Re: [Tls-reg-review] [IANA #1132414] Re: Request to register TLS integrity only cipher suites for TLS 1.3
Benjamin Kaduk <kaduk@mit.edu> Thu, 10 December 2020 00:45 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E87FF3A0930 for <tls-reg-review@ietfa.amsl.com>; Wed, 9 Dec 2020 16:45:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sejJHx7o3216 for <tls-reg-review@ietfa.amsl.com>; Wed, 9 Dec 2020 16:45:15 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F0E53A091C for <tls-reg-review@ietf.org>; Wed, 9 Dec 2020 16:45:15 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 0BA0ieoR011363 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 9 Dec 2020 19:44:44 -0500
Date: Wed, 09 Dec 2020 16:44:39 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "iana-prot-param@iana.org" <iana-prot-param@iana.org>, "ncamwing@cisco.com" <ncamwing@cisco.com>, "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>, "jmvisoky@ra.rockwell.com" <jmvisoky@ra.rockwell.com>
Message-ID: <20201210004439.GB64351@kduck.mit.edu>
References: <RT-Ticket-1132414@icann.org> <CFEF8F6B-9136-4B4C-B6DE-0E635786A240@akamai.com> <rt-4.4.3-21493-1544578196-1273.1132414-37-0@icann.org> <B8FCF390-4B0A-46BC-B3AB-E92A7C7D4FCF@akamai.com> <rt-4.4.3-23334-1544633480-1124.1132414-37-0@icann.org> <rt-4.4.3-4154-1544656355-1253.1132414-37-0@icann.org> <6D19FB88-FBA8-4F50-A004-067AE6218344@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <6D19FB88-FBA8-4F50-A004-067AE6218344@akamai.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/ZILB-f7V7t8O6UC9D_OZeSNAclI>
Subject: Re: [Tls-reg-review] [IANA #1132414] Re: Request to register TLS integrity only cipher suites for TLS 1.3
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2020 00:45:18 -0000
Digging up this old thread since we may have to revisit the DTLS-OK value... My AD review of draft-ietf-tls-dtls13 notes that the mechanism for sequence number encryption makes some assumptions on the underlying cipher of the AEAD construction. One proposal for changing the draft to make different assumptions that are more future-proof may involve setting DTLS-OK to 'N' for these ciphers (https://github.com/tlswg/dtls13-spec/pull/166/files). Regardless, the authors of this draft might do well to provide some indication of the expected sequence number (non-)protection mechanism. -Ben On Thu, Dec 13, 2018 at 03:55:03AM +0000, Salz, Rich wrote: > DLTS-OK is Y > > On 12/12/18, 6:12 PM, "Sabrina Tanamal via RT" <iana-prot-param@iana.org> wrote: > > Hi Rich, all, > > Sorry we have one more question. Can you let us know how to fill in the "DTLS-OK" column in the TLS Cipher Suites registry? > > Thanks, > > Sabrina Tanamal (filling in for Amanda) > Senior IANA Services Specialist > > On Wed Dec 12 16:51:20 2018, rsalz@akamai.com wrote: > > To avoid creating new holes, how about right after dragonfly: > > 0xC0,0xB3 TLS_ECCPWD_WITH_AES_256_CCM_SHA384 Y N > > [RFC-harkins-tls-dragonfly-03] > > 0xC0,0xB4-FF Unassigned > > > > On 12/11/18, 8:29 PM, "Amanda Baber via RT" <iana-prot- > > param@iana.org> wrote: > > > > Hi Rich, > > > > Which values should we assign? There are a number of ranges available, > > and I haven't been able to find any text in RFC 8447 or RFC 8446 that > > identifies which section is for "Not Recommended" assignments: > > > > https://www.iana.org/assignments/tls-parameters/tls- > > parameters.xhtml#tls-parameters-4 > > > > Thanks for your patience, > > > > Amanda Baber > > Lead IANA Services Specialist > > > > On Tue Dec 11 20:34:22 2018, rsalz@akamai.com wrote: > > > We discussed this and approve. Please assign two numbers in the "not > > > recommended" space. > > > > > > Thanks! > > > > > > On 12/5/18, 2:54 PM, "Nancy Cam-Winget (ncamwing)" > > > <ncamwing@cisco.com> wrote: > > > > > > > Contact Name: > > > > Nancy Cam-Winget > > > > > > > > Contact Email: > > > > ncamwing@cisco.com > > > > > > > > Type of Assignment: > > > > "Not Recommended" TLS Cipher suite assignment > > > > > > > > Registry: > > > > TLS 1.3 cipher suite > > > > > > > > Description: > > > > At least two IoT (ODVA and IEC) forums are requesting the need for > > > > enabling TLS 1.3 with integrity only protection in the data plane. > > > > Under security considerations, we are not recommending this cipher > > > > suite to be widely used and note that no privacy is provided when > > > > this > > > > cipher suite is used and several use cases have been noted where > > > > privacy is not required. > > > > > > > > Additional Info: > > > > We have noted the use cases and security (and privacy) > > > > considerations > > > > in https://tools.ietf.org/html/draft-camwinget-tls-ts13- > > > > macciphersuites-01 as well as how the cipher suite would be used > > > > with > > > > TLS 1.3 > > > > > > > > > > > > _______________________________________________ > > > tls-reg-review mailing list > > > tls-reg-review@ietf.org > > > https://www.ietf.org/mailman/listinfo/tls-reg-review > > > > > > > > > > > > > > _______________________________________________ > tls-reg-review mailing list > tls-reg-review@ietf.org > https://www.ietf.org/mailman/listinfo/tls-reg-review > > > _______________________________________________ > tls-reg-review mailing list > tls-reg-review@ietf.org > https://www.ietf.org/mailman/listinfo/tls-reg-review
- [Tls-reg-review] Request to register TLS integrit… Nancy Cam-Winget (ncamwing)
- Re: [Tls-reg-review] Request to register TLS inte… Salz, Rich
- Re: [Tls-reg-review] Request to register TLS inte… Nick Sullivan
- Re: [Tls-reg-review] Request to register TLS inte… Yoav Nir
- Re: [Tls-reg-review] Request to register TLS inte… Salz, Rich
- [Tls-reg-review] [IANA #1132414] Re: Request to r… Amanda Baber via RT
- Re: [Tls-reg-review] [IANA #1132414] Re: Request … Salz, Rich
- [Tls-reg-review] [IANA #1132414] Re: Request to r… Sabrina Tanamal via RT
- Re: [Tls-reg-review] [IANA #1132414] Re: Request … Salz, Rich
- [Tls-reg-review] [IANA #1132414] Re: Request to r… Sabrina Tanamal via RT
- Re: [Tls-reg-review] [IANA #1132414] Re: Request … Benjamin Kaduk
- Re: [Tls-reg-review] [IANA #1132414] Re: Request … Salz, Rich
- Re: [Tls-reg-review] [IANA #1132414] Re: Request … Benjamin Kaduk
- Re: [Tls-reg-review] EXTERNAL: Re: [IANA #1132414… Jack Visoky
- Re: [Tls-reg-review] EXTERNAL: Re: [IANA #1132414… Salz, Rich
- [Tls-reg-review] [IANA #1184629] Re: Re: Request … Amanda Baber via RT
- Re: [Tls-reg-review] [IANA #1184629] Re: Re: Requ… Salz, Rich
- Re: [Tls-reg-review] EXTERNAL: Re: [IANA #1132414… Benjamin Kaduk