Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC

To: Pasi.Eronen at nokia.com
Subject: Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
From: Mohamad Badra <badra at isima.fr>
Date: Wed, 01 Oct 2008 16:48:34 +0200
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <1696498986EFEC4D9153717DA325CB7201C31635 at vaebe104.NOE.Nokia.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <48E0AD6A.3070705 at isima.fr> <1696498986EFEC4D9153717DA325CB7201C31635 at vaebe104.NOE.Nokia.com>
Sender: tls-bounces at ietf.org
User-agent: Thunderbird 2.0.0.17 (Windows/20080914)

(sorry for the trouble in my last mail subject)

Dear Pasi,

> The contents of the draft have changed quite a bit since version -02
> (which was posted just before the Dublin meeting), and I have some
> comments about the changes:

In fact, we discussed adding SHA256 and SHA348 to the document to avoidpublishing several seperated documents; and if I recall well, yourrecommendation was to do that in one single document. If the groupdoesn't agree with this change, I will post the old version.


> It's a bit surprising that e.g. TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
> when negotiated in TLS 1.2, would use the TLS PRF with SHA-1 as the
> hash function. Note that e.g. TLS_DHE_PSK_WITH_AES_128_CBC_SHA (from
> RFC 4279) would in this situation use the TLS PRF with SHA-256.

In this case, I would know where I can read that cipher suites describedin RFC 4492, when negotiated in TLS 1.2, will use the TLS PRF withSHA-256. Do you refer to Section 5 of TLS 1.2?


The same for TLS_DHE_PSK_WITH_AES_128_CBC_SHA.

>
> My suggestion would be to say that all these cipher suites can be
> negotiated with any TLS version; when used with TLS <1.2, they use
> the PRF from that version; when used with TLS >=1.2, they use the
> TLS PRF with SHA-256 or SHA-384. (In other words: they'd work the
> same way as the cipher suites in RFC 4492/4279/4785.)
>
> This change would probably allow us to remove the SHA-1 suites
> completely.

With regard to version 2 of the document, only SHA-1 suites aredescribed. So why we need to do this step?


> Also, while I can understand combining AES-128 with
> SHA-256, and AES-256 with SHA-384, I'm not sure why we need to
> combine NULL encryption with three different MACs...
>

In the case we are going to remove the SHA-1 suites with NULLencryption, only 2 combinations will be available (if we keep the logicof moving away from SHA-1 and towards stronger hash algorithms, as RFC5288 and 5289 do).


Best regards,
Badra

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
  - From: Pasi.Eronen

References:
- [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
  - From: Mohamad Badra
- Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
  - From: Pasi.Eronen

Prev by Date: [TLS] RE: New version of draft-ietf-tlRE: New version of draft-ietf-tls-ecdhe-psk aftRE: New version of draft-ietf-tls-ecdhe-psk after the WGLC
Next by Date: Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
Previous by thread: [TLS] RE: New version of draft-ietf-tlRE: New version of draft-ietf-tls-ecdhe-psk aftRE: New version of draft-ietf-tls-ecdhe-psk after the WGLC
Next by thread: Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
Index(es):
- Date
- Thread

Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.