Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question

To: ah at tr-sys.de, tls at ietf.org
Subject: Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
From: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
Date: Sat, 23 Aug 2008 22:57:26 +1200
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org
User-agent: Internet Messaging Program (IMP) H3 (4.0.1)

[It looks like outgoing mail from the last few days has been going missing,
 this is a resend.  Apologies in case it did get out and you've seen it
 before...]

Alfred H?nes <ah at tr-sys.de> writes:

>During off-list discussions of the changes for the -01 version of draft-ietf-
>tls-psk-new-mac-aes-gcm, it became apparent that there's a certain degree of
>imbalance in the draft regarding the portfolio of combinations of
>AES-{128|256}  with  SHA-{256|384} .

Why is -384 in there at all [0]?  It's a major pain to implement on non-64-bit
processors and just adds to code bloat on everything else.  Why not just stick
with a single unified SHA-256 until SHA-3 comes along in a year or two and
renders them obsolete?

Peter.

[0] Yes, I know the theoretical cryptographic arguments, but there's no sign
    of either -256 or -384 being stronger or weaker until they're displaced by
    SHA-3 anyway.

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
  - From: Blumenthal, Uri

Prev by Date: Re: [TLS] Question about SIP on TLS
Next by Date: Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
Previous by thread: [TLS] Question about SIP on TLS
Next by thread: Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
Index(es):
- Date
- Thread

Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.