Capwap Mailing List: Re: crypto algorithms for DTLS

[Abhijit Choudhury (achoudhu) (achoudhu]

-----Original Message-----
From: Joseph Salowey (jsalowey) 
Sent: Wednesday, July 09, 2008 11:09 AM
To: Abhijit Choudhury (achoudhu); 'Dorothy.Gellert [at] nokia.com'; Pat
Calhoun (pacalhou); 'skelly [at] arubanetworks.com'
Cc: 'capwap [at] frascone.com'
Subject: RE: [Capwap] crypto algorithms for DTLS

 

> -----Original Message-----
> From: Abhijit Choudhury (achoudhu)
> Sent: Wednesday, July 09, 2008 11:00 AM
> To: Dorothy.Gellert [at] nokia.com; Pat Calhoun (pacalhou); 
> skelly [at] arubanetworks.com; Joseph Salowey (jsalowey)
> Cc: capwap [at] frascone.com
> Subject: RE: [Capwap] crypto algorithms for DTLS
> 
> I'm okay with adding AES-GCM support as a MAY.
> However, I'd suggest we add the following ciphers:
> 
>               TLS_RSA_WITH_AES_128_GCM_SHA256
>               TLS_RSA_WITH_AES_256_GCM_SHA384
> 
>               TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>               TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
> 
> 
> Also, in the current spec, shouldn't we be specifying DHE instead of 
> DH in the cipher suite recommendations.
> 
> Scott, Charles, Joe: any thoughts on this ?
>   
[Joe] The DH cipher suites are for certificates containing static
Diffie-Hellman keys which are not commonly used.  I think you probably
mean to specify DHE which are the ephemeral Diffie-hellman variants that
are more commonly used and provide forward secrecy.  

The GCM cipher suites are based on TLS 1.2 which is currently in AUTH48
state in the RFC-editors queue and should be published shortly.  


> Thanks,
> Abhijit
>  
>  
> 
> -----Original Message-----
> From: Dorothy.Gellert [at] nokia.com [mailto:Dorothy.Gellert [at] nokia.com]
> Sent: Tuesday, July 08, 2008 4:17 PM
> To: Pat Calhoun (pacalhou); skelly [at] arubanetworks.com; Abhijit 
> Choudhury (achoudhu)
> Cc: capwap [at] frascone.com
> Subject: RE: [Capwap] crypto algorithms for DTLS
> 
> Hi All,
> 
> Are there any objections in the WG to adding the following cipher
> suites:
> TLS_RSA_WITH_AES_128_GCM_SHA256
> TLS_DH_RSA_WITH_AES_256_GCM_SHA384  to the base spec as a MAY?   
> 
> If not, based on the list discussion and approved draft status of 
> draft-ietf-tls-rsa-aes-gcm-03.txt, I support including these cipher 
> suites as a MAY in the next(last) WGLC.
> 
> Best Regards,
> Dorothy
> 
> 
> > -----Original Message-----
> > From: ext Pat Calhoun (pacalhou) [mailto:pcalhoun [at] cisco.com]
> > Sent: Tuesday, July 08, 2008 4:06 PM
> > To: Scott Kelly; Abhijit Choudhury (achoudhu)
> > Cc: capwap
> > Subject: Re: [Capwap] crypto algorithms for DTLS
> > 
> > Oh, and just to make sure, if we were to go ahead with this, the 
> > following cipher suites would be added:
> > 
> > TLS_RSA_WITH_AES_128_GCM_SHA256
> > TLS_DH_RSA_WITH_AES_256_GCM_SHA384
> > 
> > Right?
> > 
> > PatC
> > 
> > -----Original Message-----
> > From: Pat Calhoun (pacalhou)
> > Sent: Tuesday, July 08, 2008 3:57 PM
> > To: Scott Kelly; Abhijit Choudhury (achoudhu)
> > Cc: capwap
> > Subject: Re: [Capwap] crypto algorithms for DTLS
> > 
> > CAPWAP Chairs,
> > 
> > I am done with the edits, and ready to submit the spec for
> the WG Last
> > Call. This is a new feature, and we had agreed to defer to the next 
> > version of the protocol. However, the IETF has completed the long 
> > pole, and the change, as a MAY, is fairly minor. What would you 
> > recommend?
> > 
> > PatC
> > 
> > -----Original Message-----
> > From: Scott Kelly [mailto:skelly [at] arubanetworks.com]
> > Sent: Tuesday, July 08, 2008 3:42 PM
> > To: Abhijit Choudhury (achoudhu)
> > Cc: capwap
> > Subject: Re: [Capwap] crypto algorithms for DTLS
> > 
> > Hi Abhijit,
> >  
> > > 
> > > Folks,
> > > 
> > > The issue of using AES-GCM as a cipher-suite for CAPWAP/DTLS was 
> > > discussed in the list about a year ago.  (Please refer to
> > CAPWAP issue
> > 
> > > 7
> > > (http://www.capwap.org/cgi-bin/roundup.cgi/CAPWAP/issue7)
> > > 
> > > Due to the use of DTLS, we were stuck with TLS ciphersuites.  
> > > To use GCM we would require a TLS GCM ciphersuite.  We
> > discussed this
> > > at an ad-hoc meeting, and decided to defer this feature,
> as GCM was
> > > not a TLS ciphersuite, and there was no document to reference.
> > > 
> > > However, since that time, use of AES-GCM has been approved
> > in the TLS
> > > working group, and we have an approved draft 
> > > https://datatracker.ietf.org/idtracker/draft-ietf-tls-rsa-aes-gcm/
> > > 
> > > As noted in the original email, there is a lot of momentum
> > behind this
> > 
> > > crypto algorithm, and it results in significant improvements in 
> > > throughput in either HW or SW implementations.
> > > 
> > > Could we address this issue in the current spec and make
> AES-GCM an
> > > ciphersuite that can be used with CAPWAP/DTLS ?
> > 
> > I have no objections to adding support for AES-GCM as a MAY. 
> > The original proposal suggested making it mandatory to
> implement, but
> > given the current lack of support in commodity crypto HW, I don't 
> > think this would be appropriate at this time.
> > 
> > --Scott
> > 
> > 
> > _________________________________________________________________
> > To unsubscribe or modify your subscription options, please visit:
> > http://lists.frascone.com/mailman/listinfo/capwap
> > 
> > Archives: http://lists.frascone.com/pipermail/capwap
> > _________________________________________________________________
> > To unsubscribe or modify your subscription options, please visit:
> > http://lists.frascone.com/mailman/listinfo/capwap
> > 
> > Archives: http://lists.frascone.com/pipermail/capwap
> > _________________________________________________________________
> > To unsubscribe or modify your subscription options, please visit:
> > http://lists.frascone.com/mailman/listinfo/capwap
> > 
> > Archives: http://lists.frascone.com/pipermail/capwap
> > 
>