On Wed, May 24, 2017 at 1:13 PM, Martin Thomson <martin.thom...@gmail.com> wrote:
> On 25 May 2017 at 00:04, Daniel Migault <daniel.miga...@ericsson.com> > wrote: > > > B) It is not true as TLS1.3 enables these cipher suites to be negotiated > > with TLS1.3. > > You can't negotiate the new suites with 1.3, but you can offer them in > case the server picks 1.2. > > Joe's proposal fixes this and other errors. > > > >> You don't anywhere state that TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 > >> means to use AEAD_AES_128_GCM (and the same for the other > >> ciphersuites). I mention this because the order in which the AEAD > >> algorithms are mentioned is different to the order of the ciphersuites > >> in the list. > >> > > > > Unless I miss your comment, I believe the section 3 already addresses > it. If > > not please let me knoe what text you would like to see. > > > > """ > > 3. ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites > > > > The cipher suites defined in this document are based on the AES-GCM > > and AES-CCM Authenticated Encryption with Associated Data (AEAD) > > algorithms AEAD_AES_128_GCM, AEAD_AES_256_GCM and AEAD_AES_128_CCM > > defined in [RFC5116], and AEAD_AES_128_CCM_8 defined in [RFC6655]. > > > > """ > > You miss my comment. This does not prevent someone from deciding that > TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 should use AEAD_AES_128_CCM_8. > [Joe] It seems that a reasonable interpretation of the text is that the AEAD constructs will pair with the cipher suite that share the same name. Do you still think we need to provide an explicit mapping between the two?
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
