Re: [TLS] Issue 56: AES as MTI

To: Eric Rescorla <ekr at networkresonance.com>, "Yee, Peter" <pyee at rsasecurity.com>
Subject: Re: [TLS] Issue 56: AES as MTI
From: Chris Newman <Chris.Newman at Sun.COM>
Date: Fri, 14 Sep 2007 12:45:51 -0700
Cc: tls at ietf.org
In-reply-to: <20070912232636.2B5FE33C21@delta.rtfm.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070912231150.ED1D533C21@delta.rtfm.com> <65C7072814858342AD0524674BCA2CDB0D2E6E3E@rsana-ex-hq2.NA.RSA.NET> <20070912232636.2B5FE33C21@delta.rtfm.com>

As far as I can tell, the real-world MTI for SSL/TLS as deployed is RC4. I dislike it when the real world MTI and the specified MTI differ and the specification fails to explain the difference.

It's my belief that AES-CBC is more likely to result in future alignment of the real-world MTI and the specified MTI than 3DES and thus I support a change from 3DES to AES as MTI. I would also support a change from 3DES to RC4 as MTI despite some concerns about the cryptographic longevity of that cipher.

               - Chris

Eric Rescorla wrote on 9/12/07 16:26 -0700:

At Wed, 12 Sep 2007 19:27:17 -0400,
Yee, Peter wrote:


Just AES in general or a specific key size and mode?  I'd generally
favor the move, although I recognize that AES will probably be slower
than RC4 so there will be those who would resist the move.  Despite
that, I'd be in favor of AES-GCM as MTI as it's a whole lot better
than 3DES_EDE_CBC.


The current algorithm is 3DES_EDE_CBC. I would imagine we would use
AES_128_CBC. It's a much easier substitution than GCM and most
TLS stacks already support AES-CBC.

-Ekr

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Issue 56: AES as MTI
  - From: Mike
- Re: [TLS] Issue 56: AES as MTI
  - From: Nelson B Bolyard

References:
- [TLS] Issue 56: AES as MTI
  - From: Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI
  - From: Eric Rescorla

Prev by Date: Re: [TLS] Issue 49: Finished.verify length
Next by Date: RE: [TLS] Review of draft-santesson-tls-gssapi-03
Previous by thread: [TLS] Re: Issue 56: AES as MTI
Next by thread: Re: [TLS] Issue 56: AES as MTI
Index(es):
- Date
- Thread

Re: [TLS] Issue 56: AES as MTI

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.