Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CCM: a meta-analysis

Martin Thomson <martin.thomson@gmail.com> Mon, 26 January 2015 19:18 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D427B1ACEA3 for <tls@ietfa.amsl.com>; Mon, 26 Jan 2015 11:18:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KjeicjO-u0DV for <tls@ietfa.amsl.com>; Mon, 26 Jan 2015 11:18:17 -0800 (PST)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 947F61A8BC2 for <tls@ietf.org>; Mon, 26 Jan 2015 11:18:17 -0800 (PST)
Received: by mail-oi0-f48.google.com with SMTP id v63so8795602oia.7 for <tls@ietf.org>; Mon, 26 Jan 2015 11:18:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=TqyeydooL6ckAzkEmurqMeovkN5PhiRAtS0GQYXDK5g=; b=qZeMOS24VMpcLImRTyLo9KDYM4QD2ceUxi9ealmyaYKL6wV4RAb67tf6f1NdZK9P43 2N1MMgg8WKeUAxnG/MMls4rbOIePU9FDywlnnLFdCfGl2DsyuaSye/IsW/3PLR6yKW0k VTrsMN2ptOwbdPBDvgF90Wtv/tX0/rUTLAf0E+lGWJubfKOhJ4O7NNXEmij7lYoKk16x SsWRIAMAAQe18x5Ni4okcC7pTALVFfcc2uPLODg9LFaaKrVJ2wv9hgp8g5rfnqg8FPQX V19zCZHfFEjU6Xz33R0/X0yJwzUQRUy+YKtEbrjaqACT42w8M1QAE0RdWeWUDnyccTK5 Kvlw==
MIME-Version: 1.0
X-Received: by 10.182.108.194 with SMTP id hm2mr13735948obb.85.1422299896974; Mon, 26 Jan 2015 11:18:16 -0800 (PST)
Received: by 10.202.226.136 with HTTP; Mon, 26 Jan 2015 11:18:16 -0800 (PST)
In-Reply-To: <CA+cU71n_wJQP-wvBpxU6z=a2zcjRFovdrb2FCjAUQFrJvs1pGA@mail.gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C73AAF525B9@uxcn10-tdc05.UoA.auckland.ac.nz> <D0D16976.3BD1D%kenny.paterson@rhul.ac.uk> <54B54A5F.7020401@polarssl.org> <D0DB0820.3C588%kenny.paterson@rhul.ac.uk> <CACsn0c=oYuUhkPi2QO=qPy95X4v+xXViTyi+XzyRrO1BKLnnLg@mail.gmail.com> <D0DB1039.3C5D9%kenny.paterson@rhul.ac.uk> <CACsn0ck-2_348SkASvkCrP7r3HoD-G8t590WRzWkQpj6TjBMqg@mail.gmail.com> <CABkgnnWLUsKuJ71dbpSps5bErbrjGnYe-_BjDpJGmMkD-O0BUw@mail.gmail.com> <54B65AF0.1080503@metaparadigm.com> <CABkgnnUmoA4mMqbgVaKgebmC-PzvSBeRQ_=eoCSaNp9C2mtg=Q@mail.gmail.com> <CA+cU71=Zs3zkfsxiYev-E9Wqg=nYTtUbiizoJCJ4QUVc=qpRRw@mail.gmail.com> <CABtrr-VJRqw6oG6e7DxuBaXq8DM2Y9WxLjJ=Z9BEchceoh00ow@mail.gmail.com> <CA+cU71n_wJQP-wvBpxU6z=a2zcjRFovdrb2FCjAUQFrJvs1pGA@mail.gmail.com>
Date: Mon, 26 Jan 2015 11:18:16 -0800
Message-ID: <CABkgnnU63HryZPr1WQMqgagD9rrnF2XSEaoGKvqngMTMS+Ahmw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Tom Ritter <tom@ritter.vg>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/vB0F5Qqqp2rOADCH6kZ0Pbfy3_s>
Cc: =?UTF-8?Q?Manuel_P=C3=A9gouri=C3=A9=2DGonnard?= <mpg@polarssl.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CCM: a meta-analysis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jan 2015 19:18:19 -0000

On 26 January 2015 at 11:08, Tom Ritter <tom@ritter.vg>; wrote:
> From my recollection at Denver:
>  - Consensus was we didn't want to pay a 2-byte penalty to put padding
> in everywhere by default
>  - Rough Consensus was padding without paying a penalty was something
> reasonable to pursue
>  - A few of us (dkg, myself, Alfonso) were going to think about how to
> do that and also consider writing a BCP on why padding is useful, when
> it makes sense, and rough strategies for doing it

That matches my recollection.  I think that it was deferred so that we
could pay more attention to the handshake.  I'm hoping that we can
start nailing down the macro-level handshake details in the next
couple of months, allowing us to get to this, content-type encryption,
removal of the version number from the record layer, and various other
interesting proposals that have been on hold.