Re: [TLS] Issue 56: AES as MTI

To: tls at ietf.org
Subject: Re: [TLS] Issue 56: AES as MTI
From: Nelson B Bolyard <nelson at bolyard.com>
Date: Fri, 14 Sep 2007 14:10:58 -0700
Cc: Chris Newman <Chris.Newman at Sun.COM>, "Yee, Peter" <pyee at rsasecurity.com>
In-reply-to: <5E75C29FF611C298B79DC0E1@[10.1.110.5]>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070912231150.ED1D533C21@delta.rtfm.com> <65C7072814858342AD0524674BCA2CDB0D2E6E3E@rsana-ex-hq2.NA.RSA.NET> <20070912232636.2B5FE33C21@delta.rtfm.com> <5E75C29FF611C298B79DC0E1@[10.1.110.5]>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a5pre) Gecko/20070527 SeaMonkey/1.5a

Chris Newman wrote:
> As far as I can tell, the real-world MTI for SSL/TLS as deployed is
> RC4.  I dislike it when the real world MTI and the specified MTI differ
> and the specification fails to explain the difference.

I think the RFC does not need a Mandatory Cipher Suite.  There are
different marketplaces for TLS, and each one will define its own mandatory
cipher suite.  I see no need to say that all implementations must do one.
Each implementation is intended to operate in one or more marketplaces,
and market forces will ensure that all implementations in each market will
implement the cipher suite that is the de facto standard mandatory one.

TLS 1.0 defined TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA and the eCommerce
marketplace utterly ignored that.  Several implementations STILL do not
implement that cipher suite to this day, yet that has not resulted in a
lack of interoperability.  Interoperability for eCommerce has employed
the RSA+RC4 cipher suites, as Chris noted.

> It's my belief that AES-CBC is more likely to result in future alignment
> of the real-world MTI and the specified MTI than 3DES and thus I support
> a change from 3DES to AES as MTI.   I would also support a change from
> 3DES to RC4 as MTI despite some concerns about the cryptographic
> longevity of that cipher.

Going forward, it's clear that in some markets, AES will be mandated to
the exclusion of all else, but in others RC4 will still dominate.

I suggest that the RFC should call for the development of profiles of TLS,
selected subsets of cipher suites, hello extensions, and perhaps EC curves
that will form the basis for interoperability for implementations within
the marketplace of each profile.

/Nelson

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Issue 56: AES as MTI
  - From: Chris Newman
- Re: [TLS] Issue 56: AES as MTI
  - From: Eric Rescorla

References:
- [TLS] Issue 56: AES as MTI
  - From: Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI
  - From: Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI
  - From: Chris Newman

Prev by Date: RE: [TLS] Review of draft-santesson-tls-gssapi-03
Next by Date: Re: [TLS] Issue 56: AES as MTI
Previous by thread: Re: [TLS] Issue 56: AES as MTI
Next by thread: Re: [TLS] Issue 56: AES as MTI
Index(es):
- Date
- Thread

Re: [TLS] Issue 56: AES as MTI

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.