IETF Logo Mail Archive

Re: [TLS] EXTERNAL: Re: integrity only ciphersuites

Jack Visoky <jmvisoky@ra.rockwell.com> Tue, 21 August 2018 17:53 UTC

Return-Path: <jmvisoky@ra.rockwell.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F005F130F50 for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 10:53:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bMmst8RmPGGZ for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 10:53:19 -0700 (PDT)
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-eopbgr710080.outbound.protection.outlook.com [40.107.71.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E615130F52 for <tls@ietf.org>; Tue, 21 Aug 2018 10:53:19 -0700 (PDT)
Received: from DM5PR2201MB1433.namprd22.prod.outlook.com (10.174.186.154) by DM5PR2201MB1483.namprd22.prod.outlook.com (10.174.187.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1059.24; Tue, 21 Aug 2018 17:53:18 +0000
Received: from DM5PR2201MB1433.namprd22.prod.outlook.com ([fe80::49f1:7875:b984:9a65]) by DM5PR2201MB1433.namprd22.prod.outlook.com ([fe80::49f1:7875:b984:9a65%2]) with mapi id 15.20.1059.023; Tue, 21 Aug 2018 17:53:18 +0000
From: Jack Visoky <jmvisoky@ra.rockwell.com>
To: Ted Lemon <mellon@fugue.com>
CC: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "Fries, Steffen" <steffen.fries@siemens.com>, "ncamwing=40cisco.com@dmarc.ietf.org" <ncamwing=40cisco.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] EXTERNAL: Re: integrity only ciphersuites
Thread-Index: AQHUOXX4D/UPTTu0A0yVJYh9fFiMkqTKfBBA
Date: Tue, 21 Aug 2018 17:53:17 +0000
Message-ID: <DM5PR2201MB14337FB5126A11B21CA6532699310@DM5PR2201MB1433.namprd22.prod.outlook.com>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <64d23891-2f32-9bb8-1ec8-f4fad13cdfb9@cs.tcd.ie> <982363FD-A839-4175-BA53-7CA242F9ADA6@ll.mit.edu> <2D7F2926-6376-4B2C-BDE9-7A6F1C0FA748@gmail.com> <5B7C1571020000AC0015C330@gwia2.rz.hs-offenburg.de> <E6C9F0E527F94F4692731382340B337804AEFA24@DENBGAT9EH2MSX.ww902.siemens.net> <A51CF46A-8C5F-4013-A4CE-EB90A9EE94CA@akamai.com> <E6C9F0E527F94F4692731382340B337804AEFB10@DENBGAT9EH2MSX.ww902.siemens.net> <D5FF0E0E-F9C3-4843-AB77-19F45E3C00D5@akamai.com> <8A2746A8-6B41-45C3-9D77-6AF3536C6E2D@siemens.com> <B91DE602-C4C2-4A20-9D18-8AE676D3ED2D@akamai.com> <DM5PR2201MB143394A86DA30B3A98D4FC3A99310@DM5PR2201MB1433.namprd22.prod.outlook.com> <CAPt1N1kOmemXAxSiZWhFYdeDL=5RkBzeEPc=r3k6E5WmAUgbQw@mail.gmail.com>
In-Reply-To: <CAPt1N1kOmemXAxSiZWhFYdeDL=5RkBzeEPc=r3k6E5WmAUgbQw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jmvisoky@ra.rockwell.com;
x-originating-ip: [205.175.250.246]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2201MB1483; 6:j7n65KwBGjBD32WrX7nORq++WrKyU9a/TNfGt0vYEQZKsqv+AueqkM8ZqTQb5KD+rWLwQJTi6sUcfitRfih25jFFO/K5CxPEbn/sHsl/QSli950moZ1FJ22UF4WEMZ7X8UhjL2m8sIYC8+pHgyKwcJUY2mD5m4GVHO0FzzuR6jm0bjKkRt8ka/IWDaBHOdNlNGF984n4iPU8h7HXZLT2/oz8SdCgyAn1ZaUyBKI7cz+CptfRWRKCJVTCidhMAr4igOGWGUaDRfYcaUz30ePRfgCoGqwqOHg0J9wVNo7/5Rp4x16ezmlykZaLsUTi5zTsqkGkjTpC0rYG6PeLSgMOS/5yPRsibrp5OZLhq0r9XEZRfo81CmSKcXjMBJPXSv24XsvphxPui5ONzq4lX93iK1wZKBLqsij6j8bUqPk1NqqTc5w0zv6nLPA5VUDof7w23KRwvyqCDiXdho99dle6rw==; 5:NRymkT8Oq9We+Iqt3V/JETutigIDBNiiYl3I2BlmdhMBdSQ71ugZR7oIZNs9pm16ofm+X1QTD0dZVP1BgojsXLK53FZZRaulhiyo6gIiPZ2kjkNKHkhl9xLezyZfmO129K78Nx/dhWEfVNhPYV4yJ9A1Ciwwv1zlmljD3M5S5Fo=; 7:srUTylIg6CiOQbjkgh7Fok5afwBe/wpW3wQzt18dyJnpjUJwaidZraiOvzLdCSQMSzUWbZ31npfGVzlfSiW2pjJYJPxwGcuV1RKYOAvLZVkAVvTNGr2p2rEjGl8OENFXeqF3lZSyOSrI7jHgmWlg8P7vbgWfSZxpI5pgfw2x90nsRlQeKwbvhqACzsdxXBaYBPFya+uHUvQtGX0nnM9dLwiV8ClRTuvjm22DJ2lR7jdXl4ppZy4/sOCu7F69664P
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 017c74ce-706e-491b-4359-08d6078efa00
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM5PR2201MB1483;
x-ms-traffictypediagnostic: DM5PR2201MB1483:
x-microsoft-antispam-prvs: <DM5PR2201MB1483A69BB64646EE032FDA4099310@DM5PR2201MB1483.namprd22.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(181554191321653)(269231077054813)(126837547833334)(21748063052155)(33711482430040);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3231311)(944501410)(52105095)(3002001)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(201708071742011)(7699016); SRVR:DM5PR2201MB1483; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2201MB1483;
x-forefront-prvs: 0771670921
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(396003)(136003)(366004)(199004)(189003)(6246003)(8676002)(4326008)(97736004)(86362001)(186003)(606006)(54906003)(3846002)(316002)(6116002)(25786009)(2900100001)(8936002)(99286004)(2906002)(790700001)(81166006)(76176011)(9326002)(93886005)(7696005)(446003)(33656002)(6916009)(105586002)(102836004)(6436002)(106356001)(81156014)(53546011)(68736007)(476003)(11346002)(229853002)(5250100002)(53936002)(486006)(74316002)(14454004)(7736002)(9686003)(54896002)(6306002)(236005)(966005)(6506007)(55016002)(256004)(19609705001)(14444005)(26005)(66066001)(5024004)(478600001)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR2201MB1483; H:DM5PR2201MB1433.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ra.rockwell.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 5+/AnTkxreLtqkQOd9EbL6G+UQ4gRAT4Pmg/A3trQUH2OLt0dohozXewGgmV149t8F+N4NnSF7SNsNJZ2ZzdOBCtQTY0b4UsqQrYsXS97GHy1hewe+ag8ORzM2eHvgkzp1hPNQvHLtg/0QNIviYsWRM5pK7WCvq/b+lgJbvj4P/igh/x+xaYDLtTt/8zY752gisZasPiwVqUxrbLuvY5N5U0hwfELrEH9Ffv0w74JsCrofoLLiuKrcGB6MJJ98otX5Pc+s7IQvifvKRiA6KitLpHL1txBWT9PIomCqpgn0Q4yT+VMR7UBfF1WrkDsPpFWF6c1TMUDWnIDcAwzrl/KumysfCXYVaz4C+JvF0TwuM=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR2201MB14337FB5126A11B21CA6532699310DM5PR2201MB1433_"
MIME-Version: 1.0
X-OriginatorOrg: ra.rockwell.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 017c74ce-706e-491b-4359-08d6078efa00
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2018 17:53:17.9234 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 855b093e-7340-45c7-9f0c-96150415893e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2201MB1483
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iDB5aw2RwncZzK9WIMkd9N5jqRY>
Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 17:53:35 -0000

