IETF Logo Mail Archive

Re: [Tls-reg-review] EXTERNAL: Re: [IANA #1132414] Re: Request to register TLS integrity only cipher suites for TLS 1.3

Jack Visoky <jmvisoky@ra.rockwell.com> Thu, 10 December 2020 22:28 UTC

Return-Path: <jmvisoky@ra.rockwell.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 256F43A12F7 for <tls-reg-review@ietfa.amsl.com>; Thu, 10 Dec 2020 14:28:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ra.rockwell.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7X9_QOLJdwQo for <tls-reg-review@ietfa.amsl.com>; Thu, 10 Dec 2020 14:28:52 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-eopbgr760081.outbound.protection.outlook.com [40.107.76.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA0783A12F6 for <tls-reg-review@ietf.org>; Thu, 10 Dec 2020 14:28:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iPFI2MFrEAs8502cJCDYGMkd646Ozym689DuRUfqLZE4q9S1JrrN8/FE6oENunZV7jO4xD/1D0Ei2rJI5BbBVGmzUPUAKkHma+lcanduJ0rgqGXxitYdj54jhRWGKWStCv50So6VqsYft+PeRUBw5jREk3g7DsehcQY+50321UCHZ0rtxggzSxMLuORyZSbQNhYlpo3clZsVdePuJ1cjZaG07Rj6dSq+0ofgDhK0tufGPOvxEFzibprNO9vCbqRRCO91m1plP3wHNKDNj64M6cn/wCQdQFrbxZ3PeywnB684vHW4BcwBfQyewdM+fpa13JyCpWyyDzevgU6Hv4v0Hw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L7IjK8bPS3E7AtIC105sdXTwyD2hAxiHmfTxWFDOkag=; b=fQ4a2dmyRiNtA6a6Lh/DpXgKSNsTyhEY8I5sbdIP1rztmo6crMnoVgSvMp+6VulN7X312Z7Fo+R9bS9gx71iuVRctF6IysBsGibzYDY8pzUAC2t1cJGJxXu40h8tDCAE+aRVz1qd0geiOMmp/wXgtX9muiKcjNm69CEuvojiwuEYR0C037YcXTk3Lipw7SzOA0W1ZbwJMhGMgGBndzGVsiZITmXPut1DYxO4XL+GTqrw+ZQhJWupuP7DVLvphca7oZTLRiTYXUHImts7mRvmh6G5v2XBx5zIIfLb8fqB0+FecGlR+jCsWnNIH123pwchy2f7i1Q6umKO4LPG78LYRA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ra.rockwell.com; dmarc=pass action=none header.from=ra.rockwell.com; dkim=pass header.d=ra.rockwell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ra.rockwell.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L7IjK8bPS3E7AtIC105sdXTwyD2hAxiHmfTxWFDOkag=; b=SVKWWT7fqMy931tzm3qoRIwLOgExSxuHwxKfg/hpg06265NrBlnxxXBDXBMEfZZOgaawZ039tNANby1NL+c744a6ByJmwGCBunc8BsNuIvN9Y1FouhVT5geSkdW8U96i7Y08Q90bzZhCVlXu6uRHpXAKLL7efjENmS79C0joPRI=
Received: from DM5PR2201MB1643.namprd22.prod.outlook.com (2603:10b6:4:34::17) by DM5PR2201MB1354.namprd22.prod.outlook.com (2603:10b6:4:17::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Thu, 10 Dec 2020 22:28:51 +0000
Received: from DM5PR2201MB1643.namprd22.prod.outlook.com ([fe80::7898:4f49:aaaf:f9e2]) by DM5PR2201MB1643.namprd22.prod.outlook.com ([fe80::7898:4f49:aaaf:f9e2%6]) with mapi id 15.20.3632.023; Thu, 10 Dec 2020 22:28:51 +0000
From: Jack Visoky <jmvisoky@ra.rockwell.com>
To: Benjamin Kaduk <kaduk@mit.edu>, "Salz, Rich" <rsalz@akamai.com>
CC: "iana-prot-param@iana.org" <iana-prot-param@iana.org>, "ncamwing@cisco.com" <ncamwing@cisco.com>, "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>
Thread-Topic: EXTERNAL: Re: [Tls-reg-review] [IANA #1132414] Re: Request to register TLS integrity only cipher suites for TLS 1.3
Thread-Index: AQHWzo29p5bPLI7aj0m/vlRCxCHwVqnvoliAgAAAsICAAUTnoA==
Date: Thu, 10 Dec 2020 22:28:51 +0000
Message-ID: <DM5PR2201MB16432264A0EDF46FFCF2034B99CB0@DM5PR2201MB1643.namprd22.prod.outlook.com>
References: <RT-Ticket-1132414@icann.org> <CFEF8F6B-9136-4B4C-B6DE-0E635786A240@akamai.com> <rt-4.4.3-21493-1544578196-1273.1132414-37-0@icann.org> <B8FCF390-4B0A-46BC-B3AB-E92A7C7D4FCF@akamai.com> <rt-4.4.3-23334-1544633480-1124.1132414-37-0@icann.org> <rt-4.4.3-4154-1544656355-1253.1132414-37-0@icann.org> <6D19FB88-FBA8-4F50-A004-067AE6218344@akamai.com> <20201210004439.GB64351@kduck.mit.edu> <96E22077-B954-4C3C-82AC-E311594D71A3@akamai.com> <20201210025635.GD64351@kduck.mit.edu>
