Re: [TLS] integrity only ciphersuites
"Salz, Rich" <rsalz@akamai.com> Tue, 21 August 2018 15:52 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E973F130F14 for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 08:52:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zLxAz2lIjZn4 for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 08:52:53 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21997130F07 for <tls@ietf.org>; Tue, 21 Aug 2018 08:52:53 -0700 (PDT)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7LFpbKF006001; Tue, 21 Aug 2018 16:52:40 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=9GTQIBYWIRQIt1FHaIj5gQwE75M2tKWDy7QT5OHH+Xo=; b=nfT9gRsXgziaFoKA+aTHvz8Oh46cip6TJHy7ACW8QyLdLxxD8YTpKzKD5Yiu84Gviby8 nhJYpRQv2WKNrOW8R1XdGsdQ9yFR3AFE4fR3bz8ckIUb0G/UVChAKiJS3gusfJOJp6Xk x55L7FRHXvIOHhL+4UNxQjR5XpU/N5hawVpiIKirhhZKiskkth7Ir015/gimiT7hXQnj tQ7DEPcY23z+TfZLWz3MLJyfiuw2rF9TQHX535sqLwH0j3e0I/WPrj6g/BRXCEvEU0qA mVUYtD08MKCu0/n4gxLe3zWkvOmHJHpBtEkJGuqP3ZNG/jxF2E75GVMAtycXbIyl8V4i dw==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by mx0a-00190b01.pphosted.com with ESMTP id 2kxbgfgf7w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Aug 2018 16:52:40 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w7LFnkow006774; Tue, 21 Aug 2018 11:52:39 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.53]) by prod-mail-ppoint2.akamai.com with ESMTP id 2kxesuf0dn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 21 Aug 2018 11:52:39 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 21 Aug 2018 11:52:38 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Tue, 21 Aug 2018 11:52:38 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "Fries, Steffen" <steffen.fries@siemens.com>, Andreas Walz <andreas.walz@hs-offenburg.de>, "tls@ietf.org" <tls@ietf.org>
CC: "ncamwing=40cisco.com@dmarc.ietf.org" <ncamwing=40cisco.com@dmarc.ietf.org>
Thread-Topic: [TLS] integrity only ciphersuites
Thread-Index: AQHUOMcWIQ0ztQCz9UKccOekmBKud6TKWVQAgAAIAoCAABIwgIAABf+AgAAjtwD//78uAA==
Date: Tue, 21 Aug 2018 15:52:38 +0000
Message-ID: <A51CF46A-8C5F-4013-A4CE-EB90A9EE94CA@akamai.com>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <64d23891-2f32-9bb8-1ec8-f4fad13cdfb9@cs.tcd.ie> <982363FD-A839-4175-BA53-7CA242F9ADA6@ll.mit.edu> <2D7F2926-6376-4B2C-BDE9-7A6F1C0FA748@gmail.com> <5B7C1571020000AC0015C330@gwia2.rz.hs-offenburg.de> <E6C9F0E527F94F4692731382340B337804AEFA24@DENBGAT9EH2MSX.ww902.siemens.net>
In-Reply-To: <E6C9F0E527F94F4692731382340B337804AEFA24@DENBGAT9EH2MSX.ww902.siemens.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.0.180812
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.35.74]
Content-Type: multipart/alternative; boundary="_000_A51CF46A8C5F4013A4CEEB90A9EE94CAakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-21_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=708 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808210165
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-21_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=690 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808210165
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/CIiVi_iPHXgPIPVfgsMFkRgOfvI>
Subject: Re: [TLS] integrity only ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 15:52:54 -0000
* If there would be support for integrity ciphers in TLS 1.3 it would enable the straight forward switch from TLS 1.2 also in these environments by keeping existing monitoring options. Why do you want to move to TLS 1.3? Why isn’t your existing solution good enough?
- [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Eric Rescorla
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Eric Rescorla
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] integrity only ciphersuites Mike Bishop
- Re: [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Judson Wilson
- Re: [TLS] integrity only ciphersuites Geoffrey Keating
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Lyndon Nerenberg
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Judson Wilson
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Peter Gutmann
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Viktor Dukhovni
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Judson Wilson
- Re: [TLS] integrity only ciphersuites Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] integrity only ciphersuites Viktor Dukhovni
- Re: [TLS] integrity only ciphersuites Kathleen Moriarty
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Bill Frantz
- Re: [TLS] integrity only ciphersuites Andreas Walz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Richard Barnes
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] integrity only ciphersuites Ted Lemon
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Stephen Farrell
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] integrity only ciphersuites Bill Frantz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Viktor Dukhovni
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Eric Rescorla
- Re: [TLS] null auth ciphers for TLS 1.3? Viktor Dukhovni
- Re: [TLS] null auth ciphers for TLS 1.3? Eric Rescorla
- Re: [TLS] null auth ciphers for TLS 1.3? David Benjamin
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] integrity only ciphersuites Martin Thomson
- Re: [TLS] null auth ciphers for TLS 1.3? Peter Gutmann
- Re: [TLS] integrity only ciphersuites Peter Gutmann
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Peter Gutmann
- Re: [TLS] raw public keys in the wild? Viktor Dukhovni
- Re: [TLS] raw public keys in the wild? Peter Gutmann
- Re: [TLS] null auth ciphers for TLS 1.3? Wang Haiguang
- Re: [TLS] null auth ciphers for TLS 1.3? Bill Frantz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] raw public keys in the wild? Richard Barnes
- Re: [TLS] raw public keys in the wild? Viktor Dukhovni