ietf
[Top] [All Lists]

Re: Last Call: <draft-salter-rfc5430bis-01.txt> (Suite B Profile for Transport Layer Security (TLS)) to Informational RFC

2011-10-03 16:28:22
On 10/03/2011 10:55 PM, The IESG wrote:

The IESG has received a request from an individual submitter to consider
the following document:
- 'Suite B Profile for Transport Layer Security (TLS)'
   <draft-salter-rfc5430bis-01.txt>  as an Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2011-10-31. Exceptionally, comments 
may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

A comment on this draft is that it might be misleading on the security levels it claims. It mentions:
  "The Fact Sheet on Suite B Cryptography requires key establishment and
   authentication algorithms based on Elliptic Curve Cryptography and
   encryption using AES [AES].  Suite B algorithms are defined to
   support two minimum levels of security: 128 and 192 bits."

However the (D)TLS Finished message is protected by a 96-bit MAC, thus an attacker that can break a 96-bit MAC can manipulate the TLS handshake in any way he desires (TLS version rollback, removal of extensions and possibly more). IMO this disqualifies the proposed ciphersuites from claiming more than 96-bits of security.

regards,
Nikos
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf