Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac

To: Pasi.Eronen at nokia.com
Subject: Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
From: Bodo Moeller <bmoeller at acm.org>
Date: Tue, 12 Feb 2008 21:51:58 -0800
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F24053F3C40 at esebe105.NOE.Nokia.com>
List-archive: <http://www.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <B356D8F434D20B40A8CEDAEC305A1F24053F3C40 at esebe105.NOE.Nokia.com>
Sender: tls-bounces at ietf.org
User-agent: Mutt/1.5.9i

On Tue, Feb 12, 2008 at 02:42:03PM +0200, Pasi.Eronen at nokia.com wrote:

> This message starts a WG last call on the following two drafts:
> 
>   draft-ietf-tls-rsa-aes-gcm-02
>   draft-ietf-tls-ecc-new-mac-04
> 
> prior to sending them to the IESG for publication as Proposed 
> Standard (rsa-aes-gcm) and Informational (ecc-new-mac).
> 
> Please send your comments to the WG mailing list by Wednesday 
> March 5th. [...]

Given the form of rfc4346-bis that has now evolved, the ecc-new-mac
specification really should include ECDHE_RSA versions of the
ciphersuites that it specifies -- i.e., ciphersuites relying on RSA
for server authentication (since this is what the current base of
installed certificates mostly offers) but on ECDH for forward secrecy.

(Using the RFC 4492 ciphersuite for this purpose would mean using
the legacy TLS PRF.)

For sake of completeness, one might also want to add ECDH_RSA to the
picture.

So I don't really agree with draft-ietf-tls-ecc-new-mac-## unless the
following ciphersuites are added, since I wouldn't really like to see
yet another boring ciphersuite specification just to cover these:

       CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256  = {0xXX,XX};
       CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384  = {0xXX,XX};

       CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256  = {0xXX,XX};
       CipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384  = {0xXX,XX};

... plus optionally:

       CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256   = {0xXX,XX};
       CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384   = {0xXX,XX};

       CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256   = {0xXX,XX};
       CipherSuite TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384   = {0xXX,XX};

, all with the obvious semantics.

Bodo

_______________________________________________
TLS mailing list
TLS at ietf.org
http://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
  - From: Blumenthal, Uri

References:
- [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
  - From: Pasi.Eronen

Prev by Date: Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
Next by Date: Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
Previous by thread: Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
Next by thread: Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
Index(es):
- Date
- Thread

Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.