[146768] in cryptography@c2.net mail archive
Re: [Cryptography] Suite B after today's news
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sat Sep 7 16:42:17 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <522B66A0.5040709@ralphholz.de>
Date: Sat, 7 Sep 2013 21:40:39 +0100
From: Ben Laurie <ben@links.org>
To: Ralph Holz <ralph-cryptometzger@ralphholz.de>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4464856520221276803==
Content-Type: multipart/alternative; boundary=001a11c2f6f209a0ee04e5d12bb4
--001a11c2f6f209a0ee04e5d12bb4
Content-Type: text/plain; charset=ISO-8859-1
On 7 September 2013 18:47, Ralph Holz <ralph-cryptometzger@ralphholz.de>wrote:
> Hi,
>
> On 09/07/2013 12:50 AM, Peter Gutmann wrote:
>
> >> But for right now, what options do we have that are actually implemented
> >> somewhere? Take SSL. CBC mode has come under pressure for SSL (CRIME,
> BEAST,
> >> etc.), and I don't see any move towards TLS > 1.0.
> >
> > http://tools.ietf.org/html/draft-gutmann-tls-encrypt-then-mac-02 fixes
> all of
> > these, I just can't get any traction on it from the TLS WG chairs. Maybe
>
> Exactly, precious little movement on that front. Sadly.
>
> BTW, I do not really agree with your argument it should be done via TLS
> extension. I think faster progress could be made by simply introducing
> new allowed cipher suites and letting the servers advertise them and
> client accept them - this possibly means bypassing IETF entirely. Or, to
> keep them in, do it in TLS 1.3. But do it fast, before people start
> using TLS 1.2.
>
I agree. But I think the ciphersuites should be backported to all previous
versions.
>
> I don't really see the explosion of cipher suite sets you give as a
> motivation - e.g. in SSH, where really no-one seems to use the
> standards, we have a total of 144 or so cipher suites found in our
> scans. Yet the thing works, because clients will just ignore the weird
> ones. It should be possible in SSL, too, unless openssl/gnutls/nss barfs
> at an unexpected suite name - but I don't think so.
>
Exactly.
>
> Ralph
>
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
--001a11c2f6f209a0ee04e5d12bb4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On 7 September 2013 18:47, Ralph Holz <span dir=3D"ltr"><<a href=
=3D"mailto:ralph-cryptometzger@ralphholz.de" target=3D"_blank">ralph-crypto=
metzger@ralphholz.de</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hi,<br>
<div class=3D"im"><br>
On 09/07/2013 12:50 AM, Peter Gutmann wrote:<br>
<br>
>> But for right now, what options do we have that are actually imple=
mented<br>
>> somewhere? Take SSL. CBC mode has come under pressure for SSL (CRI=
ME, BEAST,<br>
>> etc.), and I don't see any move towards TLS > 1.0.<br>
><br>
> <a href=3D"http://tools.ietf.org/html/draft-gutmann-tls-encrypt-then-m=
ac-02" target=3D"_blank">http://tools.ietf.org/html/draft-gutmann-tls-encry=
pt-then-mac-02</a> fixes all of<br>
> these, I just can't get any traction on it from the TLS WG chairs.=
=A0Maybe<br>
<br>
</div>Exactly, precious little movement on that front. Sadly.<br>
<br>
BTW, I do not really agree with your argument it should be done via TLS<br>
extension. I think faster progress could be made by simply introducing<br>
new allowed cipher suites and letting the servers advertise them and<br>
client accept them - this possibly means bypassing IETF entirely. Or, to<br=
>
keep them in, do it in TLS 1.3. But do it fast, before people start<br>
using TLS 1.2.<br></blockquote><div><br></div><div>I agree. But I think the=
ciphersuites should be backported to all previous versions.</div><div>=A0<=
/div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-le=
ft:1px #ccc solid;padding-left:1ex">
<br>
I don't really see the explosion of cipher suite sets you give as a<br>
motivation - e.g. in SSH, where really no-one seems to use the<br>
standards, we have a total of 144 or so cipher suites found in our<br>
scans. Yet the thing works, because clients will just ignore the weird<br>
ones. It should be possible in SSL, too, unless openssl/gnutls/nss barfs<br=
>
at an unexpected suite name - but I don't think so.<br></blockquote><di=
v><br></div><div>Exactly.</div><div>=A0</div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"=
>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
Ralph<br>
</font></span><div class=3D"HOEnZb"><div class=3D"h5"><br>
_______________________________________________<br>
The cryptography mailing list<br>
<a href=3D"mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><=
br>
<a href=3D"http://www.metzdowd.com/mailman/listinfo/cryptography" target=3D=
"_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br>
</div></div></blockquote></div><br></div></div>
--001a11c2f6f209a0ee04e5d12bb4--
--===============4464856520221276803==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4464856520221276803==--
