[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: [TLS] TLS 1.3 (Re: TLS at IETF 88)
From: Michael D'Errico <mike-list () pobox ! com>
Date: 2013-10-30 15:49:00
Message-ID: 52712A6C.4050306 () pobox ! com
[Download RAW message or body]
Paul Hoffman wrote:
> On Oct 29, 2013, at 11:16 AM, Joseph Salowey (jsalowey) <jsalowey@cisco.com> wrote:
>
>> The TLS working group will meet at IETF 88
>> Tuesday,November 5, 2013 from 1610 to 1840 PST
>>
>> The latest Agenda can be found here: https://datatracker.ietf.org/meeting/88/agenda/tls/
>
> So we can come prepared: What will the topics for the hour of "TLS 1.3" be?
I won't be at the meeting, but the one change I'd like to see in TLS 1.3
is a separation of cipher suites into two parts - authentication mechanism
and encryption/mac algorithms. There are currently only 21 authentication
mechanisms defined:
DH_anon
DH_DSS
DH_RSA
DHE_DSS
DHE_PSK
DHE_RSA
ECDH_anon
ECDH_ECDSA
ECDH_RSA
ECDHE_ECDSA
ECDHE_PSK
ECDHE_RSA
KRB5
PSK
PSK_DHE
RSA
RSA_PSK
SRP_SHA
SRP_SHA_DSS
SRP_SHA_RSA
and 31 combinations of encryption algorithm and MAC:
3DES_EDE_CBC_MD5
3DES_EDE_CBC_SHA
AES_128_CBC_SHA
AES_128_CBC_SHA256
AES_128_CCM
AES_128_CCM_8
AES_128_GCM_SHA256
AES_256_CBC_SHA
AES_256_CBC_SHA256
AES_256_CBC_SHA384
AES_256_CCM
AES_256_CCM_8
AES_256_GCM_SHA384
ARIA_128_CBC_SHA256
ARIA_128_GCM_SHA256
ARIA_256_CBC_SHA384
ARIA_256_GCM_SHA384
CAMELLIA_128_CBC_SHA
CAMELLIA_128_CBC_SHA256
CAMELLIA_128_GCM_SHA256
CAMELLIA_256_CBC_SHA
CAMELLIA_256_CBC_SHA256
CAMELLIA_256_CBC_SHA384
CAMELLIA_256_GCM_SHA384
NULL_MD5
NULL_SHA
NULL_SHA256
NULL_SHA384
RC4_128_MD5
RC4_128_SHA
SEED_CBC_SHA
Thus there could be 31 x 20 = 620 usable cipher suites, but we have only
defined 286 of the possible combinations.
Less-supported authentication mechanisms tend to have fewer options
available to them. For example SRP is usable only with 3DES and AES_CBC
at present since those are the only defined suites. Separating cipher
suites into two values would allow any encryption/mac combo to be used
with any authentication mechanism.
I've noticed that there is current interest in adding more encryption
algorithms (e.g. Salsa, Chacha) and MACs (UMAC, VMAC, Poly1305) to TLS.
It seems to me that there'd be great value in only having to define a
single code point for each encryption/mac combination and having them
become immediately available for use with any authentication mechanism.
Mike
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic