IETF Logo Mail Archive

Re: [TLS] MTI policy & practice (Was: Re: Comments on various things on agenda)

Watson Ladd <watsonbladd@gmail.com> Wed, 11 March 2015 00:33 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8B601A8AC2 for <tls@ietfa.amsl.com>; Tue, 10 Mar 2015 17:33:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5sirmpfCW8wF for <tls@ietfa.amsl.com>; Tue, 10 Mar 2015 17:33:46 -0700 (PDT)
Received: from mail-yh0-x22c.google.com (mail-yh0-x22c.google.com [IPv6:2607:f8b0:4002:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D4B71A8940 for <tls@ietf.org>; Tue, 10 Mar 2015 17:33:46 -0700 (PDT)
Received: by yhzz6 with SMTP id z6so2766387yhz.3 for <tls@ietf.org>; Tue, 10 Mar 2015 17:33:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=WZwV1EnGDznVn0GvqKHcd6huAkdf7XsDAkSaV1GsQ54=; b=TPDoBPAVhwoo/B5Mt809vUv0qjIz+rKfFvyimKELEa62ny3lwGFkH531JJqhgzfMTJ TTPz3E5tKQKwR2HM+GVR8ePNBaXypzym2/fhX+nTsQUoAiwLbbbTm93P4dUhlUGEtJ99 wtyHes2FIgsuFlXmcajgM6WH43HRvWtscrMsM2MC5rJK57qABT+eDYHEps0YQL3afLKR nQPjPg4kPraS9/OtKfRgIvImnvOANBLRbQnSLVJjIrXEvQEriFglDoAgg74FB9dzUmQx Ewb6IJjPL3v1OFYThK2IBqTiuZyGkPLIxYlbeQx7WnQWhiaaTdJAZfsPnqyOzEBt0At5 KVQQ==
MIME-Version: 1.0
X-Received: by 10.236.1.38 with SMTP id 26mr34413514yhc.163.1426034025637; Tue, 10 Mar 2015 17:33:45 -0700 (PDT)
Received: by 10.170.58.201 with HTTP; Tue, 10 Mar 2015 17:33:45 -0700 (PDT)
In-Reply-To: <201503091911.17254.davemgarrett@gmail.com>
References: <65D2FD736B6B2B48B2EAD2BD189DC9CC270CA949@LLE2K10-MBX01.mitll.ad.local> <201503091821.41393.davemgarrett@gmail.com> <20150309223806.GA3923@typhoon.azet.org> <201503091911.17254.davemgarrett@gmail.com>
Date: Tue, 10 Mar 2015 17:33:45 -0700
Message-ID: <CACsn0cn-3mw9rCdiw5mMGZZD3XM1QER0bXRqGe6PcpB+i0XHYg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: multipart/alternative; boundary="001a1132e9ca892f2d0510f86b0c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/vD93L4zlKAI2t9VJQNEOZzbSuEs>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] MTI policy & practice (Was: Re: Comments on various things on agenda)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 00:33:48 -0000

On Mar 9, 2015 4:11 PM, "Dave Garrett" <davemgarrett@gmail.com> wrote:
>
> On Monday, March 09, 2015 06:38:08 pm Aaron Zauner wrote:
> > In any case, people do argue that algorithmic agility causes more
> > problems than it's worth. I agree somewhat, but IMHO at least one
> > backup is a good idea
>
> I'd much rather have three than two. (not counting deprecated
ciphers/modes) I think of it in this way: if one were to vanish, there
would still be a choice left. With only two chosen ones, then a fatal
attack on one brings us all the way back to the one-true-cipher again.
>
> If you assume eventual failure, a secondary backup is very desirable.

Both AES-CCM and AES-GCM have security reducing to that of AES as a PRP. So
they aren't actually independent backups. The issue is that extremely
limited hardware may only support AES-CCM.

>
>
> Dave
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email