Re: [TLS] Confirming Consensus on supporting only AEAD ciphers

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Thu, 27 March 2014 14:59 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C2DC1A0745 for <tls@ietfa.amsl.com>; Thu, 27 Mar 2014 07:59:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qtGfR1y7-Mfc for <tls@ietfa.amsl.com>; Thu, 27 Mar 2014 07:59:13 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id EF0031A0754 for <tls@ietf.org>; Thu, 27 Mar 2014 07:59:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1669; q=dns/txt; s=iport; t=1395932349; x=1397141949; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=iRMvjTamujIDgWcSKkyfVN2ivHkeo3pIO7gg6x45sxE=; b=iSYrbdypOVI45uignXmpQuTD4qnfOYZ7g5F+tghK7nkuadqLaXhpnWU5 b3wgYFhdDzCcM7PsvL+TXHG6HLMyxYiWaIyzZHuN1zXASGdGXGMhXlK2k T0WTTzvm9EtibkeXdvWo/YsISyPuZfIkY549yPos4ObTNcc9Z77zZKJDw 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgIFAAE8NFOtJV2a/2dsb2JhbABZgwaBEsJggRsWdIIlAQEBAwE6PwULAgEIGB4QMiUCBA4Fh3EI0Q8XjkAzB4MkgRQBA5hNkjSDLoIr
X-IronPort-AV: E=Sophos;i="4.97,743,1389744000"; d="scan'208";a="313105975"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-1.cisco.com with ESMTP; 27 Mar 2014 14:59:09 +0000
Received: from xhc-aln-x03.cisco.com (xhc-aln-x03.cisco.com [173.36.12.77]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s2REx8oq024841 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 27 Mar 2014 14:59:08 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.247]) by xhc-aln-x03.cisco.com ([173.36.12.77]) with mapi id 14.03.0123.003; Thu, 27 Mar 2014 09:59:08 -0500
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: Russ Housley <housley@vigilsec.com>
Thread-Topic: [TLS] Confirming Consensus on supporting only AEAD ciphers
Thread-Index: AQHPSSM6qiIeFUDRHUase0LCUT6SLpr0zi+AgACNkQA=
Date: Thu, 27 Mar 2014 14:59:07 +0000
Message-ID: <A1B08507-CCDE-4616-9D8A-CA1A2C053DDC@cisco.com>
References: <86E69268-DC0A-43E7-8CF5-0DAE39FD4FD5@cisco.com> <3EAC453F-7902-48FC-B255-4416F50BBF82@vigilsec.com>
In-Reply-To: <3EAC453F-7902-48FC-B255-4416F50BBF82@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.33.248.91]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <AD45D3D8284A0B479D3AF9D1BD484FCF@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/zOs1Z6sD-NRzFsKmdNAbXyZGLCw
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2014 14:59:20 -0000

On Mar 26, 2014, at 11:32 PM, Russ Housley <housley@vigilsec.com> wrote:

> I'd like to ask a clarifying question.
> 
> Please look at RFC 6476.  In that document, Peter Gutmann uses traditional encryption and integrity functions to make an AEAD cipher.  Does this decision allow or prohibit such ciphers?
> 

[Joe]  The AEAD specification is TLS 1.2 is built from RFC 5116.  This does not restrict the type of algorithms used to build the AEAD cipher  as long as the result  meets RFC 5116.   I'm not sure that RFC 6476 can be used directly, but you should be able to build an AEAD cipher out of the same algorithms.  

Is your concern using RFC 6476 exactly or just being able to build a TLS compliant AEAD mode out of traditional functions?

> Russ
> 
> 
> On Mar 26, 2014, at 2:43 PM, Joseph Salowey (jsalowey) wrote:
> 
>> TLS has supported a number of different cipher types for protecting the record layer.   In TLS 1.3 these include Stream Cipher, CBC Block Cipher and AEAD Cipher.  The construction of the CBC mode within TLS has been shown to be flawed and stream ciphers are not generally applicable to DTLS. Using a single mechanism for cryptographic transforms would make security analysis easier.   AEAD ciphers can be constructed from stream ciphers and block ciphers and are defined as protocol independent transforms.  The consensus in the room at IETF-89 was to only support AEAD ciphers in TLS 1.3. If you have concerns about this decision please respond on the TLS list by April 11, 2014.
>> 
>> Thanks,
>> 
>> Joe
>> [Speaking for the TLS chairs]
>> 
>