In-Reply-To: <20201210025635.GD64351@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5LnR4dCIgcD0iYzpcdXNlcnNcam12aXNvazFcYXBwZGF0YVxyb2FtaW5nXDA5ZDg0OWI2LTMyZDMtNGE0MC04NWVlLTZiODRiYTI5ZTM1Ylxtc2dzXG1zZy0xMmUwNGNmNi0zYjM3LTExZWItOTZkOS01NGJmNjQyZjIyYjBcYW1lLXRlc3RcMTJlMDRjZjctM2IzNy0xMWViLTk2ZDktNTRiZjY0MmYyMmIwYm9keS50eHQiIHN6PSI3MjI2IiB0PSIxMzI1MjExMjkzMDEzMTA2MjUiIGg9IklVN282TjNvSUtrNk0zUDU4SnFJZlZLZk84ST0iIGlkPSIiIGJsPSIwIiBibz0iMSIvPjwvbWV0YT4=
x-dg-rorf: true
authentication-results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=ra.rockwell.com;
x-originating-ip: [2600:1702:19a0:f0c0:69c7:e35c:54b4:5efe]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 007259db-1ba3-4f58-9132-08d89d5af882
x-ms-traffictypediagnostic: DM5PR2201MB1354:
x-microsoft-antispam-prvs: <DM5PR2201MB13544EA77EDC255F0D37B88299CB0@DM5PR2201MB1354.namprd22.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xTPVrxD8l9XzG9rdXKlETuaEZ+MLNh7UgmHyLeuK1W1YKIhFnQsfFUWBQ1HsVwDNNepYEnkzg9sY5Ay/flv9k0FqMMciZlepygmOAuNO8AHa6h9roWjB+Csw2KaHGAlmzq788RIJ0BcgMoqNuzvaAWHGkgoEg3ZaPEvvw+aMLTPY5034q0pCEuXryR+P9imCNxnry7AwKqj+eTCfV6MabbEBQqZH9sMqNNgCEyxGBpuCdsfA4we4H6GNvs6sqJyKacNkuXdBGf4nAw4Rsfz9T2IAXnZ25aJOxdnLuKBxuYV5JdyW/du4wsRFYSSnQNnvX6W6/wLcVTkH85uDH+8dfJSL+6ZfhM0EspFDbxRsaxzt0Y0B1NoFF27AACWA0JekVsKe/ctww5Znm7MQKeUrcw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR2201MB1643.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(136003)(376002)(9686003)(5660300002)(66446008)(53546011)(66946007)(71200400001)(186003)(66476007)(4326008)(64756008)(76116006)(55016002)(66556008)(2906002)(54906003)(508600001)(86362001)(83380400001)(6506007)(33656002)(8936002)(966005)(7696005)(52536014)(8676002)(110136005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: V/AtRekv7Xg+SaXKr7x+EK2CRIm7nmkUn5dMZ/0PvCNLCFipsmKvfSRcXvBdPLCs837DO4XxAFrYrBjAYPstKyo+sV5IZZPbyIxHGs8W3g0CdDNWxs6pDw9W6FzP1JZLdzklzQMMFgQZvENARkSE4JKwV15GJ0PAxOFtHg/oZ5CwIEe4N1IoMsASfxL5BmEnezom7OWrySx1y8EZ3k7Zrb84W6Iy4UhpkRAXff9esahslsmAQrmF+9q160v9+W91dXE34kgTmeFmLWOlQniK1uHHN05ErH0jVNh031HdZTzYEEKmLGsVdUkm35H13+X6w57NH4y6sYrpDFWQ+8qPtysWV0PEch8gMXphvSM8YnrMckIzbpo+y6oRQWEInZMIrCBFHK3umfJEAhxIfswDany6auQJhhR7ltEh5x+mAImFakcpf73kRsHn4sM93QC0fPpB16uLtYBy+nC65NUugVuAqsCtQEA4JeD2K1FlVLvNjAehXbhw8W2SHp0vrLn57gLBUPSj8xp4R7QHOhJkRc9g45IX4ogBa/evEhod0Z5605oOLikezvIS2Ol5jFjbZFSuy5AIAFXz/phOGVKLyLz8K25NvMQt1bn6eeO3DdKhN+6WOVL6PQFZ9ZO+UQIXkr2JoJs74/R0HT9ZilubYiIEu0yu7MylsrxwMTFLcEO+AA2ZYII6h3QDdB5cq7yR0V6vj4p3ICcf4g1PX7FBI1adVbL0loO8AyNM/AZ+iwr0cOotR5p2sZVToYhQivnVwAE99xlBI8vQ5ZcJvCbGq0+vCVjfMqM288GNYMBAKteZwGAiJWEv4HUnnpgVHN1mb1623iAjB6xbWfR3Zys7E24ASrUFNK+F6ANt6v7GvmO6FZ1CIbNUG/pkFkbJAlwFGFgSgmZn1/WHz+kVhRJqmyf7bmhBTScMk0vBD5eS1vPUIvbVyhOyAHErInOOJ6RcGSnMZLTw0uXiRxJHc8elRCR/kJGjj5E0Fn5j0x59V3aWoKmo1LbQWzgYGm8F7ohRnAWXESadku7IrY/merJy8/ii5gEFSt0tXCYcW3UtGkbmFlTuC/5yP/Sz698eiu6Y
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ra.rockwell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR2201MB1643.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 007259db-1ba3-4f58-9132-08d89d5af882
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Dec 2020 22:28:51.4499 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 855b093e-7340-45c7-9f0c-96150415893e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rJscRZREfyTM2Ft2ydGBSlkcTDNbeIA4OVAMRcNAzI8COb9p4uafL7y4E4HV9NZrrzErAwCPQSI07nRYPcbZhiDaOTjLRwnpTANbclvzs4Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2201MB1354
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/AX82FodlamHxqsgz-gnncdvQrWI>
Subject: Re: [Tls-reg-review] EXTERNAL: Re: [IANA #1132414] Re: Request to register TLS integrity only cipher suites for TLS 1.3
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2020 22:28:55 -0000

