RE: [TLS] Suite B compliance of TLS 1.2

"Blumenthal, Uri" <uri.blumenthal@intel.com> Thu, 27 July 2006 13:01 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G65UM-0004rs-Kp; Thu, 27 Jul 2006 09:01:18 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G65UL-0004rn-Dj for tls@ietf.org; Thu, 27 Jul 2006 09:01:17 -0400
Received: from mga01.intel.com ([192.55.52.88] helo=fmsmga101-1.fm.intel.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G65UK-0005Ft-1c for tls@ietf.org; Thu, 27 Jul 2006 09:01:17 -0400
Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101-1.fm.intel.com with ESMTP; 27 Jul 2006 06:01:15 -0700
Received: from fmsmsx333.fm.intel.com (HELO fmsmsx333.amr.corp.intel.com) ([132.233.42.2]) by fmsmga001.fm.intel.com with ESMTP; 27 Jul 2006 06:01:15 -0700
X-IronPort-AV: i="4.07,187,1151910000"; d="scan'208"; a="105827545:sNHT14390558"
Received: from fmsmsx311.amr.corp.intel.com ([132.233.42.214]) by fmsmsx333.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 27 Jul 2006 06:01:09 -0700
Received: from hdsmsx412.amr.corp.intel.com ([10.127.2.72]) by fmsmsx311.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 27 Jul 2006 06:01:05 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Suite B compliance of TLS 1.2
Date: Thu, 27 Jul 2006 09:01:01 -0400
Message-ID: <279DDDAFA85EC74C9300A0598E704056618F7E@hdsmsx412.amr.corp.intel.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Suite B compliance of TLS 1.2
Thread-Index: AcaxEYWaUuj/xcJwRA2ibfCyv74SIQAamsgg
From: "Blumenthal, Uri" <uri.blumenthal@intel.com>
To: tls@ietf.org
X-OriginalArrivalTime: 27 Jul 2006 13:01:05.0934 (UTC) FILETIME=[B8B182E0:01C6B17C]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

>> I don't entirely understand these statements. Is there a reason
>> why new cipher suites supporting SHA-256, -384, or -512, couldn't
>> be defined using the existing HMAC? 
>>
>> Why doesn't this solve the message integrity issue?
>
> I was wondering the same thing... I.e., why Wan-Teh called
> the issue "controversial". Anyway, I was expecting that
> there would eventually be HMAC-XXX cipher suites.

A. There will be ciphersuite(s) with combined encryption-authentication
AES mode. No issue here.

B. For ciphersuites with no-encryption or AES in encryption-only mode,
HMAC. Suite B specs fail to say what to do, even though the course is
rather obvious.

C. NSA should spell it out explicitly. So perhaps a comment or two to
<mailto:nsapao@nsa.gov> would do good.

D. [I personally wonder why they stopped short of specifying MAC for
data stream integrity protection. They  specified everything else.]

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls