Peter Saint-Andre <[email protected]> writes: >On 6/25/22 6:20 PM, Peter Gutmann wrote: >> Yaron Sheffer <[email protected]> writes: >> >>> This revision addresses Ben's SecDir review, as well as several other >>> reviewers' comments. Thank you all! >> >> It doesn't have anything about EtM as per the recent discussion though... > >The conclusion of that discussion wasn't clear to me. Because none of the >recommended ciphersuites have distinct encrypt and MAC operations, encrypt- >then-MAC can't be anchored to the ciphersuite recommendations we currently >make. Can you propose text?
The draft recommends only GCM suites (and nothing else) which many embedded implementations don't support, so it's a bit of an ostrich-algorithm approach to the issue... one approach would be to add: * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and EtM * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 and EtM * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and EtM * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 and EtM Alternatively, I can create some text to say "if you use CBC then you MUST use EtM", but it doesn't solve the problem of having only GCM as a recommended algorithm, so I think adding CBC+EtM suites alongside GCM ones would be a better fix. Peter. _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