Hi,

This is a good question, thanks for raising it! Of course our intention is to allow for these ciphers to be used with DTLS, as I know of at least two use cases that are planned for these cipher suites with DTLS 1.3. 

For DTLS we'd expect that the sequence numbers would not use encryption. The DTLS 1.3 draft section 4.2.3 (Sequence Number Encryption) starts off with "In DTLS 1.3, when records are encrypted, record sequence numbers are also encrypted". I think we can use the reasoning that the record is not encrypted for these cipher suites so the sequence numbers are also not encrypted.

All that said, we should make this explicit in our RFC draft (https://datatracker.ietf.org/doc/draft-camwinget-tls-ts13-macciphersuites/). The draft already has some text on how to construct the DTLS plaintext, but it makes sense to explicitly state that there is no encryption applied to the sequence number. Does that sound reasonable?

Thanks,

--Jack 


-----Original Message-----
From: Benjamin Kaduk <kaduk@mit.edu> 
Sent: Wednesday, December 9, 2020 9:57 PM
To: Salz, Rich <rsalz@akamai.com>
Cc: iana-prot-param@iana.org; ncamwing@cisco.com; tls-reg-review@ietf.org; Jack Visoky <jmvisoky@ra.rockwell.com>
Subject: EXTERNAL: Re: [Tls-reg-review] [IANA #1132414] Re: Request to register TLS integrity only cipher suites for TLS 1.3

[Use caution with links & attachments]



Sorry, "these ciphers" was intended to mean TLS_SHA256_SHA256 and TLS_SHA384_SHA384.

