IETF Logo Mail Archive

[Tls-reg-review] Request to register TLS integrity only cipher suites for TLS 1.3

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Wed, 05 December 2018 19:54 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22934130EDA for <tls-reg-review@ietfa.amsl.com>; Wed, 5 Dec 2018 11:54:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.96
X-Spam-Level:
X-Spam-Status: No, score=-15.96 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z3mU9R5RTQ0e for <tls-reg-review@ietfa.amsl.com>; Wed, 5 Dec 2018 11:54:30 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 090DD130ED7 for <tls-reg-review@ietf.org>; Wed, 5 Dec 2018 11:54:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1294; q=dns/txt; s=iport; t=1544039670; x=1545249270; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=o5H8nkzMlDpb40RVOttxavPOikDa+oygNLb12edbEuY=; b=CAMYWILD7puAwNU57NN2zNYVVIlZFfd9nYUnuoqgYWygKCowJlmr2MWK Db/aU1jFUvWvFt22mlG+9TwxxaBgeCPuXNiLLtm6XVPE5haHkj6yrfwKC L0uaX3Kwqp7BVKzfTwC97wEPK+6XlCSAZAaCP47RJbkukz3QUUZv9q4xz Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ADAAAKLAhc/5RdJa1kGQEBAQEBAQEBAQEBAQcBAQEBAQGBUQQBAQEBAQsBggNmgQInCoNviBmMDplZFIFmCwEBI4RJGYJ6IjQJDQEDAQECAQECbRwBC4U+BCQRRRIBIgImAgQwFRIEDgWDIQGBeQgPpiyBL4NBcAKBDYRlBYELixMXgX+BEScfgh4ugSgZAYFcAQEDgSsBEgGDIzGCJgKPNZEhCQKBZoUbij8YkS8/iEqEaYplAhEUgScfOB5GcXAVZQGCQYIziGmFP0ExiRuBH4EfAQE
X-IronPort-AV: E=Sophos;i="5.56,319,1539648000"; d="scan'208";a="273896399"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Dec 2018 19:54:29 +0000
Received: from XCH-RTP-015.cisco.com (xch-rtp-015.cisco.com [64.101.220.155]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id wB5JsSPX030183 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 5 Dec 2018 19:54:28 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-015.cisco.com (64.101.220.155) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 5 Dec 2018 14:54:28 -0500
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1395.000; Wed, 5 Dec 2018 14:54:28 -0500
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>
CC: Jack Visoky <jmvisoky@ra.rockwell.com>
Thread-Topic: Request to register TLS integrity only cipher suites for TLS 1.3
Thread-Index: AQHUjNRUsdcgkT2qSUyfVGqLHm20Ng==
Date: Wed, 05 Dec 2018 19:54:27 +0000
Message-ID: <8E5F27CF-B2FB-44AE-AAB0-A799C5CBD6C3@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.c.0.180410
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.155.208.48]
Content-Type: text/plain; charset="utf-8"
Content-ID: <2FA0A7E0E28CC941B5E419056FF50D1A@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.155, xch-rtp-015.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/Lsrs0JQkBLXvdA38fLrMMLDakt8>
Subject: [Tls-reg-review] Request to register TLS integrity only cipher suites for TLS 1.3
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 19:54:32 -0000

    > Contact Name:
    > Nancy Cam-Winget
    > 
    > Contact Email:
    > ncamwing@cisco.com
    > 
    > Type of Assignment:
    > "Not Recommended" TLS Cipher suite assignment
    > 
    > Registry:
    > TLS 1.3 cipher suite
    > 
    > Description:
    > At least two IoT (ODVA and IEC) forums are requesting the need for
    > enabling TLS 1.3 with integrity only protection in the data plane.
    > Under security considerations, we are not recommending this cipher
    > suite to be widely used and note that no privacy is provided when this
    > cipher suite is used and several use cases have been noted where
    > privacy is not required.
    > 
    > Additional Info:
    > We have noted the use cases and security (and privacy) considerations
    > in https://tools.ietf.org/html/draft-camwinget-tls-ts13-macciphersuites-01 as well as how the cipher suite would be used with
    > TLS 1.3

v2.23.0 | Report a Bug | By Email