Re: [TLS] Suite B compliance of TLS 1.2
Eric Rescorla <ekr@networkresonance.com> Wed, 26 July 2006 04:32 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5b4R-0000mW-Ka; Wed, 26 Jul 2006 00:32:31 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5b4R-0000mR-2X for tls@ietf.org; Wed, 26 Jul 2006 00:32:31 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5b4P-0005Vh-OC for tls@ietf.org; Wed, 26 Jul 2006 00:32:31 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id BA6F21E8C1C; Tue, 25 Jul 2006 21:32:28 -0700 (PDT)
To: Wan-Teh Chang <wtchang@redhat.com>
Subject: Re: [TLS] Suite B compliance of TLS 1.2
References: <44C6B8C1.3040500@redhat.com>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Tue, 25 Jul 2006 21:32:28 -0700
In-Reply-To: <44C6B8C1.3040500@redhat.com> (Wan-Teh Chang's message of "Tue, 25 Jul 2006 17:35:13 -0700")
Message-ID: <86fygpyoir.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Wan-Teh Chang <wtchang@redhat.com> writes: > At the 2005 RSA Conference, the US National > Security Agency (NSA) announced Suite B Crytography > (http://www.nsa.gov/ia/industry/crypto_suite_b.cfm) > This suite of cryptographic algorithms includes AES, > ECDSA, ECDH, ECMQV, and SHA-256/SHA-384. > > I'm interested in the Suite B compliance of TLS 1.2. > Simply put, it means the ability to do TLS 1.2 using > only Suite B algorithms. > > The primary goal of TLS 1.2, to remove the protocol's > dependency on the MD5 and SHA-1 digest algorithms, is > in line with Suite B compliance. I'd like to start > the discussion by proposing additional goals: > - merge in or reference RFC 4492 Well, I don't mind having an Informative reference to RFC 4492, but merging it in really isn't appropriate, since it's at Informational status and TLS 1.2 is of course Standards Track. > - add sha384 to the enumerated HashType This was already decided on at IETF. > - define cipher suites whose MAC algorithm is Suite B > compliant. Since Suite B doesn't include any MAC > algorithms and the recent collision attack on SHA-1 > doesn't extend to HMAC-SHA-1, this goal may be > controversial. I'm not that familiar with Suite B, but if it, as you say, it doesn't include a MAC algorithm, I'm not sure what you're suggesting for message integrity. -Ekr _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- Re: [TLS] Suite B compliance of TLS 1.2 Brian Minard
- Re: [TLS] Suite B compliance of TLS 1.2 Brian Minard
- Re: [TLS] Suite B compliance of TLS 1.2 David Hopwood
- Re: [TLS] Suite B compliance of TLS 1.2 Martin Rex
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Eric Rescorla
- RE: [TLS] Suite B compliance of TLS 1.2 Blumenthal, Uri
- Re: [TLS] Suite B compliance of TLS 1.2 Wan-Teh Chang
- Re: [TLS] Suite B compliance of TLS 1.2 Vipul Gupta