> On 01 Mar 2017, at 14:29, Yoav Nir <ynir.i...@gmail.com> wrote: > > >> On 1 Mar 2017, at 15:06, Aaron Zauner <a...@azet.org> wrote: >> >> >>> On 24 Feb 2017, at 14:07, Salz, Rich <rs...@akamai.com> wrote: >>> >>>> Assuming 256-bit AES-CCM suites are needed, I think the better place to put >>>> them is in the TLS 1.3 document. >>> >>> That's a really big assumption. ;) >>> >>> I think the burden is on folks to *prove* (yeah, I know) that additional >>> cipher suites are needed. >> >> +1. I'm against adding CCM based suites to the TLS 1.3 spec. > > Hold on. CCM with a 128-bit key suites are already in the current version of > the spec. CCM with a 256-bit key suites are not. > > Are you advocating just not adding the 256-bit key ciphersuites, or removing > those already in?
Both. I don't see why we need to keep legacy cruft around in a new protocol because of some embedded corner case, sorry. Also, OCB would be much faster as it's is a single-pass scheme (and all patent restrictions that had been the reason CCM was initially invented anyway have been resolved for TLS), but for the sake of not ending up with countless cipher-suites again I'm not advocating adding that either. Also: what Rich Salz said. Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls