[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TLS] Re: SIV as WG item?

To: <Pasi.Eronen@xxxxxxxxx>
Subject: [TLS] Re: SIV as WG item?
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Thu, 10 Jan 2008 15:41:09 +0100
Cc: tls@xxxxxxxx
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F24051748FC@xxxxxxxxxxxxxxxxxxxxxx> (Pasi Eronen's message of "Thu, 10 Jan 2008 14:44:39 +0200")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <B356D8F434D20B40A8CEDAEC305A1F24051748FC@xxxxxxxxxxxxxxxxxxxxxx>
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

<Pasi.Eronen@xxxxxxxxx> writes:

> Dan Harkins already asked people to comment draft-harkins-tls-rsa-
> aes-siv, but I'd like to repeat the request officially, as the
> document is being proposed for WG item.
>
> In particular, please provide comments not only the technical details,
> but whether you think this is useful; should it be done as WG item or
> individual document; and whether you're willing to work on this
> document.

Generally speaking, I believe the crypto community will produce several
AEAD cipher modes with rather different properties (speed, IV-use,
provable security, patent status, and so on).

Having all those ciphers defined for TLS is an advantage, to allow
interoperable testing.  What is less clear at this point is which of the
alternatives to prefer.  I'm not sure a Standards Track status for any
of them (including GCM) is appropriate at this time.  There is nothing
proven wrong with our existing standard ciphers as far as I know.
Replacing working standards ciphers without a good technical reason
seems wrong to me.

Thus, right now, I think I would prefer to publish all AEAD ciphersuites
for TLS as informational or experimental documents, and wait until one
(or more) of them are implemented and used more widely.  I believe it is
better to develop all these ciphers as WG items, to make sure they are
defined in a correct and consistent way.

I may be missing some convincing reason why an AEAD cipher for TLS needs
to have standards track status, and if so, I would re-consider this
position.

/Simon

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- [TLS] RE: SIV as WG item?
  - From: Pasi.Eronen

References:
- [TLS] SIV as WG item?
  - From: Pasi.Eronen

Prev by Date: [TLS] Re: ECDHE_PSK as WG item?
Next by Date: Your order approved
Previous by thread: [TLS] SIV as WG item?
Next by thread: [TLS] RE: SIV as WG item?
Index(es):
- Date
- Thread