Re: [TLS] rfc4366-bis-03 Discuss #3: Applicability of MAC Truncation

To: <ah at tr-sys.de>, <tls at ietf.org>
Subject: Re: [TLS] rfc4366-bis-03 Discuss #3: Applicability of MAC Truncation
From: <Pasi.Eronen at nokia.com>
Date: Thu, 23 Oct 2008 15:30:56 +0300
Delivered-to: ietfarch-tls-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <200810212025.WAA27724 at TR-Sys.de>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <200810212025.WAA27724 at TR-Sys.de>
Sender: tls-bounces at ietf.org
Thread-index: Ackzu1swh/ovcJKCTZutueHKhXgitABT4fhg
Thread-topic: [TLS] rfc4366-bis-03 Discuss #3: Applicability of MAC Truncation

Alfred HÎnes wrote:

> Thus, a couple of questions arises:
> 
> -  Do we need MAC truncation for the SHA-2 family based HMACs?
> 
> -  If yes, is truncation to 80 bits appropriate?
> 
> -  Or should the extension be expanded to allow specification of
>    the truncation lenght?
>    (Compatibility issues?)
> 
> -  Or do we need a complementary extension that allows the
>    explicit specification of the truncation lenght?

Given how much real-world use this extension has seen (as far as 
I know, none), I don't think adding functionality to it would be very 
useful.

> -  Should the applicability of the Truncated (H)MAC extension be
>    restricted to cipher suites using HMAC-MD5 od HMAC-SHA1 ?

Why?

> -  Should the applicability be clearly restricted to cipher
>    suites using HMAC, excluding all AEAD cipher suites and/or
>    future cipher suites using other MACs (e.g., SIV) ?

The applicability is already restricted to cipher suites using HMAC
("Note that if new cipher suites are added that do not use HMAC, and
the session negotiates one of these cipher suites, this extension will
have no effect.") -- what are you proposing to change?

Best regards,
Pasi
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] rfc4366-bis-03 Discuss #3: Applicability of MAC Truncation
  - From: Alfred Hönes

Prev by Date: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
Next by Date: Re: [TLS] rfc4366-bis-03 Discuss #2: hash alg. agility for TrustedCA?
Previous by thread: [TLS] rfc4366-bis-03 Discuss #3: Applicability of MAC Truncation
Next by thread: [TLS] New Version Notification - draft-rescorla-tls-suiteb-09.txt
Index(es):
- Date
- Thread

Re: [TLS] rfc4366-bis-03 Discuss #3: Applicability of MAC Truncation

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.