Re: [TLS] Does TLS support ECDHE based SEED cipher suites?
* IIRC, this was intentional: make it easy to get a code point so people don't squat on them, but have IANA maintain a list of "recommended" ciphers, as shown in the catalog here: IANA maintains the list, under the direction of the designated experts, but whether or not something is recommended comes from the TLS group, not either of the first two. Which is good, you don’t want recommendations coming from (currently) just three people. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Does TLS support ECDHE based SEED cipher suites?
On Fri, Dec 31, 2021 at 11:24 AM tom.ripe wrote: > > > I'd oppose any specification of new cipher suites without a good > > justification, and I think this is an opinion many here share. > > And I just see an I-D for AEGIS-128L and AEGIS-256, albeit not for TLS. > There seems to be no limit to new algorithms! > IIRC, this was intentional: make it easy to get a code point so people don't squat on them, but have IANA maintain a list of "recommended" ciphers, as shown in the catalog here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Kyle ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Does TLS support ECDHE based SEED cipher suites?
On 30/12/2021 09:22, Hanno Böck wrote: On Thu, 30 Dec 2021 15:56:02 +0800 M K Saravanan wrote: Does anyone know whether any ECDHE based cipher suites were added for SEED for TLS? I don't know what the background for this request is, but I'd like to point out that we had similar discussions in the past about obscure ciphers (look for brainpool curves) in the past. This is my personal opinion, but I think it is widely shared among many in the community: It used to be that the TLS community valued supporting as many ciphers as possible. But this has more or less ended with TLS 1.3, which is part of a larger realization in IT security that unnecessary complexity is usually bad and should be avoided. Instead the trend is to support a small set of algorithms that are generally considered "okay-ish" (there are always minor ups and downs of certain cipher choices) and leave it with that and not seek to support a wide variety of algorithms. I'd oppose any specification of new cipher suites without a good justification, and I think this is an opinion many here share. And I just see an I-D for AEGIS-128L and AEGIS-256, albeit not for TLS. There seems to be no limit to new algorithms! Tom Petch ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Does TLS support ECDHE based SEED cipher suites?
On Thu, 30 Dec 2021 15:56:02 +0800 M K Saravanan wrote: > Does anyone know whether any ECDHE based cipher suites were added for > SEED for TLS? I don't know what the background for this request is, but I'd like to point out that we had similar discussions in the past about obscure ciphers (look for brainpool curves) in the past. This is my personal opinion, but I think it is widely shared among many in the community: It used to be that the TLS community valued supporting as many ciphers as possible. But this has more or less ended with TLS 1.3, which is part of a larger realization in IT security that unnecessary complexity is usually bad and should be avoided. Instead the trend is to support a small set of algorithms that are generally considered "okay-ish" (there are always minor ups and downs of certain cipher choices) and leave it with that and not seek to support a wide variety of algorithms. I'd oppose any specification of new cipher suites without a good justification, and I think this is an opinion many here share. -- Hanno Böck https://hboeck.de/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Does TLS support ECDHE based SEED cipher suites?
On Thu, Dec 30, 2021 at 03:56:02PM +0800, M K Saravanan wrote: > > https://datatracker.ietf.org/doc/html/rfc4162#section-3.3 says the > following SEED cipher suites are supported for TLS: > > Does anyone know whether any ECDHE based cipher suites were added for > SEED for TLS? No, those have not been added. The actual registry is at: https://www.iana.org/assignments/tls-parameters/tls-parameters.txt There are no cipher suites with both ECDHE and SEED (or cipher suite for SEED in TLS 1.3). My guess is that this is because SEED has essentially been obsoleted by ARIA. For ARIA, one can find TLS 1.2 chipersuites with ECDHE and AEAD. Altough there are no cipher suites for TLS 1.3, so ARIA can not be used in TLS 1.3 either. -Ilari ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] Does TLS support ECDHE based SEED cipher suites?
Hi,
https://datatracker.ietf.org/doc/html/rfc4162#section-3.3 says the
following SEED cipher suites are supported for TLS:
==
CipherSuite TLS_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x96};
CipherSuite TLS_DH_DSS_WITH_SEED_CBC_SHA = { 0x00, 0x97};
CipherSuite TLS_DH_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x98};
CipherSuite TLS_DHE_DSS_WITH_SEED_CBC_SHA = { 0x00, 0x99};
CipherSuite TLS_DHE_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x9A};
CipherSuite TLS_DH_anon_WITH_SEED_CBC_SHA = { 0x00, 0x9B};
Does anyone know whether any ECDHE based cipher suites were added for
SEED for TLS?
with regards,
Saravanan
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
