IETF Logo Mail Archive

Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites

Jack Visoky <jmvisoky@ra.rockwell.com> Thu, 11 February 2021 23:08 UTC

Return-Path: <jmvisoky@ra.rockwell.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 442003A0DED for <tls@ietfa.amsl.com>; Thu, 11 Feb 2021 15:08:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ra.rockwell.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iyG7xPInLLe8 for <tls@ietfa.amsl.com>; Thu, 11 Feb 2021 15:08:45 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2060.outbound.protection.outlook.com [40.107.244.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 819BC3A0DEC for <TLS@ietf.org>; Thu, 11 Feb 2021 15:08:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m/cNS3uzkxTR2mT9TPqWb5syofpKtVNGgFt5nqqWEi8U2e9ekWneyGrwVEbDuTKoEd2phE6NxOdMKmD7/aQ5CWSy447wZTM75Kh6vQG16xYlufn4WxY9nb74uG3/qB9rgm+qnog2KRvZqvhSD4TwmscNB8juWjTggnBsoAJRHLb8LwaQel7yZzPlym9c95qe+CtEXludQEwGxAEaWIvkTHIirC42PxIqeIl+JNUABEhgqfIrp12IZYcXM1Ic6jlxsii+tRfRQbHxK9P/tLEu7kTAOT62K2LoLPNI3A3cdaQ6w6e1BNMr8fd7YJcS5ofX8lbNwUv1nk7JmunDdVbQdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4K/q2AM328bNtLs3TC4NBNU0KFr6rdgGslXiubYfxtw=; b=U/kC87fFsEtPum3guTAMWyttToEEiX9Mpf1sD/FWR5RccJTwEcp6I3IcpxLQTWEvADa5u7tOSkIXRtaxGBYh0IaR93V9raFBW6ghTxVxRw5gDkZkMj5LO8IQtXGVgO5u7qdI6CcZ8EUd83Xb9TCsp85zQ1BeQm+2TCTzctC91yWk6QZE90FY1ya/KacgoZKtP5rkeWMxYZv37c+rvJl5mATXXbaYJ9yyeHJKPEWH5vYSVDv9LkXhhUuruEAtOK2n0gUyI7vbPSblz0OeNqEOPY0MZwQ0vdezdjgVGKd7OYaXqPbJmq0OZkdiP8FPXbVKMNxAqBdSnRz/OCLOFnxcaw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ra.rockwell.com; dmarc=pass action=none header.from=ra.rockwell.com; dkim=pass header.d=ra.rockwell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ra.rockwell.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4K/q2AM328bNtLs3TC4NBNU0KFr6rdgGslXiubYfxtw=; b=ITCHaEU8uK4WOzsS8DPhL+6TJZwe9H8wVhJ5Up6vrjNTPt13H05jsSjphab0iVPjZFyB2S+LC5H0cJvucRocwISajLBPFWON8mIYWGUd9qB21pYErCWNtvHD98twt0j6AzODTmI3677jK4JEaFa1wVPnF643R084VuYIX6GkFMg=
Received: from DM5PR2201MB1643.namprd22.prod.outlook.com (2603:10b6:4:34::17) by DM6PR22MB1785.namprd22.prod.outlook.com (2603:10b6:5:257::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25; Thu, 11 Feb 2021 23:08:44 +0000
Received: from DM5PR2201MB1643.namprd22.prod.outlook.com ([fe80::b5:9927:99e6:834b]) by DM5PR2201MB1643.namprd22.prod.outlook.com ([fe80::b5:9927:99e6:834b%5]) with mapi id 15.20.3825.030; Thu, 11 Feb 2021 23:08:44 +0000
From: Jack Visoky <jmvisoky@ra.rockwell.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "TLS@ietf.org" <TLS@ietf.org>
Thread-Topic: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
Thread-Index: AQHXAF0eKpj0DQqHFUiRZYRt05ITUapTNmQAgAAbzvCAAAuGgIAAKy/w
Date: Thu, 11 Feb 2021 23:08:44 +0000
Message-ID: <DM5PR2201MB16431ECC2B24202905CFF810998C9@DM5PR2201MB1643.namprd22.prod.outlook.com>
References: <D553EA7A-1B49-4A7F-8992-FEEFC4B7C176@ericsson.com> <CABcZeBMvZyuZKoKykR=sXADDP2Pez6yT+FCGg=10++sNj+LC-A@mail.gmail.com> <DM5PR2201MB1643321F09407F251ADC8CFB998C9@DM5PR2201MB1643.namprd22.prod.outlook.com> <CABcZeBPjTKRE52QsZxAm9NWk_4rrNx583njJ4W-TggTm3SXDyQ@mail.gmail.com>
In-Reply-To: <CABcZeBPjTKRE52QsZxAm9NWk_4rrNx583njJ4W-TggTm3SXDyQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5Lmh0bWwiIHA9ImM6XHVzZXJzXGptdmlzb2sxXGFwcGRhdGFccm9hbWluZ1wwOWQ4NDliNi0zMmQzLTRhNDAtODVlZS02Yjg0YmEyOWUzNWJcbXNnc1xtc2ctMTRmZmNjZTEtNmNiZS0xMWViLTk2ZTMtNTRiZjY0MmYyMmIwXGFtZS10ZXN0XDE0ZmZjY2UyLTZjYmUtMTFlYi05NmUzLTU0YmY2NDJmMjJiMGJvZHkuaHRtbCIgc3o9IjU0MjIiIHQ9IjEzMjU3NTU4NTIyNzQ4NDgwOCIgaD0iVFA0WW0wWERaOUR6VFpOK2hJU2V6aGtyN2ZFPSIgaWQ9IiIgYmw9IjAiIGJvPSIxIi8+PC9tZXRhPg==
x-dg-rorf: true
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=ra.rockwell.com;
