> On 22 Feb 2017, at 8:42, Martin Thomson <martin.thom...@gmail.com> wrote:
>
> On the interaction with TLS 1.3, we probably need a decision to be made:
>
> 1. strike TLS 1.3 from the document and only mention it in the way Joe
> suggests, TLS 1.3 doesn't get the CCM suites (it already has the
> equivalent of the GCM suites)
>
> 2. strike TLS 1.3 from the document, and add new TLS 1.3 CCM cipher
> suites to TLS 1.3 proper
Wait, what am I missing?
From appendix A.4 in TLS 1.3:
+------------------------------+-------------+
| Description | Value |
+------------------------------+-------------+
| TLS_AES_128_GCM_SHA256 | {0x13,0x01} |
| | |
| TLS_AES_256_GCM_SHA384 | {0x13,0x02} |
| | |
| TLS_CHACHA20_POLY1305_SHA256 | {0x13,0x03} |
| | |
| TLS_AES_128_CCM_SHA256 | {0x13,0x04} |
| | |
| TLS_AES_128_CCM_8_SHA256 | {0x13,0x05} |
+------------------------------+-------------+
So, how do we not have CCM in TLS 1.3 given that things like ECDHE and PSK are
now orthogonal to ciphersuites?
Yoav
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls