Re: [TLS] Inclusion of OCB mode in TLS 1.3

Aaron Zauner <azet@azet.org> Mon, 19 January 2015 14:07 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D50771B2A8B for <tls@ietfa.amsl.com>; Mon, 19 Jan 2015 06:07:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fFat0WE0BaYx for <tls@ietfa.amsl.com>; Mon, 19 Jan 2015 06:07:01 -0800 (PST)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5596C1B2A2A for <tls@ietf.org>; Mon, 19 Jan 2015 06:06:59 -0800 (PST)
Received: by mail-wi0-f170.google.com with SMTP id em10so5808488wid.1 for <tls@ietf.org>; Mon, 19 Jan 2015 06:06:58 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=HbIFBSFTxS2oAftzcKw9GqYhE72Y4p0JCv7ILc7FU9c=; b=YcGVY/A+avXlyledIcqP0jaEsmgV7CYx3gBkdxKI1k89wgpMbOba7U/sQcSrx4IHyM ythPdEtat4ksKOLHamglItfUEpIgt0DRzhkuC+wJ25BSnnUH5N9bbreKKQIQCd2SIR9j FMR4+Rsi55g4XJcE3my57aVAxsHx1+vGG0GQVdMCbcLKZWGA1oTY0ZxncIXqm5MMZls6 idcm4LrSvhiLqE8znW9fK4pI0bs3DY4ZQ7+LiWyGMOtbxu8V14K4fe6J6vV20diN5n7t 4rOSVyPSWH5IHBuPL158H8l6FVoORkMWOdYkLW3CWZxB+KIws/rTwpI85LQjiNuSWMAa QJUw==
X-Gm-Message-State: ALoCoQk0QFr9eju7/Wa0exHjA8SJiLHMtIEVafFTh646hL1pPhgZGmrQWXefFl1Qk9VydJYaVdla
X-Received: by 10.180.211.34 with SMTP id mz2mr35548298wic.56.1421676418086; Mon, 19 Jan 2015 06:06:58 -0800 (PST)
Received: from [10.0.0.142] (chello080108032135.14.11.univie.teleweb.at. [80.108.32.135]) by mx.google.com with ESMTPSA id hn2sm17429202wjc.5.2015.01.19.06.06.56 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 19 Jan 2015 06:06:57 -0800 (PST)
Message-ID: <54BD0F7E.9020300@azet.org>
Date: Mon, 19 Jan 2015 15:06:54 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
References: <54B5501A.4070402@azet.org> <D0DA96DB.58455%paul@marvell.com> <54B58F5B.2010704@cs.tcd.ie> <54B6815A.7060102@azet.org> <CABcZeBOkabo85Hv73MM1koeGnVYDJtPHc6uwk5b1BkPDRu=RGg@mail.gmail.com> <54B9352C.70203@azet.org> <54BA315A.7020804@polarssl.org> <20150117151105.GA5549@typhoon.azet.org> <1421658189.2854.11.camel@redhat.com>
In-Reply-To: <1421658189.2854.11.camel@redhat.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig013A8752B745C0000FC6B66F"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/tUvCGPDLDDV3rxXuSnMAQV3JPj8>
Cc: Manuel Pégourié-Gonnard <mpg@polarssl.org>, TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] Inclusion of OCB mode in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jan 2015 14:07:03 -0000


Nikos Mavrogiannopoulos wrote:
> On Sat, 2015-01-17 at 16:11 +0100, Aaron Zauner wrote:
>>>> (EC)DHE:
>>>> TLS_DHE_RSA_WITH_AES_128_OCB	
>>>> TLS_DHE_RSA_WITH_AES_256_OCB
>>>> TLS_ECDHE_RSA_WITH_AES_128_OCB
>>>> TLS_ECDHE_RSA_WITH_AES_256_OCB
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_OCB
>>>> TLS_ECDHE_ECDSA_WITH_AES_256_OCB
>>>>
>>>> PSK:
>>>> TLS_DHE_PSK_WITH_AES_128_OCB
>>>> TLS_DHE_PSK_WITH_AES_256_OCB	
>>>> TLS_ECDHE_PSK_WITH_AES_128_OCB
>>>> TLS_ECDHE_PSK_WITH_AES_256_OCB
>>>>
>>> I think it would make sense to also include pure PSK (no DH) suite for very
>>> constrained devices that can't afford the asymetric crypto.
>> Makes sense. So your suggestion is to swap or add these
>> ciphersuites? I have no real-world data on the usage of TLS with
>> pre-shared keys, nor it's deployment. I can only guess, would be
>> interesting to hear the opinion of embedded development people on
>> that subject.
> 
> I don't believe you can second guess here. There can be many valid
> use-cases unknown to anyone in the WG, or IETF, as PSK is often used in
> protocols which are non-standardized or standardized outside IETF.
> 

I'm not trying to second guess anybody/anything. I'd like to have some
common ground. If I take the lead from RFC6655 (AES-CCM) that'd be:

CipherSuite TLS_PSK_WITH_AES_128_OCB
CipherSuite TLS_PSK_WITH_AES_256_OCB
CipherSuite TLS_DHE_PSK_WITH_AES_128_OCB
CipherSuite TLS_DHE_PSK_WITH_AES_256_OCB

Plus:

>>>> TLS_ECDHE_PSK_WITH_AES_128_OCB
>>>> TLS_ECDHE_PSK_WITH_AES_256_OCB

Does this make sense for you?

Thanks,
Aaron