[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TLS] Issue 66: HMAC-256 based ciphersuites

To: tls@xxxxxxxx
Subject: [TLS] Issue 66: HMAC-256 based ciphersuites
From: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 31 Dec 2007 14:49:41 -0800
Cc:
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

Someone, I can't remember who, suggested that we add
HMAC-SHA256-based ciphersuites (i.e., ones that use it as a message
MAC) directly in TLS 1.2. I'm waffling as to whether it's a good
idea.

Arguments for:

- We made it the default for the PRF.
- It's weird to to to all this trouble and not define them.


Arguments against:
- There's nothing known wrong with HMAC-SHA1
- This revision is about flexibility, not actually adding new
  digests.

Comments?

-Ekr


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Issue 66: HMAC-256 based ciphersuites
  - From: Nikos Mavrogiannopoulos
- Re: [TLS] Issue 66: HMAC-256 based ciphersuites
  - From: Blumenthal, Uri

Prev by Date: Re: [TLS] Status of IDEA
Next by Date: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
Previous by thread: [TLS] Certificate alert severity
Next by thread: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
Index(es):
- Date
- Thread