-Ben

On Thu, Dec 10, 2020 at 02:54:07AM +0000, Salz, Rich wrote:
> Not sure what "these ciphers" means, but in retrospect it was ambiguous to say DTLS-OK because that doesn't have version info and DTLS 1.3 was still a draft.
>
> On 12/9/20, 7:44 PM, "Benjamin Kaduk" <kaduk@mit.edu> wrote:
>
>     Digging up this old thread since we may have to revisit the DTLS-OK
>     value...
>     My AD review of draft-ietf-tls-dtls13 notes that the mechanism for sequence
>     number encryption makes some assumptions on the underlying cipher of the
>     AEAD construction.  One proposal for changing the draft to make different
>     assumptions that are more future-proof may involve setting DTLS-OK to 'N'
>     for these ciphers (https://urldefense.com/v3/__https://github.com/tlswg/dtls13-spec/pull/166/files__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF_-zfT79$ ).
>     Regardless, the authors of this draft might do well to provide some
>     indication of the expected sequence number (non-)protection mechanism.
>
>     -Ben
>
>     On Thu, Dec 13, 2018 at 03:55:03AM +0000, Salz, Rich wrote:
>     > DLTS-OK is Y
>     >
>     > On 12/12/18, 6:12 PM, "Sabrina Tanamal via RT" <iana-prot-param@iana.org> wrote:
>     >
>     >     Hi Rich, all,
>     >
>     >     Sorry we have one more question. Can you let us know how to fill in the "DTLS-OK" column in the TLS Cipher Suites registry?
>     >
>     >     Thanks,
>     >
>     >     Sabrina Tanamal (filling in for Amanda)
>     >     Senior IANA Services Specialist
>     >
>     >     On Wed Dec 12 16:51:20 2018, rsalz@akamai.com wrote:
>     >     > To avoid creating new holes, how about right after dragonfly:
>     >     > 0xC0,0xB3       TLS_ECCPWD_WITH_AES_256_CCM_SHA384      Y       N
>     >     > [RFC-harkins-tls-dragonfly-03]
>     >     > 0xC0,0xB4-FF    Unassigned
>     >     >
>     >     > On 12/11/18, 8:29 PM, "Amanda Baber via RT" <iana-prot-
>     >     > param@iana.org> wrote:
>     >     >
>     >     > Hi Rich,
>     >     >
>     >     > Which values should we assign? There are a number of ranges available,
>     >     > and I haven't been able to find any text in RFC 8447 or RFC 8446 that
>     >     > identifies which section is for "Not Recommended" assignments:
>     >     >
>     >     > https://urldefense.com/v3/__https://www.iana.org/assignments/tls-parameters/tls-__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF5GSbsmF$
>     >     > parameters.xhtml#tls-parameters-4
>     >     >
>     >     > Thanks for your patience,
>     >     >
>     >     > Amanda Baber
>     >     > Lead IANA Services Specialist
>     >     >
>     >     > On Tue Dec 11 20:34:22 2018, rsalz@akamai.com wrote:
>     >     > > We discussed this and approve.  Please assign two numbers in the "not
>     >     > > recommended" space.
>     >     > >
>     >     > > Thanks!
>     >     > >
>     >     > > On 12/5/18, 2:54 PM, "Nancy Cam-Winget (ncamwing)"
>     >     > > <ncamwing@cisco.com> wrote:
>     >     > >
>     >     > > > Contact Name:
>     >     > > > Nancy Cam-Winget
>     >     > > >
>     >     > > > Contact Email:
>     >     > > > ncamwing@cisco.com
>     >     > > >
>     >     > > > Type of Assignment:
>     >     > > > "Not Recommended" TLS Cipher suite assignment
>     >     > > >
>     >     > > > Registry:
>     >     > > > TLS 1.3 cipher suite
>     >     > > >
>     >     > > > Description:
>     >     > > > At least two IoT (ODVA and IEC) forums are requesting the need for
>     >     > > > enabling TLS 1.3 with integrity only protection in the data plane.
>     >     > > > Under security considerations, we are not recommending this cipher
>     >     > > > suite to be widely used and note that no privacy is provided when
>     >     > > > this
>     >     > > > cipher suite is used and several use cases have been noted where
>     >     > > > privacy is not required.
>     >     > > >
>     >     > > > Additional Info:
>     >     > > > We have noted the use cases and security (and privacy)
>     >     > > > considerations
>     >     > > > in https://urldefense.com/v3/__https://tools.ietf.org/html/draft-camwinget-tls-ts13-__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF7v813C7$
>     >     > > > macciphersuites-01 as well as how the cipher suite would be used
>     >     > > > with
>     >     > > > TLS 1.3
>     >     > >
>     >     > >
>     >     > >
>     >     > > _______________________________________________
>     >     > > tls-reg-review mailing list
>     >     > > tls-reg-review@ietf.org
>     >     > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF_vbCWlv$
>     >     > >
>     >     > >
>     >     >
>     >     >
>     >     >
>     >
>     >     _______________________________________________
>     >     tls-reg-review mailing list
>     >     tls-reg-review@ietf.org
>     >     https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF_vbCWlv$
>     >
>     >
>     > _______________________________________________
>     > tls-reg-review mailing list
>     > tls-reg-review@ietf.org
>     > 
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!Cgmij5Wt0oMzNbDoeK1U8AEo73neLzwjrH9H6QeltjN1eUHWkywBF_vbCWlv$
>

v2.23.0 | Report a Bug | By Email