Re: [TLS] Inclusion of OCB mode in TLS 1.3
Jack Lloyd <lloyd@randombit.net> Wed, 21 January 2015 22:27 UTC
Return-Path: <lloyd@randombit.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 771E81A8979 for <tls@ietfa.amsl.com>; Wed, 21 Jan 2015 14:27:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c6oUOHq6OS4F for <tls@ietfa.amsl.com>; Wed, 21 Jan 2015 14:27:50 -0800 (PST)
Received: from maple.randombit.net (maple.randombit.net [66.228.45.112]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6B7C1A0047 for <tls@ietf.org>; Wed, 21 Jan 2015 14:27:48 -0800 (PST)
Received: by maple.randombit.net (Postfix, from userid 1000) id 2A0F01ADB07; Wed, 21 Jan 2015 17:27:48 -0500 (EST)
Date: Wed, 21 Jan 2015 17:27:48 -0500
From: Jack Lloyd <lloyd@randombit.net>
To: tls@ietf.org
Message-ID: <20150121222748.GA30732@randombit.net>
Mail-Followup-To: tls@ietf.org
References: <54B5501A.4070402@azet.org> <20150120191819.GA8165@typhoon.azet.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20150120191819.GA8165@typhoon.azet.org>
X-PGP-Fingerprint: 3F69 2E64 6D92 3BBE E7AE 9258 5C0F 96E8 4EC1 6D6B
X-PGP-Key: http://www.randombit.net/pgpkey.html
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/yadUgOUwvbLx9IQOKQ5JRp_mpHw>
Subject: Re: [TLS] Inclusion of OCB mode in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2015 22:27:51 -0000
On Tue, Jan 20, 2015 at 08:18:21PM +0100, Aaron Zauner wrote: > Hi TLS-WG, > > The Internet Draft can be found over here: > https://datatracker.ietf.org/doc/draft-zauner-tls-aes-ocb/ My initial understanding on reading the draft was that in the nonce construction the sequence number is implicit (or already explicit in the message in the case of DTLS), and the record_iv_length of these ciphersuites is zero. However it then refers to RFC 5288 (the GCM ciphersuite definition), which includes an explicit 8 byte nonce in each message. Or is this reference purely with regards to the formatting of the nonce input to the AEAD algorithm? Even just an additional statement "The record_iv_length is X." should resolve this. If anyone is interested in interop testing, I have implemented these ciphersuites (assuming record_iv_length is 0) for the next release of botan (available via https://github.com/randombit/botan) using ids in the private use range. Cheers, Jack
- [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Russ Housley
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Watson Ladd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Matt Caswell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Paul Lambert
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Stephen Farrell
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Viktor Dukhovni
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Brian Smith
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jacob Appelbaum
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Joachim Strömbergson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Eric Rescorla
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] Inclusion of OCB mode in TLS 1.3 Phillip Rogaway
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Manuel Pégourié-Gonnard
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Alex Elsayed
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Martin Thomson
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Eric Rescorla
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Watson Ladd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Henrik Grubbström
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Salz, Rich
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nico Williams
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Dmitry Belyavsky
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] GOST in TLS (Re: Inclusion of OCB mode in T… Martin Rex
- Re: [TLS] GOST in TLS (Re: Inclusion of OCB mode … Dmitry Belyavsky
- Re: [TLS] GOST in TLS (Re: Inclusion of OCB mode … Martin Rex
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- [TLS] PSK [was: Re: Inclusion of OCB mode in TLS … Daniel Kahn Gillmor
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Peter Gutmann
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Jack Lloyd
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Roland Zink
- Re: [TLS] Inclusion of OCB mode in TLS 1.3 Aaron Zauner