[ogsa-wg] BSP: ciphersuites list
Takuya Mori
moritaku at bx.jp.nec.com
Tue Sep 5 05:57:09 CDT 2006
Hi All,
As part of the OGSA Basic Security Profile (OGSA-BSP) discussion,
I am sending a note to describe general guidelines for selecting
ciphersuites with a list of proposed ciphersuites which are allowed
to be used for a TLS/SSL connection and the available ciphersuites
defined in the TLS and SSL specification.
The note is intended to be used for a discussion for selecting
acceptable ciphersuites (or discouraged ciphersuites).
Because the WS-I BSP has already selected RECOMMENDED ciphersuites,
it is not needed to select our own RECOMMENDED ciphersuites
additionally(,IMO).
My proposal for the revision of the OGSA-BSP Secure Channel is
- to add general guidelines for selecting ciphersuites described
in the note as restrictions
- to list discouraged ciphersuites from the TLS and SSL
specifications in the Appendix.
Any comments are welcomed,
Takuya
8<------------- cut here ----------------------------------------
Sep. 05 Takuya Mori
"note: ciphersuites selection"
* general guidelines for ciphersuite selection
- a ciphersuite with NULL cipher algorithm SHOULD not be used
because it provides no confidentiality
- a key exchange algorithm with 'anon' SHOULD not be used
because it provides no authentication
- a cipher algorithm with key length less than 64 bits SHOULD
not be used because it is known to be insecure
(it includes DES algorithm and RC4 algorithm with 40 bits key)
- MD5 hash algorithm SHOULD not be used because it is know
to be insecure
* proposed ciphersuites which are allowed to be used
The following is the list of the ciphersuites from the
TLS and SSL specifications which are allowed to be used.
All the other ciphersuites available in the TLS and SSL
specification are discouraged to be used.
TLS_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_IDEA_CBC_SHA
SSL_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Note:
The name of a ciphersuites represents the cipher mecanisms
- a Protocol Name (TLS or SSL) followed by
- a Key Exchange Algorithm followed by
- _WITH_ or _EXPORT_WITH_
- an Cipher Algorithm followed by
- a Hash Algorithm
* available ciphersuites from TLS and SSL specifications.
Note:
The marks in the beginning of each line mean:
R: Recommended
IS: InSecure algorithm or key length
NE: No Encryption
NA: No Authentication (Anonymous communication)
** ciphersuites defined in the TLS specification
(note: all the cipherstuites are identical with
the counterparts in SSL but have different names)
----
NE TLS_RSA_WITH_NULL_MD5 = { 0x00,0x01 };
NE TLS_RSA_WITH_NULL_SHA = { 0x00,0x02 };
IS TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 };
IS TLS_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 };
R TLS_RSA_WITH_RC4_128_SHA = { 0x00,0x05 };
IS TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 };
R TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 };
IS TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 };
IS TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 };
R TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A };
IS TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0B };
IS TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C };
R TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D };
IS TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0E };
IS TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F };
R TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 };
IS TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x11 };
IS TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 };
R TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 };
IS TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x14 };
IS TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 };
R TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 };
NAIS TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x17 };
NA TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 };
NAIS TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 };
NAIS TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
NA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B };
----
o ciphersuites defined in the SSL specification.
(note: the first 27 cipherstuites are identical with
the counterparts in TLS but have different names)
(note: SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA is not
recommended because it is not widely used other than
the U.S. Government and their Military.)
----
NE SSL_RSA_WITH_NULL_MD5 = { 0x00,0x01 };
NE SSL_RSA_WITH_NULL_SHA = { 0x00,0x02 };
IS SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 };
IS SSL_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 };
R SSL_RSA_WITH_RC4_128_SHA = { 0x00,0x05 };
IS SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 };
R SSL_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 };
IS SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 };
IS SSL_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 };
R SSL_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A };
IS SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0B };
IS SSL_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C };
R SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D };
IS SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0E };
IS SSL_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F };
R SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 };
IS SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x11 };
IS SSL_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 };
R SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 };
IS SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x14 };
IS SSL_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 };
R SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 };
NAIS SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x17 };
NA SSL_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 };
NAIS SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 };
NAIS SSL_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
NAIS SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B };
NE SSL_FORTEZZA_DMS_WITH_NULL_SHA = { 0X00,0X1C };
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = { 0x00,0x1D };
----
* RECOMMENDED ciphersuites defined in the WS-I BSP.
The following is the RECOMMENDED ciphersuites:
for TLS-capable implementations
- TLS_RSA_WITH_AES_128_CBC_SHA or TLS_RSA_FIPS_WITH_AES_128_CBC_SHA
for SSL-capable implementations
- SSL_RSA_WITH_AES_128_CBC_SHA or SSL_RSA_FIPS_WITH_AES_128_CBC_SHA
(Actually, these ciphersuites are not from the TLS or SSL
specifications but from other specifications including RFC-3268,
"Advanced Encryption Standard (AES) Ciphersuites for Transport Layer
Security (TLS)".)
EOT
8<------------- cut here ----------------------------------------
----
Takuya Mori
moritaku at bx.jp.nec.com / tk-mori at isd.nec.co.jp
System Platform Software Development Division
NEC Corporation, Tokyo Japan
More information about the ogsa-wg
mailing list