> -----Original Message----- > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dave Garrett > Sent: Wednesday, September 23, 2015 6:41 PM > To: tls@ietf.org > Subject: [TLS] Obscure ciphers in TLS 1.3 > > https://tlswg.github.io/tls13-spec/#cipher-suites > https://www.iana.org/assignments/tls-parameters/tls- > parameters.xhtml#tls-parameters-4 > > When I updated the lists in the TLS 1.3 draft, I just put everything in that > is > currently in the registry and usable. I'd like to now start a discussion on > what > should be allowed. Specifically, I have questions about ARIA and Camellia, as > well as 8-bit authentication tag variants of AES-CCM or anything else. > > How relevant is this ARIA attack? > https://eprint.iacr.org/2010/168
That's not relevant to the use of ARIA -- against 256 bit ARIA, it breaks 8 of 16 rounds; against 192 bit ARIA, it breaks 7 of 14 rounds. That gives us a factor-of-2 safety margin for both key sizes, which is rather a lot. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
