Re: [TLS] EXTERNAL: Re: Authentication Only Ciphersuites RFC
Hanno Böck <hanno@hboeck.de> Wed, 27 February 2019 09:31 UTC
Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B97C5130E6E for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 01:31:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id stDFxYXBILF9 for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 01:31:27 -0800 (PST)
Received: from zucker2.schokokeks.org (zucker2.schokokeks.org [178.63.68.90]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E946C130E8C for <tls@ietf.org>; Wed, 27 Feb 2019 01:31:26 -0800 (PST)
Received: from computer ([2a02:8109:83c0:4bfd:dc27:39b2:705d:72e7]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1.3, 256bits, TLS_AES_256_GCM_SHA384) by zucker.schokokeks.org with ESMTPSA id 000000000000005F.000000005C7658EC.0000276B; Wed, 27 Feb 2019 10:31:24 +0100
Date: Wed, 27 Feb 2019 10:31:23 +0100
From: Hanno Böck <hanno@hboeck.de>
To: Jack Visoky <jmvisoky@ra.rockwell.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Message-ID: <20190227103123.3b2af774@computer>
In-Reply-To: <BN6PR2201MB1092253ADEAB76CD72B8976D997B0@BN6PR2201MB1092.namprd22.prod.outlook.com>
References: <BN6PR2201MB1092B0FAD8AB0334CF151996997B0@BN6PR2201MB1092.namprd22.prod.outlook.com> <20190226220335.0d75968f@computer> <BN6PR2201MB1092253ADEAB76CD72B8976D997B0@BN6PR2201MB1092.namprd22.prod.outlook.com>
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9EU_QzzPJ_CW8v0L-Bh_9K-vvLI>
Subject: Re: [TLS] EXTERNAL: Re: Authentication Only Ciphersuites RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 09:31:30 -0000
Hi, On Tue, 26 Feb 2019 21:26:45 +0000 Jack Visoky <jmvisoky@ra.rockwell.com> wrote: > We have done tests on this and it there is a difference. Have these tests in any way been published? Because otherwise it's a very weak argument. There are some obvious questions, e.g.: * What algorithm implementation was tested, was it optimized for the architecture in question and was it considered whether the optimization could be improved or maybe even whether already a more optimized implementation exists? * Have you tried both AES and chacha20? And in both cases the most optimized implementation for the target plattform? * If the bottleneck is the cipher have you considered whether a different cipher that provides reasonable security, but can be implemented better on lightweight hardware, would be an alternative? (Not keen having that option, I believe fewer options are better.) > This probably goes without > saying but of course the best line of defense is to properly design, > build, and configure the implementation. I'm inclined to say that this is an outdated view of how to best do security in protocols. We had plenty of situations in the past where the TLS spec was a minefield of possible implementation mistakes that led to long descriptions on how to properly design things to avoid these mistakes. History shows it didn't work. (Let me just throw in "Padding Oracles" or "Bleichenbacher attacks" as very obvious examples.) My takeaway and I believe that of many people is that the protocol should avoid implementation pitfalls whereever possible. And I believe an authentication-only ciphersuite is a dangerous implementation pitfall. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
- Re: [TLS] Authentication Only Ciphersuites RFC Hanno Böck
- [TLS] Authentication Only Ciphersuites RFC Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Stephen Farrell
- Re: [TLS] Authentication Only Ciphersuites RFC Eric Rescorla
- Re: [TLS] Authentication Only Ciphersuites RFC David Wong
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Hanno Böck
- Re: [TLS] Authentication Only Ciphersuites RFC Tony Putman
- Re: [TLS] Authentication Only Ciphersuites RFC John Mattsson
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Eric Rescorla
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Salz, Rich
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Stephen Farrell
- Re: [TLS] Authentication Only Ciphersuites RFC John Mattsson
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… John Mattsson
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Stephen Farrell
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] Authentication Only Ciphersuites RFC Sean Turner
- Re: [TLS] Authentication Only Ciphersuites RFC Salz, Rich
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky