W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Discussion of 9.2.2

From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 25 Sep 2014 09:36:47 -0700
Message-ID: <CABcZeBMOqi+5LFzf1MmQuuW+4O7Pmvky68riNqtJDcbzQnvQig@mail.gmail.com>
To: Greg Wilkins <gregw@intalio.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Sep 25, 2014 at 9:10 AM, Greg Wilkins <gregw@intalio.com> wrote:

> I am concerned that "No block/stream ciphers except AEAD" is a
> sufficiently future proof specification.  Could there be block/stream
> ciphers that use something other than AEAD to make them sufficiently strong
> for h2?
>

For the record, I think it's important to be clear that this isn't quite
accurate.

TLS divides cipher suites into three categories:

- block
- stream
- AEAD

So, AEAD isn't an exception, it's a third category. One might imagine adding
a fourth category, but that wouldn't fall afoul of 9.2.2 because 9.2.2
prohibits
block and stream, but doesn't say *only* AEAD.

I realize that it's a bit confusing because AES-GCM is an AEAD primitive
based on a block cipher (AES) [0], but in the TLS taxonomy, that makes it
an AEAD cipher, not a block cipher.

-Ekr
Received on Thursday, 25 September 2014 16:37:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 9 September 2019 17:48:21 UTC