x-originating-ip: [2600:1702:19a0:f0c0:7c22:e8e1:aa1e:8cd1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ab372d35-68ae-4e0e-ad1f-08d8cee1fae1
x-ms-traffictypediagnostic: DM6PR22MB1785:
x-microsoft-antispam-prvs: <DM6PR22MB1785FE619504FEF9B196C61C998C9@DM6PR22MB1785.namprd22.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KiDFnA35jvbQF9KxeJbxIJ5IdKtPATpDD4yvJD55G3v06Fb9l8rLvf9aY6+AlGXgCnQCcQdPGiyfBJOW1Vt6ZlDuV/IOwRo1pZwJ4+QOYHqPzW0MZY1bHF2/LnITOGRsYj+Pp+2GWlasCfYrxCKl6cglAc7ewDbElg4dCVZXHdFwBfPesuofpcNPcEn4tJLAU/4WrrAjug1Jof0qfGQ0OOp3a4T7ANDlOWZrJnumvG9FR5nvHjEnQ/+RW8FpspnfyiG0k8BF4gRwOj4j5uFPx2HdvZjeyibMbQNTqV4kFKyby288+IYnDlN99R2w7TyrzdXGJsgLZUd4nykO8r111HW12x30WiLUzZi+j1rJZcvVqBzGDcQzKW9nAGTTh08ucRhSa8HVupQOphie/R+th8DqLekwP4lntmuOOAwelIIGsWsT5EhEseGeV5QW85wFVWjVIqcrfKB0e/Xpx/SEVq0vIWlv8uObUzuBC149Hz51KWCrFIO4d7gPauPfVlCJiDWfhTtU1ZPE88NG9NDYUEXY4z3/38jQc7MVkKwuJqWJwR2dA+L+26pZtiam0oOvUGnpncszoPqEv2iBL3T7JGzHppS7VtbPgaEgmZpNoFw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR2201MB1643.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(366004)(136003)(39860400002)(396003)(4326008)(316002)(33656002)(8936002)(7696005)(478600001)(9326002)(52536014)(5660300002)(9686003)(2906002)(6506007)(66946007)(71200400001)(66556008)(166002)(54906003)(966005)(8676002)(55016002)(64756008)(66476007)(66446008)(186003)(76116006)(6916009)(53546011)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 88cUds+KgY37sFdQ4FVsWmGlTRgRZfQNxBuKvqG5iOWy8oRjHPzeIMSEt99O+fEtb51UXvmvO0MJxrsTFAH1ylBTWA++qpcb2ocEdl6dMKlmWIkUdnmlEyuo0IC7IBe1C3AQtXbXm4J92EntHGRPS9HOmGJLR/TJlgdgAVnm47NfXDU/v25Y6k1kRqBAREBo48BYAxaXEwY8Wsq1TAHekQwleVeGLx/L6tEIq9SS3TEA6bA9L8pfkjncei1OVwji+k/FgJHtAdfp0fXyC2aSe0QoolFaArLT6yoiAHi3AzSLnDgl88tDlOK/ON1AL3pL6rNDJKdPvOV1ENqT5rFz+RTYySPb3e/pY3jgCc0a5y3A8OGXb7PA6xSokuRaB4vel+QgzCN6FuKnwxsCbIYEvgMjvvU0wXS4LcaR/AWKBiCvvPzx/yTvkfX0uf6tx1GyIJ/6+NDo9Ghpy2Ee/eABBbNckSsx2W+5mDOhu66iIxB5CxjXeDYlZX6Q07xJwB40mWQZYDVa0YjsEe7gz8SLawWmN/XVM86emVzyvBXrPyhaJ7DeFQ0rQjYQuiAQJi9W4YoNEebopsgnPqbAg9BMrw4OlablYezzrqWyuoLLcsBihmr8jr+Rv8vDiJK+hhZNB8URic9PTHOW2flIrvRgDd4wfXEHUNrOLMMGl2DwYf6X9cZrVw77g2OZoU1PWeFX4mPBS8smCKxM0dtKuQvguJ/eyTxppR0Cze7C7gtfL+FGQKNbyhlmyV1wqUFIjfRoCK9PvTxhEYUBN8Lgkn8YPHCNnBnUA2Ksvq19mWYrBu12dfw8/da4u9waJpbQJ1jYv4CMEggq6omYqP/tIrrTHF75f9DtIjbqRPMlNumk8Hle4bKe9OZNkXtjgDqqH5tE4irOvM+i7lCKjJ3CjU/vvqQekDPf9iGAafKP2swXpeDHdR4IVfMg/LcRjSHNuWWK6EnvWo3HjtUIDy+RYGXBcawdGQpABCnjPStC/j5CwVnDRbpJrTQdR7XXKyMsjPRWIdUTAitNWn74trG1D7bSCb6nGbGXnYTc+Ba4XJGG2C2q55fMq6j6dP3xSHbVVn40yc6XfRDymueASPYT+QDSY1YjECF7F7XXpOFqJttd4LGwEjMfVGk6o6yk5f3efdf+t1/x1NePsCFwvHPphVncTXqRV650j8QeKdaH4KzCEBjjygRgMQNPXmdWgYHcZPvY5b5fMUydw3nKqNlB4eimqSwLcX18Ew5DFmjcQ9P4T63BArnuSv5fV/go53Bj0z2JvYCPEVNy3phh+Pc4/l8II7Z3Gg3pXTcrYlrhW/DS9ICvK5KcuFjeGn9uqh6fD78MbdvH+8mRaYggJpiK2R6g37ZEL39e3Uz8v8+SQudnnzOD8dBR9Mg4Zn/lWEkBUlv3
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM5PR2201MB16431ECC2B24202905CFF810998C9DM5PR2201MB1643_"
MIME-Version: 1.0
X-OriginatorOrg: ra.rockwell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR2201MB1643.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ab372d35-68ae-4e0e-ad1f-08d8cee1fae1
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2021 23:08:44.4193 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 855b093e-7340-45c7-9f0c-96150415893e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vG0fGDpJC2gXYm3TA0QUf6xxrl4DX53p08zIXEge3PyIRaFk3GW5kVC5tbcgnnFaB6CN7V0oE4ipYFsPaDIHZ7+AXQnHdVFlLrjVywf/B4Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR22MB1785
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kiglcshxLKMqY-YwjsDolzXIUEg>
Subject: Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 23:08:49 -0000

