Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CCM: a meta-analysis

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 06 January 2015 10:27 UTC

From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CCM: a meta-analysis
Thread-Index: AdApm1Dp+QfpFbQHSrGreNGElYnrkg==
Date: Tue, 06 Jan 2015 10:27:04 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73AAF525B9@uxcn10-tdc05.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/xh6cUVs87qyYsVxMmMLeAxLn8Rs
Subject: Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CCM: a meta-analysis
Precedence: list

Michael Clark <michael@metaparadigm.com> writes:

>Before I've read through can we do this with it?
>
>AES-256-GCM + hmac_null   = 128 bits authentication
>AES-256-CBC + hmac_sha128 = 128 bits authentication
>
>AES-256-GCM + hmac_sha128 = 256 bits authentication
>AES-256-CBC + hmac_sha256 = 256 bits authentication
>
>AES-256-GCM + hmac_sha256 = 384 bits authentication
>AES-256-CBC + hmac_sha384 = 384 bits authentication

The MAC is whatever is negotiated for the session, and if you want a shorter
one you can send the truncated-MAC extension (which, however, nothing supports
AFAIK).  Having said that, see my previous message about not needing a
thousand options, we only need one that everyone uses.

Peter.

[TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CCM: a… Michael Clark
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Tapio Sokura
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Michael Clark
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Jeffrey Walton
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Peter Gutmann
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Michael Clark
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Michael Clark
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Russ Housley
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Michael Clark
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Michael Clark
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Michael Clark
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Watson Ladd
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Michael Clark
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Ilari Liusvaara
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Yoav Nir
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Paterson, Kenny
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Peter Gutmann
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Peter Gutmann
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Peter Gutmann
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Michael Clark
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Manuel Pégourié-Gonnard
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Paterson, Kenny
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Watson Ladd
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Watson Ladd
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Paterson, Kenny
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Martin Thomson
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Michael Clark
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Martin Thomson
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Tom Ritter
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Martin Rex
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Joe Hall
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Tom Ritter
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Martin Thomson
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Nikos Mavrogiannopoulos
Re: [TLS] AAED ciphers: AES-GCM vs AES-EAX/AES-CC… Tom Ritter