Re: [Dtls-iot] [TLS] early IANA code point assignment request for draft-ietf-tls-ecdhe-psk-aead

Daniel Migault <daniel.migault@ericsson.com> Mon, 17 October 2016 19:04 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B95FA129856; Mon, 17 Oct 2016 12:04:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nN3ulF_dhZuw; Mon, 17 Oct 2016 12:04:27 -0700 (PDT)
Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C4551297CB; Mon, 17 Oct 2016 12:04:27 -0700 (PDT)
Received: by mail-it0-x236.google.com with SMTP id m138so59524682itm.0; Mon, 17 Oct 2016 12:04:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=wOnPgxvjYk57wLKis8y/ajAIFeMzqJ5PjDGtGFsRq7o=; b=uNcx4MBVUr26+72sg2plVGwNFVuv3zwmvPzhju/hZFV5Epdl0M1RB2b43ctMpxLpDH U6FD1XBo1KhW3424CGbD2KeWu6VgcQcRYDRInItDgV3S5yJL534ip+gMSBWdHdDsfsrw HVUrirh6O+HR29VMUqyuoJQbidiQg53LbYa97gKUFA8NAA+ESapPSI2QGXcQtYAdBpVW YalHvEvMT1PoECVwFAmbdQXkiY7ZrgjqOwa2xlPiEgUBOt3EJXRARswAUNJ6CaOUzHI7 i0Cl9tsSyPU9UYZ/cXIC+GXSVB/KhDQQh8BuqB6DoaIYgTIIX4AmcwtJp4tqI/i/gDu2 i0ug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=wOnPgxvjYk57wLKis8y/ajAIFeMzqJ5PjDGtGFsRq7o=; b=Ak2F/3U0KgwYrJthoWHNge4YW66XLFBl4Qw4XQjUCSnslya8aCIy4L1GWQh1NWArjo 2E/PgRn0teHwkdatwYpzLOw9Wc8Ut8qp4loU2KBY7mpjBMoNJAzOstlOdMqEzt26gaxt qU6vd+geWEUgqFPHE5FUsLebI3Nl/M3+wDIJUmr+Rn8rEo9M8DRkPx0//QibxtXVdAX9 P65Y/papzL+SnXkREaItjaN5xbNSnNSxiZgpXk2T6bphQhgIqG4noSXkQKebpQbGgWnN L70NB2EbNCQi6w9phXEqMBHtnkV+KUwJl+Lzp9XYthnmlFEBW5P8Y+D0kMQ3tLzPQEUq Vnew==
X-Gm-Message-State: AA6/9Rk49bQC2z1YewpeFiRcYgzQ74G0N+uetvlQpl960i4ZN7VTom8lBKuhWaijLcqH+httNcUkJ+0dZtEu/g==
X-Received: by 10.36.90.202 with SMTP id v193mr10047820ita.120.1476731066107; Mon, 17 Oct 2016 12:04:26 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 10.107.188.4 with HTTP; Mon, 17 Oct 2016 12:04:25 -0700 (PDT)
In-Reply-To: <560A7514-572F-4391-9348-40E42DE7DFCC@vigilsec.com>
References: <7D3571C9-9873-4D88-9666-A47D0CD77671@sn3rd.com> <1470821613.2539.44.camel@redhat.com> <CABkgnnVYt_-SwRbO3Jm0ngpOEccL4UNV6wvgZFMco1G9z0uwfw@mail.gmail.com> <D41FA10A.52E40%john.mattsson@ericsson.com> <CABkgnnXKYrop5OA3CNSA6CocJ88esMUM47zcw3g1BJc+LrXXbQ@mail.gmail.com> <CADZyTkmU1uadugpsD+_o8zog0DG8s_mzvKN98m19-4-egWp-NA@mail.gmail.com> <560A7514-572F-4391-9348-40E42DE7DFCC@vigilsec.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Mon, 17 Oct 2016 15:04:25 -0400
X-Google-Sender-Auth: nemMv8cefk4u0ovMQy3HsO7MqSE
Message-ID: <CADZyTknymhuKZG-i=C6CSxZsyok1YnqkVKUk5DWxSF8KU-+yXg@mail.gmail.com>
To: "6lo@ietf.org" <6lo@ietf.org>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Content-Type: multipart/alternative; boundary=001a1145c51c9fcd5c053f143e67
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtls-iot/LLE4g-dMlbXkZ5CuKKs6MJePono>
Cc: Russ Housley <housley@vigilsec.com>, IETF TLS <tls@ietf.org>
Subject: Re: [Dtls-iot] [TLS] early IANA code point assignment request for draft-ietf-tls-ecdhe-psk-aead
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2016 19:04:30 -0000

Hi,

We are discussing in the TLS wg assignment points for TLS PSK
authentication. We would like to understand if there is a specific interest
of the IoT community for the following suites.

TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 = {0xTBD; 0xTBD} {0xD0,0x03};
TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA384 = {0xTBD; 0xTBD} {0xD0,0x04};

Additional question might be whether AES_256_CCM_8_SHA384 is of interest
for an IoT use case.

Any feed back is appreciated. please provide them by the end of the week!

