Re: [Iot-directorate] Iotdir early review of draft-camwinget-tls-ts13-macciphersuites-06
"RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org> Sun, 09 August 2020 13:53 UTC
Return-Path: <rfc-ise@rfc-editor.org>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ACCE3A0C3B; Sun, 9 Aug 2020 06:53:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gbuTLSiLhEtH; Sun, 9 Aug 2020 06:52:58 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C57893A0C18; Sun, 9 Aug 2020 06:52:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by rfc-editor.org (Postfix) with ESMTP id 06AB0F4071D; Sun, 9 Aug 2020 06:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at rfc-editor.org
Received: from rfc-editor.org ([127.0.0.1]) by localhost (rfcpa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gjczdtZ90xo; Sun, 9 Aug 2020 06:52:52 -0700 (PDT)
Received: from www.rfc-editor.org (localhost [127.0.0.1]) by rfc-editor.org (Postfix) with ESMTP id 154E4F40719; Sun, 9 Aug 2020 06:52:52 -0700 (PDT)
Received: from 84.51.134.26 (SquirrelMail authenticated user rfcpise) by www.rfc-editor.org with HTTP; Sun, 9 Aug 2020 06:52:52 -0700
Message-ID: <94bfe3cb3163a6f6254c72ba60741d04.squirrel@www.rfc-editor.org>
In-Reply-To: <159693845367.4048.18288256104777981676@ietfa.amsl.com>
References: <159693845367.4048.18288256104777981676@ietfa.amsl.com>
Date: Sun, 09 Aug 2020 06:52:52 -0700
From: "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: iot-directorate@ietf.org, draft-camwinget-tls-ts13-macciphersuites.all@ietf.org
Reply-To: rfc-ise@rfc-editor.org
User-Agent: SquirrelMail/1.4.21
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/Bnt10Z7EI5OS_n_vsaeC1pVthFo>
Subject: Re: [Iot-directorate] Iotdir early review of draft-camwinget-tls-ts13-macciphersuites-06
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Aug 2020 13:53:04 -0000
Michael, Very many thanks for this. It helps me a lot. Best, Adrian Michael Richardson via Datatracker wrote: > Reviewer: Michael Richardson > Review result: Ready > > Reviewer: Michael Richardson > Review result: Ready with Nits > Document: draft-camwinget-tls-ts13-macciphersuites-06 > > I have reviewed this document. > I found it clear and well written. > > I reviewed the discussion in the TLS WG list at: > https://mailarchive.ietf.org/arch/msg/tls/0oy4wY4xiB1tASCBDWczh2xTVMM/ > > I found the discussion in the TLS list as to why the TLS WG should not > adopt > it compelling, and I understand and agree with the reasons to go via the > ISE. > I do not feel that this is a run-around the WG. > > I did not find the three initial use cases at all compelling :-( > SHA256, implemented in software, is not particularly faster than AES. > See, for instance: https://cryptopp.com/benchmarks.html > where we see ~100 MiB/s {O(10^2)} for most algorithms on "big CPU" > (with some exceptions) > I suspect they are all bound by memory I/O speeds, not details of the > algorithm. > I could not see an AEAD mode bench tested on that page. > > On smaller CPUs, the difference MIGHT be more compelling, but on the > smaller > such CPUs, there is usually AES acceleration, which would make use of > an hardware acclerated AES based AEAD algorithm likely better than SHA256. > Of course, there is probably some devices, built without any security in > mind, which lack even that. I question whether or not they will be able > to > do reasonable authentication of the TLS end points (the RSA or ECDSA > operations). > > The use which I *DID* find compelling was in the fourth case, and I > suspect > that it covers many of the other cases. > > Furthermore, requirements for providing blackbox > recording of the safety related network traffic can only be fulfilled > through using integrity only ciphers, to be able to provide the > safety related commands to a third party, which is responsible for > the analysis after an accident. > > I found this compelling, as it has nothing at all to do with relative > speeds, > or perceived latencies, but on audit trails. > > > > > > -- Adrian Farrel (ISE), rfc-ise@rfc-editor.org
- [Iot-directorate] Iotdir early review of draft-ca… Michael Richardson via Datatracker
- Re: [Iot-directorate] Iotdir early review of draf… RFC ISE (Adrian Farrel)
- Re: [Iot-directorate] Iotdir early review of draf… Nancy Cam-Winget (ncamwing)
- Re: [Iot-directorate] Iotdir early review of draf… Michael Richardson
- Re: [Iot-directorate] EXTERNAL: Re: Iotdir early … Jack Visoky