 4:23 am, internet-drafts@ietf.org wrote: >> A New Internet-Draft is available from the on-line Internet-Drafts directories. >> This draft is a work item of the Transport Layer Security Working Group of the IETF. >> >> Title : Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier >> Author : Yoav Nir >> Filename : draft-ietf-tls-rfc4492bis-02.txt >> Pages : 30 >> Date : 2015-03-09 >> >> Abstract: >> This document describes key exchange algorithms based on Elliptic >> Curve Cryptography (ECC) for the Transport Layer Security (TLS) >> protocol. In particular, it specifies the use of Ephemeral Elliptic >> Curve Diffie-Hellman (ECDHE) key agreement in a TLS handshake and the >> use of Elliptic Curve Digital Signature Algorithm (ECDSA) as a new >> authentication mechanism. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/ >> >> There's also a htmlized version available at: >> http://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-02 >> >> A diff from the previous version is available at: >> http://www.ietf.org/rfcdiff?url2=draft-ietf-tls-rfc4492bis-02 >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >
- [TLS] I-D Action: draft-ietf-tls-rfc4492bis-02.txt internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-rfc4492bis-0… Peter Dettman
- Re: [TLS] I-D Action: draft-ietf-tls-rfc4492bis-0… Yoav Nir