BR,
Daniel



On Mon, Oct 17, 2016 at 12:08 PM, Russ Housley <housley@vigilsec.com>; wrote:

> I would like to see these included:
>
> TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256   = {0xTBD; 0xTBD} {0xD0,0x01};
> TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384   = {0xTBD; 0xTBD} {0xD0,0x02};
>
>
> I am fine with including these as well if someone wants to use them:
>
> TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256   = {0xTBD; 0xTBD} {0xD0,0x05};
> TLS_ECDHE_PSK_WITH_AES_256_CCM_SHA384   = {0xTBD; 0xTBD} {0xD0,0x06};
>
>
> I do not really see a reason to include the ones with the shorter MAC:
>
> TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 = {0xTBD; 0xTBD} {0xD0,0x03};
> TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA384 = {0xTBD; 0xTBD} {0xD0,0x04};
>
>
> Russ
>
>
> On Oct 17, 2016, at 12:03 PM, Daniel Migault <daniel.migault@ericsson.com>;
> wrote:
>
> Hi,
>
> I am not clear what the consensus is for the following points. Is there
> any consensus for requesting the following ones?
>
> BR,
> Daniel
>
> TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256   = {0xTBD; 0xTBD} {0xD0,0x01};
> TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384   = {0xTBD; 0xTBD} {0xD0,0x02};
> TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 = {0xTBD; 0xTBD} {0xD0,0x03};
> TLS_ECDHE_PSK_WITH_AES_256_CCM_8_SHA384 = {0xTBD; 0xTBD} {0xD0,0x04};
> TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256   = {0xTBD; 0xTBD} {0xD0,0x05};
> TLS_ECDHE_PSK_WITH_AES_256_CCM_SHA384   = {0xTBD; 0xTBD} {0xD0,0x06};
>
>
>
> On Sun, Oct 9, 2016 at 7:11 PM, Martin Thomson <martin.thomson@gmail.com>;
> wrote:
>
>> I'm mainly just looking to economize on different configurations.
>>
>> On 9 October 2016 at 16:32, John Mattsson <john.mattsson@ericsson.com>;
>> wrote:
>> > Hi Martin,
>> >
>> >
>> > AES_256_CCM_8 was not in the first versions of the draft but added later
>> > after request from IoT people (probably afraid of quantum computers).
>> >
>> >
>> > While I think it makes very much sense to have short tags in wireless
>> > radio, I do not know how large need there is for AES-256 in IoT for
>> > constrained devices, or how large the need would be to truncate the tag
>> in
>> > these cases.
>> >
>> >
>> > My current understanding is that Grover’s algorithm may never be more
>> > cost-effective than a cluster of classical computers, and that quantum
>> > computers therefore likely do not affect the lifetime of AES-128.
>> >
>> >
>> > I do not have any strong opinions regarding keeping AES_256_CCM_8 or
>> not.
>> > We should not give the impression that AES-256 is needed for practical
>> > resistance to quantum computers anytime soon, it is however a
>> requirement
>> > for use by US government. Agree that AES_128_CCM_8 and AES_256_CCM seems
>> > like the best choices in most cases.
>> >
>> >
>> > Cheers,
>> > John
>> >
>> >
>> >
>> > On 12/08/16 08:29, "TLS on behalf of Martin Thomson" <
>> tls-bounces@ietf.org
>> > on behalf of martin.thomson@gmail.com>; wrote:
>> >
>> >>Looking at those emails, I am prompted to wonder if anyone can justify
>> >>the existence of a ciphersuite with a double-sized key and half-sized
>> >>authentication tag.  RFC 6655 doesn't really explain how that is a
>> >>useful thing.
>> >>
>> >>On 10 August 2016 at 19:33, Nikos Mavrogiannopoulos <nmav@redhat.com>;
>> >>wrote:
>> >>> On Tue, 2016-08-09 at 14:45 -0400, Sean Turner wrote:
>> >>>> All,
>> >>>>
>> >>>> We've received a request for early IANA assignments for the 6 cipher
>> >>>> suites listed in https://datatracker.ietf.org/d
>> oc/draft-ietf-tls-ecdh
>> >>>> e-psk-aead/.  Please respond before August 23rd if you have concerns
>> >>>> about early code point assignment for these cipher suites.
>> >>>
>> >>> I have previously raised an issue [0] on these ciphersuites. The same
>> >>> requirement was noted also by Peter Dettman as something special in
>> >>> [1]. However, there has been no reaction from the authors (now in CC).
>> >>>
>> >>> regards,
>> >>> Nikos
>> >>>
>> >>> [0].
>> >>>https://mailarchive.ietf.org/arch/msg/tls/4PZsc_Dy-aT299BYrlBKvZs0BOQ
>> >>> [1].
>> >>>https://mailarchive.ietf.org/arch/msg/tls/onEkdgH30eZgWs8v5Rp-CUqCHds
>> >>>
>> >>> _______________________________________________
>> >>> TLS mailing list
>> >>> TLS@ietf.org
>> >>> https://www.ietf.org/mailman/listinfo/tls
>> >>
>> >>_______________________________________________
>> >>TLS mailing list
>> >>TLS@ietf.org
>> >>https://www.ietf.org/mailman/listinfo/tls
>> >
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>