[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TLS] Issue 66: HMAC-256 based ciphersuites

To: <tls@xxxxxxxx>
Subject: RE: [TLS] Issue 66: HMAC-256 based ciphersuites
From: <Pasi.Eronen@xxxxxxxxx>
Date: Tue, 8 Jan 2008 12:53:25 +0200
Cc:
In-reply-to: <C39F04CF.19B%uri@xxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20071231224941.3FE235081A@xxxxxxxxxxxxxx> <C39F04CF.19B%uri@xxxxxxxxxx>
Thread-index: AchL/2OOrcUvYv4ISfWiuA3avFmxEQAGD191AXLxw8A=
Thread-topic: [TLS] Issue 66: HMAC-256 based ciphersuites

I agree with Uri that adding SHA256-based suites is reasonable (and
also agree with Ekr's argument, "It's weird to to to all this trouble
and not define them"). And having them in the main 1.2 spec would be
simpler than a separate spec.

To be concrete, I'd suggest adding the following:

TLS_RSA_WITH_AES_128_CBC_SHA256   
TLS_DH_DSS_WITH_AES_128_CBC_SHA256
TLS_DH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DH_anon_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256   
TLS_DH_DSS_WITH_AES_256_CBC_SHA256
TLS_DH_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DH_anon_WITH_AES_256_CBC_SHA256

(or would 256-bit AES be enough?)

Best regards,
Pasi

> -----Original Message-----
> From: ext Blumenthal, Uri [mailto:uri@xxxxxxxxxx] 
> Sent: 01 January, 2008 03:43
> To: tls@xxxxxxxx
> Subject: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
> 
> 
> I am for adding SHA256-based suites. We want to phase SHA1 out and
> phase its probable replacement in.
> 
> SHA1 did exhibit some weaknesses. and we hardly want to wait and see
> whether they will turn into exploits some day.
> 
> 
> On 12/31/07 5:49 PM, "Eric Rescorla" <ekr@xxxxxxxxxxxxxxxxxxxx> wrote:
> 
> 
> > Someone, I can't remember who, suggested that we add
> > HMAC-SHA256-based ciphersuites (i.e., ones that use it as a message
> > MAC) directly in TLS 1.2. I'm waffling as to whether it's a good
> > idea.
> > 
> > Arguments for:
> > 
> > - We made it the default for the PRF.
> > - It's weird to to to all this trouble and not define them.
> > 
> > 
> > Arguments against:
> > - There's nothing known wrong with HMAC-SHA1
> > - This revision is about flexibility, not actually adding new
> >   digests.
> > 
> > Comments?
> > 
> > -Ekr


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Issue 66: HMAC-256 based ciphersuites
  - From: MIURA, Fumiaki
- Re: [TLS] Issue 66: HMAC-256 based ciphersuites
  - From: Blumenthal, Uri

References:
- [TLS] Issue 66: HMAC-256 based ciphersuites
  - From: Eric Rescorla
- Re: [TLS] Issue 66: HMAC-256 based ciphersuites
  - From: Blumenthal, Uri

Prev by Date: RE: [TLS] SIV Ciphersuites for TLS
Next by Date: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
Previous by thread: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
Next by thread: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
Index(es):
- Date
- Thread