Re: [TLS] Support of integrity only cipher suites in TLS 1.3
Harlan Lieberman-Berg <hlieberman@setec.io> Tue, 04 April 2017 05:09 UTC
Return-Path: <hlieberman@setec.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 681A7126B6D for <tls@ietfa.amsl.com>; Mon, 3 Apr 2017 22:09:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=setec.io header.b=AkCj/bVk; dkim=pass (1024-bit key) header.d=setec.io header.b=AkCj/bVk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ov637Y81I4g0 for <tls@ietfa.amsl.com>; Mon, 3 Apr 2017 22:09:51 -0700 (PDT)
Received: from xmenrevolution.com (xmenrevolution.com [97.107.134.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99042126DCA for <tls@ietf.org>; Mon, 3 Apr 2017 22:09:50 -0700 (PDT)
Received: by xmenrevolution.com (Postfix, from userid 113) id 8147216A2C; Tue, 4 Apr 2017 01:09:49 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=setec.io; s=mail; t=1491282589; bh=QUdq4XqsGgDSO+6kJ74Y0+vuYCT624FyN58SQyQzPAo=; h=From:To:Subject:In-Reply-To:References:Date:From; b=AkCj/bVk1/bsIS03rv/Acj/rtsvQq95SRwSxGRcEUGKrL+DMkDlPUr2Hz2bqGb7K4 68VfKTwWcZVPHfkKOVSbnrl0s6I+Aafyelhlr37vVDzdITtCE6C6sg1g+Qa7L3VkqZ kTUvMfHNs+QFmvWXDJTTysz/y16OAZgty+mQFFSs=
Received: from agartha (unknown [216.15.121.176]) by xmenrevolution.com (Postfix) with ESMTPSA id E98D016A13; Tue, 4 Apr 2017 01:09:48 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=setec.io; s=mail; t=1491282589; bh=QUdq4XqsGgDSO+6kJ74Y0+vuYCT624FyN58SQyQzPAo=; h=From:To:Subject:In-Reply-To:References:Date:From; b=AkCj/bVk1/bsIS03rv/Acj/rtsvQq95SRwSxGRcEUGKrL+DMkDlPUr2Hz2bqGb7K4 68VfKTwWcZVPHfkKOVSbnrl0s6I+Aafyelhlr37vVDzdITtCE6C6sg1g+Qa7L3VkqZ kTUvMfHNs+QFmvWXDJTTysz/y16OAZgty+mQFFSs=
From: Harlan Lieberman-Berg <hlieberman@setec.io>
To: "Fries, Steffen" <steffen.fries@siemens.com>, TLS WG <tls@ietf.org>
In-Reply-To: <E6C9F0E527F94F4692731382340B337847DB9A@DENBGAT9EH2MSX.ww902.siemens.net>
References: <E6C9F0E527F94F4692731382340B337847DB9A@DENBGAT9EH2MSX.ww902.siemens.net>
Date: Tue, 04 Apr 2017 01:09:48 -0400
Message-ID: <87inmkrc6b.fsf@setec.io>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0oHqp7GBwDqIdCT15Cmhq5VX0iw>
Subject: Re: [TLS] Support of integrity only cipher suites in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Apr 2017 05:09:53 -0000
"Fries, Steffen" <steffen.fries@siemens.com> writes: > The reason I'm asking is that in industrial communication it is often > sufficient to have source authentication and message integrity while > probes on the network are still able to monitor the traffic for > certain properties or verify allowed exchanges. Hello Steffen, We've had a couple of discussions about this on the mailing list before. (See especially the "Industry Concerns about TLS 1.3" email thread starting with DM5PR11MB1419B782D2BEF0E0A35E420DF4C90@DM5PR11MB1419.namprd11.prod.outlook.com). At this point, I don't think there's much of an appetite to be adding support for null-encryption cipher suites into TLS 1.3. In a quick summary of the 100+ message thread, the impression I got from the conversation was that the WG feels there's too much foot-gun potential from null cipher suites and that the risk was too high and the concerns brought up too late. Sincerely, -- Harlan Lieberman-Berg ~hlieberman
- [TLS] Support of integrity only cipher suites in … Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Harlan Lieberman-Berg
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Hanno Böck
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Salz, Rich
- Re: [TLS] Support of integrity only cipher suites… Eric Rescorla
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Kyle Rose
- Re: [TLS] Support of integrity only cipher suites… Peter Gutmann