Re: [TLS] Support of integrity only cipher suites in TLS 1.3
"Fries, Steffen" <steffen.fries@siemens.com> Thu, 06 April 2017 08:07 UTC
Return-Path: <steffen.fries@siemens.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B64FB129416 for <tls@ietfa.amsl.com>; Thu, 6 Apr 2017 01:07:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.918
X-Spam-Level:
X-Spam-Status: No, score=-6.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9WhhqCttGjCK for <tls@ietfa.amsl.com>; Thu, 6 Apr 2017 01:07:57 -0700 (PDT)
Received: from lizzard.sbs.de (lizzard.sbs.de [194.138.37.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B175F128CB9 for <tls@ietf.org>; Thu, 6 Apr 2017 01:07:55 -0700 (PDT)
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id v3687oYs014816 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 6 Apr 2017 10:07:50 +0200
Received: from DEFTHW99ERIMSX.ww902.siemens.net (defthw99erimsx.ww902.siemens.net [139.22.70.134]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTPS id v3687oD3003398 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 6 Apr 2017 10:07:50 +0200
Received: from DEFTHW99EROMSX.ww902.siemens.net (139.22.70.201) by DEFTHW99ERIMSX.ww902.siemens.net (139.22.70.134) with Microsoft SMTP Server (TLS) id 14.3.339.0; Thu, 6 Apr 2017 10:07:49 +0200
Received: from DENBGAT9EH2MSX.ww902.siemens.net ([169.254.6.223]) by DEFTHW99EROMSX.ww902.siemens.net ([139.22.70.201]) with mapi id 14.03.0339.000; Thu, 6 Apr 2017 10:07:49 +0200
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: Hanno Böck <hanno@hboeck.de>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Support of integrity only cipher suites in TLS 1.3
Thread-Index: AdKsldO7ZRItAwyZRXCzcLu6YsWN5QAtyDcAADhSsSD//+begP/+6nFw
Date: Thu, 06 Apr 2017 08:07:48 +0000
Message-ID: <E6C9F0E527F94F4692731382340B337847FAF5@DENBGAT9EH2MSX.ww902.siemens.net>
References: <E6C9F0E527F94F4692731382340B337847DB9A@DENBGAT9EH2MSX.ww902.siemens.net> <20170404180838.08ca99cc@pc1> <E6C9F0E527F94F4692731382340B337847F4BE@DENBGAT9EH2MSX.ww902.siemens.net> <CABcZeBOgCKEx7a2UjkB0xe4aJuiZ=3ZVMy3KqAnrZZx_0fZUVw@mail.gmail.com>
In-Reply-To: <CABcZeBOgCKEx7a2UjkB0xe4aJuiZ=3ZVMy3KqAnrZZx_0fZUVw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [139.22.70.13]
Content-Type: multipart/alternative; boundary="_000_E6C9F0E527F94F4692731382340B337847FAF5DENBGAT9EH2MSXww9_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2XyJOGy4-8eMJkbZEzNUhTtTo-8>
Subject: Re: [TLS] Support of integrity only cipher suites in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 08:08:00 -0000
You are right, I did not take that option into account. But as you mentioned, it is non-standard and with the desire is to be interoperable as most as possible, proprietary enhancements are likely not to be favored. best regards Steffen From: Eric Rescorla [mailto:ekr@rtfm.com] Sent: Mittwoch, 5. April 2017 19:31 To: Fries, Steffen (CT RDA ITS) Cc: Hanno Böck; tls@ietf.org Subject: Re: [TLS] Support of integrity only cipher suites in TLS 1.3 Without taking a position on null cipher suites, I would observe that the new TLS IANA rules will let you register your own (non-standard, non-recommended) code points for integrity-only suites. -Ekr On Wed, Apr 5, 2017 at 10:14 AM, Fries, Steffen <steffen.fries@siemens.com<mailto:steffen.fries@siemens.com>> wrote: Adding such a mode would add additional complexity that might lead to vulnerabiltiies, e.g. implementations that can be tricked into using a nonencrypted mode. [[stf]] in principle yes, as this simplifies the configuration and policy handling. On the other hand it is a security policy point to allow certain cipher suites. It's been a trend in the tls working group to a) reduce complexity when possible. [[stf]] understood, makes operation less error prone b) not try to accomodate obscure use cases that aren't relevant for the majority of TLS use cases. [[stf]] well, as TLS is used in use cases like energy automation, industrial control, railway automation etc. there is an increasing number of use cases applying TLS and there are some, which would leverage integrity only for allowing for monitoring Thus I assume a null cipher won't find support here. If you want to have traffic inspection with TLS imho the right way is to support that at the end points (let alone any arguments why you're doing traffic inspection in the first place and whether those reasons are good ones). [[stf]] In principle yes, but the endpoints are often limited and may not support this type of functionality. Again, the traffic inspection in automation related communication is done for auditing and monitoring of the control flow. In the example of energy automation, TLS is always used with mutual authentication. So both peers know each other. If you don't like that then TLS may be not the right protocol for your use case. [[stf]] It was possible to now and it is good to rely on a protocol like TLS, which is defined and discussed in this way in the IETF. In the IEC (which is engaged I energy automation communication definition) there is the desire to use standardized security protocols available to avoid the definition of own solutions, whenever possible. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@hboeck.de<mailto:hanno@hboeck.de> GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
- [TLS] Support of integrity only cipher suites in … Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Harlan Lieberman-Berg
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Hanno Böck
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Salz, Rich
- Re: [TLS] Support of integrity only cipher suites… Eric Rescorla
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Kyle Rose
- Re: [TLS] Support of integrity only cipher suites… Peter Gutmann