Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
Ira McDonald <blueroofmusic@gmail.com> Thu, 11 February 2021 15:45 UTC
Return-Path: <blueroofmusic@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50B403A16D3 for <tls@ietfa.amsl.com>; Thu, 11 Feb 2021 07:45:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WebSt-fwhKnn for <tls@ietfa.amsl.com>; Thu, 11 Feb 2021 07:45:52 -0800 (PST)
Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80B193A16D1 for <tls@ietf.org>; Thu, 11 Feb 2021 07:45:52 -0800 (PST)
Received: by mail-vs1-xe2c.google.com with SMTP id u7so3181412vsp.12 for <tls@ietf.org>; Thu, 11 Feb 2021 07:45:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=C7g+zz0PfSbD3r0HzsrecCvpIiFf9JJcFirBxkIc720=; b=IVulEbK74SSrNFIFVy0DbtetbtCnmJj6uwvPA7V6w7WneO/hcgaEdIggTNEYAeW5S6 bo9qpKdnQZVqWTaO8WId+ZMqANugk+6zBpRGumm4M74LKVjuataTMFZV8FPMdzY2X65M wPNd+i9FPBMs4aaxMo0cAqStOmUKWPcSv61cgkLeHmY4zjmPrgJAVtXjHMG20gchvo0F teRTYncJ579Xd+yryL+QAogad+eB6WxuA8R2zZHvwTriYIb5StZK7l+5Huxf0rgLh8Zl FE68sZq21o/4XzbRMOerMwNUZ/YPak0FmIV5VULdUORCwhMzROmFOQunQtOprNjDkg9T YEQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C7g+zz0PfSbD3r0HzsrecCvpIiFf9JJcFirBxkIc720=; b=XbCYiWnGQbfJDql+dD+ZxM/9GLRapTdxa5y+qfZiLME92B/atoovp3xnBGIsuNn7TX dnaPLgHE3NkUwd9GGgYFiLOaEtw1W7m+tD+LmblVcNSH3+4Ck9ulwUdGeEdbPZfXHRTF cHjUesSdlIHnm6jEOZ9CljK9ULly4QGZ66A2KNl53pBzzRgq6hY5SR78LyVUHj7K2ghe V+Rb0e5+hzGDFzuUwAceNxnUWAUTwvJFiyfQB6+PJLCvXpadpJ75SHlduB/faqTqpszV AICVDP3bkdjUoKWHfNkySICXc/qmfRvZMm+7sj5fZrNDpHUKW0aR6MC51pfnZkAvL8CK 62uQ==
X-Gm-Message-State: AOAM531W/ygQ4UBba0+4yf7hugM2hLLtgwG22OmppsComLOFndZ8sUud eIKllhh9GfS5L122+YJRoIL2xQIcJxUqJoDlOe4=
X-Google-Smtp-Source: ABdhPJw8DJhG7RK/mTyPIsgVzWVN47d2z31Xh5GAd+/LV/MX4nQ/v4V5YfLAoO8xiGcvVLCIlfGDqSl8ImYk9Il4EvA=
X-Received: by 2002:a67:6a42:: with SMTP id f63mr5535016vsc.55.1613058351625; Thu, 11 Feb 2021 07:45:51 -0800 (PST)
MIME-Version: 1.0
References: <r480Ps-10146i-B7644173C08B43338EC7C1E5C57FE8C4@Williams-MacBook-Pro.local>
In-Reply-To: <r480Ps-10146i-B7644173C08B43338EC7C1E5C57FE8C4@Williams-MacBook-Pro.local>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Thu, 11 Feb 2021 10:45:36 -0500
Message-ID: <CAN40gSvbqm1EgJrjjXzRvyLt7ud6kYQJYkmL1PDcBOGN7muz_g@mail.gmail.com>
To: Bill Frantz <frantz@pwpconsult.com>, Ira McDonald <blueroofmusic@gmail.com>
Cc: IETF TLS WG <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000cfb3505bb116a41"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6l-zXurKPSlTFWEEV6iIyziD-Po>
Subject: Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 15:45:54 -0000
Hi, I agree with Bill. Keeping confidentiality in all TLS/1.3 connections is future proofing. Supposedly analyzing and then leaving confidentiality out invites future attacks. Cheers, - Ira On Thu, Feb 11, 2021 at 9:56 AM Bill Frantz <frantz@pwpconsult.com> wrote: > On 2/11/21 at 9:01 PM, rsalz=40akamai.com@dmarc.ietf.org (Salz, > Rich) wrote: > > >>I would just like to recognize that there are some situations where it > isn't needed. > > > >Can you explain why TLS 1.2 isn't good enough for your needs? > > In my experience, there are many attacks that aren't anticipated > by the designers, but are successful. How can anyone know that > you don't need privacy? > > Back in the dark ages, I was working with a protocol which > provided the same basic assurances as TLS does: confidentiality, > authentication, and integrity. It and TlS also provide some > other important assurances, such a one-time, in order delivery, > which we also depended on. When we looked at a similar protocol > which didn't provide confidentiality, we discovered that there > was application level data that needed to be kept secret or the > application's assurances would be violated. > > In all honesty, it's probably cheaper to just provide > confidentiality than it is to do the analysis and protocol > proofs to show you don't need it. > > Cheers - Bill > > -------------------------------------------------------------- > Bill Frantz | There are now so many exceptions to the > 408-348-7900 | Fourth Amendment that it operates only by > www.pwpconsult.com | accident. - William Hugh Murray > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] TLS 1.3 Authentication and Integrity only C… Ben Smyth
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Ben Schwartz
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Peter Gutmann
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Ben Schwartz
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… John Mattsson
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Stephen Farrell
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Salz, Rich
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Stephen Farrell
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Rob Sayre
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Salz, Rich
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Viktor Dukhovni
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Stephen Farrell
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Benjamin Kaduk
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… John Mattsson
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Bill Frantz
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Ira McDonald
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Eric Rescorla
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Eric Rescorla
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Eric Rescorla
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… John Mattsson