Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question

To: ekr at networkresonance.com, pgut001 at cs.auckland.ac.nz
Subject: Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Thu, 28 Aug 2008 17:14:22 +1200
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20080827151203.D5C7955B577 at kilo.rtfm.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org

Eric Rescorla <ekr at networkresonance.com> writes:
>Peter Gutmann wrote:
>> Eric Rescorla <ekr at networkresonance.com> writes:
>>
>> >We've got a bunch of documents that specify SHA-256. I don't think it's
>> >somehow a feature to have an entirely parallel track of documents in some
>> >sandbox that only differ in that they specify SHA-384.
>>
>> I think it does.  For 15-odd years SSL/TLS got along with the universal-
>> standard MD5 and then SHA-1, and now it's added SHA-256.  Oh, and a bunch of
>> extra baggage that's been dragged along not for any good security reason but
>> just because it's in the same algorithm family.
>
>LPeter you had your chance to complain about this back in June 2007, when 384
>was added--or for that matter you could have complained when RFC 5246 was in
>LC. I don't recall you doing so.

At the time I didn't know that other standards groups that use TLS were going
to be making such a mess of things (some get it right, e.g. IEC 68150 which
profile a single cipher suite - although admittedly a somewhat odd choice -
but others require that you implement everything mentioned in the spec).  This
wasn't a request to retroactively change existing specs but a suggestion for
future work.  PKIX and the S/MIME group managed this too, and (IMHO) the
specs, and particularly the standards process, are the better off for it
because the ripple-update problem is no longer present.

>All new algorithms are optional unless specified otherwise. 

Maybe the spec could make this explicit then, there's nothing in there at the
moment that says this so there's no way for anyone reading the draft (who
hasn't seen your email to this list) to know this.  And even then I think
saying "We don't have to implement SHA-384 because ekr said so in a posting he
made to the TLS list" probably won't work too well in a debate over standards
conformance :-).

Peter.

PS: Apologies for some of the duplicate posts that may have turned up, our
    mail system had a slight hiccup earlier on.
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
  - From: Eric Rescorla

Prev by Date: Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
Next by Date: [TLS] Fwd: I-D Action:draft-rescorla-tls-suiteb-03.txt
Previous by thread: Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question
Next by thread: [TLS] Fwd: I-D Action:draft-rescorla-tls-suiteb-03.txt
Index(es):
- Date
- Thread

Re: [TLS] draft-ietf-tls-psk-new-mac-aes-gcm-01 : portfolio question

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.