[Dtls-iot] Replacing TLS_PSK_WITH_AES_128_CCM_8 with TLS_PSK_WITH_AES_128_CCM
Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 14 July 2015 08:53 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06CE51A90D4 for <dtls-iot@ietfa.amsl.com>; Tue, 14 Jul 2015 01:53:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LBFh-W7wOSmx for <dtls-iot@ietfa.amsl.com>; Tue, 14 Jul 2015 01:53:40 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 014861A90C0 for <dtls-iot@ietf.org>; Tue, 14 Jul 2015 01:53:39 -0700 (PDT)
Received: from [192.168.131.131] ([195.149.223.246]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LfC00-1YdRUn333A-00ophO; Tue, 14 Jul 2015 10:53:37 +0200
Message-ID: <55A4CD93.80800@gmx.net>
Date: Tue, 14 Jul 2015 10:51:31 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: "dtls-iot@ietf.org" <dtls-iot@ietf.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="ooORnte8jwx3gxAcbRxJP9gUMUTsW6Wv8"
X-Provags-ID: V03:K0:B2a4PKzeQG5FsSFnmbHRveeHa5sC15SUhKOwBEgIHAlTJ2Qvoug F4qAARZiK4sU6VM55yFybwORTIWHqmMd3mzGvcnI5/C470GB8R+Ve4Vm9hXAMkehz/r3HIA HOHggbG8w7d8wh8+04wg+9rKBpxm3n8KSCgqsMaQZbMYc+MoOTHZcc+4JHjYmiT6JNNatKH sIWrA0zWv7jdl8Z/gtsXg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:lWah39TUoo0=:+ncRdJVD+HSc+fI/SIR/4S wHN6+PsUTHliMqu+zx0qtLYnqjxoyarWTa9DUqK7w10pMI38rmF2iCEdr08I+mzGDkCerNStC FVB4DB1BpTC+0uwga3fenK0n3OEUW/fmyfmJL+cVTIQfHBzwH/8EL4Wc3Nq4IehljkKqU7/5t 6/j6iGHONPdkKVIcL9e8Y6yW/1c5+PxbN0gCkLUjH9GKjCYc1j7VVVmmgG6EHVOgbD6WQaLeq Ii5YiUnZRavsYfpgyWvtQAzggrATRDuPACYXPTh1Z04z+saaTAegHrAKFva+Ufyzbtpq2JC6Y WRFF9/kiYaBXxvLvqyKVc7n34wguOXlfgMoS8I46PlClKHH/o/Q6fuPZCGBqYDZUegOq9OQcv m2ozGG7hUDxZ+T0quS+XMTw5SGQBzFWHW0VGagCmeg8vBtPGDgwd2/USdtaU5zl0n3SbBRbNP Zyu2ey515odCZ6bPzQDlRsvTCpABIikagUaJXSxNfVUQZGM25ntdY9puYDsqAoKI9ATXFxeqN tZ6juoFBx9+grOdBUxktKjlb3I+T65LrtIv5cOHWY7ZD+93QpWxDfqNJeMD6C3CoTHI51gfK7 yd6xXUx2QAjG9rHbxrXiU+3jaKIDG+6IqJPnzNLNh5arzausBXZZckA3f+usxZhxJf4LLH2t9 HB0qSzRXqmG42MxLi4kEdmfGLRnfsk2tY+X/r+iQf5CFvTA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/A7Z0USjjQQtYKE6N6OqyYBdXZ_0>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: [Dtls-iot] Replacing TLS_PSK_WITH_AES_128_CCM_8 with TLS_PSK_WITH_AES_128_CCM
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 08:53:42 -0000
Stephen wrote: (1) 6.1: Is TLS_PSK_WITH_AES_128_CCM_8 still ok for CoAP? We're discussing taking all the _8 ones out for SRTP, i.e., from [draft-ietf-avtcore-srtp-aes-gcm] because of the 8 octet tag being too short. I'd need to go check if the same issues apply here, but maybe they don't. What do we think? If this applies to any of the ciphersuites here, it presumably applies to all so I wanted to check just in case. (Kevin Igoe and Magnus Westerlund are involved in that SRTP discussion in case it helps.) [Hannes] So far there has been no issue reported with the use of shorter message authentication codes (also called truncated authentication tags). With AES_128_CCM_8 the MAC is 8 octets long whereas with AES_128_CCM it would be 16 octets long. While this does not help to improve performance it reduces the bits transmitted over the wire. The summary of why the authors of <draft-ietf-avtcore-srtp-aes-gcm-17> suddenly prefer full authentication tags over the truncated version is from the write-up found in <draft-ietf-avtcore-srtp-aes-gcm-17> not really understandable. I would feel more comfortable if there is a reference to an analysis given somewhere why this is now a problem and wasn't one not too long ago. My recommendation: Keep text as is. Thoughts about this issue from the rest of the working group?
- [Dtls-iot] Replacing TLS_PSK_WITH_AES_128_CCM_8 w… Hannes Tschofenig
- Re: [Dtls-iot] Replacing TLS_PSK_WITH_AES_128_CCM… Carsten Bormann