Yes, my fault. From: Quynh Dang <quyn...@gmail.com<mailto:quyn...@gmail.com>> Date: Monday 12 October 2015 19:02 To: John Mattsson2 <john.matts...@ericsson.com<mailto:john.matts...@ericsson.com>> Cc: "TLS@ietf.org<mailto:TLS@ietf.org>" <TLS@ietf.org<mailto:TLS@ietf.org>>, Sean Turner <s...@sn3rd.com<mailto:s...@sn3rd.com>> Subject: Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
Hi John, Sha384 in the ciphersuite is the hash function to be used in hmac, not signatures, and the security of this hmac depends on the strenght of the hmac key and the tag size. Regards, Quynh. On Oct 12, 2015 12:50 PM, "John Mattsson" <john.matts...@ericsson.com<mailto:john.matts...@ericsson.com>> wrote: The statement i [1] is about AES, and is very true. AES-192 is very seldom used, and people tend to jump directly to AES-256. For ECC curves, the opposite is true, people tend to use P-384 instead of P-521. Most likely because of that P-384 is used in suite B. According to [2], Google Chrome recently dropped support of P-521. [2] https://support.globalsign.com/customer/portal/articles/1995283-ecc-compati bility The security level of the AES_256_GCM_SHA384-algorithms is clearly no more than 192 as SHA-384 is used. On 12/10/15 15:18, "Sean Turner" <s...@sn3rd.com<mailto:s...@sn3rd.com>> wrote: >It is interesting to note that in discussing update IPSec’s RFC 4307 >somebody suggested making 192 a MAY because folks only use 128/256 [1]. > >spt > >[1] http://mailarchive.ietf.org/arch/msg/ipsec/1F5h4j-dP5dLPCCAqg4iqgjjYFE > >On Oct 12, 2015, at 05:01, John Mattsson ><john.matts...@ericsson.com<mailto:john.matts...@ericsson.com>> >wrote: > >> I think the selection of MTI Cipher Suites (Section 8.1 of >>draft-ietf-tls-tls13-09) is excellent, but I am missing a recommended >>ECC curve for the “SHOULD” cipher suites. Little benefit of using >>AES-256 with P-256 or curve25519. Shouldn’t there be a SHOULD implement >>ECC curve giving at least 192-bit security? E.g. >> >> "These cipher suites SHOULD support both digital signatures and key >>exchange with secp384r1 (NIST P-384)." >> >> Cheers, >> John >> >> <13DEFB94-F735-49B0-8196-BDB5C9017A32[3].png> >> >> JOHN MATTSSON >> MSc Engineering Physics, MSc Business Administration and Economics >> Ericsson IETF Security Coordinator >> Senior Researcher, Security >> >> Ericsson AB >> Ericsson Research >> Färögatan 6 >> SE-164 80 Stockholm, Sweden >> Phone +46 10 71 43 501 >> SMS/MMS +46 76 11 53 501 >> john.matts...@ericsson.com<mailto:john.matts...@ericsson.com> >> www.ericsson.com<http://www.ericsson.com> >> >> >> <D377E800-0A1A-43D3-AF5E-165F697789B5[3].png> >> >> This Communication is Confidential. We only send and receive email on >>the basis of the terms set out >>atwww.ericsson.com/email_disclaimer<http://atwww.ericsson.com/email_disclaimer> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org<mailto:TLS@ietf.org> >> https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
