Re: [TLS] Suite B compliance of TLS 1.2

Eric Rescorla <ekr@networkresonance.com> Wed, 26 July 2006 04:32 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5b4R-0000mW-Ka; Wed, 26 Jul 2006 00:32:31 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5b4R-0000mR-2X for tls@ietf.org; Wed, 26 Jul 2006 00:32:31 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5b4P-0005Vh-OC for tls@ietf.org; Wed, 26 Jul 2006 00:32:31 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id BA6F21E8C1C; Tue, 25 Jul 2006 21:32:28 -0700 (PDT)
To: Wan-Teh Chang <wtchang@redhat.com>
Subject: Re: [TLS] Suite B compliance of TLS 1.2
References: <44C6B8C1.3040500@redhat.com>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Tue, 25 Jul 2006 21:32:28 -0700
In-Reply-To: <44C6B8C1.3040500@redhat.com> (Wan-Teh Chang's message of "Tue, 25 Jul 2006 17:35:13 -0700")
Message-ID: <86fygpyoir.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Wan-Teh Chang <wtchang@redhat.com>; writes:
> At the 2005 RSA Conference, the US National
> Security Agency (NSA) announced Suite B Crytography
> (http://www.nsa.gov/ia/industry/crypto_suite_b.cfm).
> This suite of cryptographic algorithms includes AES,
> ECDSA, ECDH, ECMQV, and SHA-256/SHA-384.
>
> I'm interested in the Suite B compliance of TLS 1.2.
> Simply put, it means the ability to do TLS 1.2 using
> only Suite B algorithms.
>
> The primary goal of TLS 1.2, to remove the protocol's
> dependency on the MD5 and SHA-1 digest algorithms, is
> in line with Suite B compliance.  I'd like to start
> the discussion by proposing additional goals:
> - merge in or reference RFC 4492

Well, I don't mind having an Informative reference
to RFC 4492, but merging it in really isn't appropriate,
since it's at Informational status and TLS 1.2 is of
course Standards Track.


> - add sha384 to the enumerated HashType

This was already decided on at IETF.


> - define cipher suites whose MAC algorithm is Suite B
>    compliant. Since Suite B doesn't include any MAC
>    algorithms and the recent collision attack on SHA-1
>    doesn't extend to HMAC-SHA-1, this goal may be
>    controversial.

I'm not that familiar with Suite B, but if it, as you
say, it doesn't include a MAC algorithm, I'm not sure
what you're suggesting for message integrity.

-Ekr

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls