Re: [TLS] Consensus Call on MTI Algorithms

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 02 April 2015 12:48 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 464681A8A3B for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 05:48:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mzyO5RXqvDHI for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 05:48:10 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C08E61A8A12 for <tls@ietf.org>; Thu, 2 Apr 2015 05:48:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 8E696BF08; Thu, 2 Apr 2015 13:48:09 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y4Bzeyr5yWuC; Thu, 2 Apr 2015 13:48:08 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.18.59]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 21E42BEE8; Thu, 2 Apr 2015 13:48:08 +0100 (IST)
Message-ID: <551D3A87.5060801@cs.tcd.ie>
Date: Thu, 02 Apr 2015 13:48:07 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Yaron Sheffer <yaronf.ietf@gmail.com>, Martin Thomson <martin.thomson@gmail.com>
References: <CAOgPGoBk+E=cNV1ufBaQ0n7=CJQ34zukPixKCEdpmMLBX=Kg_w@mail.gmail.com> <4EAF777A-0F04-400D-BFCA-AA1F13526770@gmail.com> <551C9170.8050708@gmail.com> <CABkgnnXAUnM6hy0mom5398RP9wJJwxxBxyuqUvdMG-PFAM+F7g@mail.gmail.com> <551D2D06.6000603@gmail.com>
In-Reply-To: <551D2D06.6000603@gmail.com>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/wnKS5DcBhb4ZPzhsy00s_juPNUE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Consensus Call on MTI Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 12:48:12 -0000


On 02/04/15 12:50, Yaron Sheffer wrote:
>> On 1 April 2015 at 17:46, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:
>>> AES-256-GCM and SHA-384. Doesn't it make sense to have them as SHOULD,
>>
>> I don't see much point.  All involved likely know if they need
>> something that strong, which is way down there in the "we might need
>> it someday" category [1].
>>
>> [1] http://www.keylength.com/en/3/
>>
> 
> The TLS BCP is IETF consensus, not just one person's opinion. If people
> deploy stuff based on our recommendations, we should ensure that it is
> still available to them when they migrate to TLS 1.3.

But isn't it likely we revise the TLS BCP once TLS1.3 is done and
implementations start to become common? We can make sure things
all add up at that point in time, and are in-whack with what people
are deploying, but we don't necessarily need to do so now I think.

S.


> 
> Thanks,
>     Yaron
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 
>