Hi Eric,

I don’t have numbers offhand but I will say that many platforms I have experience with have some sort of HW support, and might include things like DMA. In these cases ChaCha20-Poly1305 is way behind in terms of performance (which is expected as I believe it was mainly targeted to software-only implementations).

I’ll anticipate that someone might ask if GCM is not better that SHA-256 with hardware support, and of course I will have to say it depends on the platform. For some cases it will be, and others it will not. Here is a link to some performance numbers which show SHA-256 is faster than GCM https://www.ti.com/lit/an/swra667/swra667.pdf?ts=1613069390182. In other cases GCM may not be supported on a platform but SHA256 is, of course that’s kind of a strawman but it could occur.

Note I am not endorsing this platform or affiliated with it in any way, just want to give an example. And it really is just an example, sorry to repeat again but I just want to drive home the point that YMMV on things like this.

Thanks,

--Jack


From: Eric Rescorla <ekr@rtfm.com>
Sent: Thursday, February 11, 2021 2:51 PM
To: Jack Visoky <jmvisoky@ra.rockwell.com>
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>; TLS@ietf.org
Subject: Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites



On Thu, Feb 11, 2021 at 11:13 AM Jack Visoky <jmvisoky@ra.rockwell.com<mailto:jmvisoky@ra.rockwell.com>> wrote:
Hi John, Eric,

Thanks for the input. We will certainly make some changes to the draft regarding the inspection case. However, I can’t support removing the performance/latency information completely, as I have heard from those who have this very concern. That said, we will edit the language to make it clear that this is not true in all cases.

Well, the draft just claims that there are latency concerns, but doesn't present details. If you want to make this case, it would be helpful to present performance numbers that show that these ciphersuites are substantially faster than the alternative algorithms (in particular ChaCha20/Poly1305) which is quite fast on many low end platforms.

-Ekr

v2.23.0 | Report a Bug | By Email