Re: [Tls-reg-review] [IANA #1132414] Re: Request to register TLS integrity only cipher suites for TLS 1.3

[Benjamin Kaduk <kaduk@mit.edu>]

Sorry, "these ciphers" was intended to mean TLS_SHA256_SHA256 and
TLS_SHA384_SHA384.

-Ben

On Thu, Dec 10, 2020 at 02:54:07AM +0000, Salz, Rich wrote:
> Not sure what "these ciphers" means, but in retrospect it was ambiguous to say DTLS-OK because that doesn't have version info and DTLS 1.3 was still a draft.
> 
> On 12/9/20, 7:44 PM, "Benjamin Kaduk" <kaduk@mit.edu> wrote:
> 
>     Digging up this old thread since we may have to revisit the DTLS-OK
>     value...
>     My AD review of draft-ietf-tls-dtls13 notes that the mechanism for sequence
>     number encryption makes some assumptions on the underlying cipher of the
>     AEAD construction.  One proposal for changing the draft to make different
>     assumptions that are more future-proof may involve setting DTLS-OK to 'N'
>     for these ciphers (https://urldefense.com/v3/__https://github.com/tlswg/dtls13-spec/pull/166/files__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF_-zfT79$ ).
>     Regardless, the authors of this draft might do well to provide some
>     indication of the expected sequence number (non-)protection mechanism.
> 
>     -Ben
> 
>     On Thu, Dec 13, 2018 at 03:55:03AM +0000, Salz, Rich wrote:
>     > DLTS-OK is Y
>     > 
>     > On 12/12/18, 6:12 PM, "Sabrina Tanamal via RT" <iana-prot-param@iana.org> wrote:
>     > 
>     >     Hi Rich, all, 
>     >     
>     >     Sorry we have one more question. Can you let us know how to fill in the "DTLS-OK" column in the TLS Cipher Suites registry?
>     >     
>     >     Thanks,
>     >     
>     >     Sabrina Tanamal (filling in for Amanda)
>     >     Senior IANA Services Specialist
>     >     
>     >     On Wed Dec 12 16:51:20 2018, rsalz@akamai.com wrote:
>     >     > To avoid creating new holes, how about right after dragonfly:
>     >     > 0xC0,0xB3       TLS_ECCPWD_WITH_AES_256_CCM_SHA384      Y       N
>     >     > [RFC-harkins-tls-dragonfly-03]
>     >     > 0xC0,0xB4-FF    Unassigned
>     >     > 
>     >     > On 12/11/18, 8:29 PM, "Amanda Baber via RT" <iana-prot-
>     >     > param@iana.org> wrote:
>     >     > 
>     >     > Hi Rich,
>     >     > 
>     >     > Which values should we assign? There are a number of ranges available,
>     >     > and I haven't been able to find any text in RFC 8447 or RFC 8446 that
>     >     > identifies which section is for "Not Recommended" assignments:
>     >     > 
>     >     > https://urldefense.com/v3/__https://www.iana.org/assignments/tls-parameters/tls-__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF5GSbsmF$ 
>     >     > parameters.xhtml#tls-parameters-4
>     >     > 
>     >     > Thanks for your patience,
>     >     > 
>     >     > Amanda Baber
>     >     > Lead IANA Services Specialist
>     >     > 
>     >     > On Tue Dec 11 20:34:22 2018, rsalz@akamai.com wrote:
>     >     > > We discussed this and approve.  Please assign two numbers in the "not
>     >     > > recommended" space.
>     >     > >
>     >     > > Thanks!
>     >     > >
>     >     > > On 12/5/18, 2:54 PM, "Nancy Cam-Winget (ncamwing)"
>     >     > > <ncamwing@cisco.com> wrote:
>     >     > >
>     >     > > > Contact Name:
>     >     > > > Nancy Cam-Winget
>     >     > > >
>     >     > > > Contact Email:
>     >     > > > ncamwing@cisco.com
>     >     > > >
>     >     > > > Type of Assignment:
>     >     > > > "Not Recommended" TLS Cipher suite assignment
>     >     > > >
>     >     > > > Registry:
>     >     > > > TLS 1.3 cipher suite
>     >     > > >
>     >     > > > Description:
>     >     > > > At least two IoT (ODVA and IEC) forums are requesting the need for
>     >     > > > enabling TLS 1.3 with integrity only protection in the data plane.
>     >     > > > Under security considerations, we are not recommending this cipher
>     >     > > > suite to be widely used and note that no privacy is provided when
>     >     > > > this
>     >     > > > cipher suite is used and several use cases have been noted where
>     >     > > > privacy is not required.
>     >     > > >
>     >     > > > Additional Info:
>     >     > > > We have noted the use cases and security (and privacy)
>     >     > > > considerations
>     >     > > > in https://urldefense.com/v3/__https://tools.ietf.org/html/draft-camwinget-tls-ts13-__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF7v813C7$ 
>     >     > > > macciphersuites-01 as well as how the cipher suite would be used
>     >     > > > with
>     >     > > > TLS 1.3
>     >     > >
>     >     > >
>     >     > >
>     >     > > _______________________________________________
>     >     > > tls-reg-review mailing list
>     >     > > tls-reg-review@ietf.org
>     >     > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF_vbCWlv$ 
>     >     > >
>     >     > >
>     >     > 
>     >     > 
>     >     > 
>     >     
>     >     _______________________________________________
>     >     tls-reg-review mailing list
>     >     tls-reg-review@ietf.org
>     >     https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF_vbCWlv$ 
>     >     
>     > 
>     > _______________________________________________
>     > tls-reg-review mailing list
>     > tls-reg-review@ietf.org
>     > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF_vbCWlv$ 
>