Hi Ted,

A few points:


1.       Don’t assume there is any browser involved.  There is often no browser.

2.       Even if there is a browser (and see point 1 before assuming) any HTTP communication would be at a much much slower rate than machine to machine I/O

Hope that clears it up.

Thanks and Best Regards,

--Jack

From: Ted Lemon [mailto:mellon@fugue.com]
Sent: Tuesday, August 21, 2018 1:39 PM
To: Jack Visoky <jmvisoky@ra.rockwell.com>
Cc: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>; Fries, Steffen <steffen.fries@siemens.com>; ncamwing=40cisco.com@dmarc.ietf.org; tls@ietf.org
Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites

If the device implements the cipher so as to talk to the browser, it's clearly capable of implementing the cipher...

On Tue, Aug 21, 2018 at 1:34 PM, Jack Visoky <jmvisoky@ra.rockwell.com<mailto:jmvisoky@ra.rockwell.com>> wrote:
Hi Rich,

I’m not sure if I’m following the question, but what was meant was that these ciphers are generally NOT used for browser access.  Machine to machine communication usually does not involve a browser.  Apologies if I’ve misunderstood the question.

Thanks and Best Regards,

--Jack

From: TLS [mailto:tls-bounces@ietf.org<mailto:tls-bounces@ietf.org>] On Behalf Of Salz, Rich
Sent: Tuesday, August 21, 2018 1:12 PM
To: Fries, Steffen <steffen.fries@siemens.com<mailto:steffen.fries@siemens.com>>
Cc: ncamwing=40cisco.com@dmarc.ietf.org<mailto:40cisco.com@dmarc.ietf.org>; tls@ietf.org<mailto:tls@ietf.org>
Subject: EXTERNAL: Re: [TLS] integrity only ciphersuites


[Use caution with links & attachments]


Now I think I am as confused as Stephen and others.

One justification was “small footprint.”  But now you’re saying that for debugging encryption (standard?) ciphers are used for browser access?


_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email