Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac

To: "tls at ietf.org" <tls at ietf.org>
Subject: Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
From: "Blumenthal, Uri" <uri at ll.mit.edu>
Date: Wed, 13 Feb 2008 08:49:26 -0500
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20080213055158.GA8834 at tau.invalid>
List-archive: <http://www.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <B356D8F434D20B40A8CEDAEC305A1F24053F3C40 at esebe105.NOE.Nokia.com> <20080213055158.GA8834 at tau.invalid>
Sender: tls-bounces at ietf.org
Thread-index: AchuBLLvATUznUO5TX6ZEMfLxKSUQAAQj7Ig
Thread-topic: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac

And the point of mixing an RSA-based suite into an ECC-based draft would be..?   The idea is to move from RSA to ECC.

-----Original Message-----
From: tls-bounces at ietf.org [mailto:tls-bounces at ietf.org] On Behalf Of Bodo Moeller
Sent: Wednesday, February 13, 2008 12:52 AM
To: Pasi.Eronen at nokia.com
Cc: tls at ietf.org
Subject: Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac

On Tue, Feb 12, 2008 at 02:42:03PM +0200, Pasi.Eronen at nokia.com wrote:

> This message starts a WG last call on the following two drafts:
>
>   draft-ietf-tls-rsa-aes-gcm-02
>   draft-ietf-tls-ecc-new-mac-04
>
> prior to sending them to the IESG for publication as Proposed
> Standard (rsa-aes-gcm) and Informational (ecc-new-mac).
>
> Please send your comments to the WG mailing list by Wednesday
> March 5th. [...]

Given the form of rfc4346-bis that has now evolved, the ecc-new-mac
specification really should include ECDHE_RSA versions of the
ciphersuites that it specifies -- i.e., ciphersuites relying on RSA
for server authentication (since this is what the current base of
installed certificates mostly offers) but on ECDH for forward secrecy.

(Using the RFC 4492 ciphersuite for this purpose would mean using
the legacy TLS PRF.)

For sake of completeness, one might also want to add ECDH_RSA to the
picture.

So I don't really agree with draft-ietf-tls-ecc-new-mac-## unless the
following ciphersuites are added, since I wouldn't really like to see
yet another boring ciphersuite specification just to cover these:

       CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256  = {0xXX,XX};
       CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384  = {0xXX,XX};

       CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256  = {0xXX,XX};
       CipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384  = {0xXX,XX};

... plus optionally:

       CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256   = {0xXX,XX};
       CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384   = {0xXX,XX};

       CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256   = {0xXX,XX};
       CipherSuite TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384   = {0xXX,XX};

, all with the obvious semantics.

Bodo

_______________________________________________
TLS mailing list
TLS at ietf.org
http://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS at ietf.org
http://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
  - From: Bodo Moeller

References:
- [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
  - From: Pasi.Eronen
- Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
  - From: Bodo Moeller

Prev by Date: Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
Next by Date: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The Transport Layer Security (TLS) Protocol Version 1.2) to Proposed Standard
Previous by thread: Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
Next by thread: Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac
Index(es):
- Date
- Thread

Re: [TLS] WGLC for rsa-aes-gcm and ecc-new-mac

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.