IETF Logo Mail Archive

Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites

Ben Schwartz <bemasc@google.com> Tue, 09 February 2021 15:57 UTC

Return-Path: <bemasc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F1753A0E8D for <tls@ietfa.amsl.com>; Tue, 9 Feb 2021 07:57:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0cSNt0MKAkE for <tls@ietfa.amsl.com>; Tue, 9 Feb 2021 07:57:20 -0800 (PST)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53A513A0E87 for <tls@ietf.org>; Tue, 9 Feb 2021 07:57:20 -0800 (PST)
Received: by mail-io1-xd35.google.com with SMTP id s24so19262384iob.6 for <tls@ietf.org>; Tue, 09 Feb 2021 07:57:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oLO8TcAsjJ0b/nWGyoi8oWsbX//VmtFDX+mwoxCUJUs=; b=tkKsE1ZkYCSBHWCcuIHkFihSwytDbmy+9bXGAVw4uMWZlvbsP7SbAJhbtC25rq3Dm9 aRjpXY0d50ZrzdilB1KSzgB5PokCFf60XFeBBbKgDQqsNDgc/g7c8A7aFcHORDKi8RQQ qa/bKCNYruqaX2gbV0dRsj+hCqyqkfZB12Qb/w319p7mO6l0HPXuex1aLGibKNMSylez 6OWrB1IjYLIyJYMzyMYxQWmL2vFwaGpnxjkbikjTNY53r97RlJaIIZQy+8Dqv66IdC5p 0ZWCj8YkekHxjANBflybHGaW1YFu5rd38KW/tX6oI7Eb33U1M4NxahJhGlXuZKj6egRr +GDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oLO8TcAsjJ0b/nWGyoi8oWsbX//VmtFDX+mwoxCUJUs=; b=BU/AQDeXHNOaw/T5GDIey8h/LVyscM8CgYBqsNiqFmhjNkPvlTM7Ba0XkX6mlsU/37 u9TfdI/g7ql4DGfyiORw2fX+NYOXFxWonVWGYeMjsgXRfvnXdePU5Pi96qMnx6kVcHDX lpabkbAX2SGm1Rk1DjjcO/jXMAvPHlYD/htAJyWOZjKBi3Sg/wc5Bcra8Gzl6dVuKaE9 3OqohNb43UOjMSPzGTy38waHL3YuuFtPOnhlmEQtRdRM+NjKAdfZUQBfGEww0uf0l4qt Dr4F9zqUdKy6pq2tAwQVBCPlqcxYE0ka+EADlfNHwdfv5Qj9akU86GIxTSgsl0yYvfEy uivA==
X-Gm-Message-State: AOAM5313Y61s7UffzapYy3EOoKLs9dcgKOa4+M8RActgurzvfSGkEi8a 22QNPJtDSwb4fUu2WRtjkRwXloFRknJop0yIiE4vXRxy07hhVg==
X-Google-Smtp-Source: ABdhPJzNzpKvrkjVQo7KFrQPM3BUowO/RohiLYwKCVd2rlpomomZgLy09eTrjOps+GY1jXeMinlYgon4NeHfR2LLsmg=
X-Received: by 2002:a05:6602:24cb:: with SMTP id h11mr19989234ioe.79.1612886239305; Tue, 09 Feb 2021 07:57:19 -0800 (PST)
MIME-Version: 1.0
References: <CA+_8xu03uCNW+TAgbkL2f0pfredw21Kam5c6UdAGbdQE6a+d_w@mail.gmail.com> <DM5PR2201MB1643A9CE6A15BC5C5B8FA4B399B29@DM5PR2201MB1643.namprd22.prod.outlook.com> <CAHbrMsA5wyaAfsHrOjQmw89KhZAQCvut4aw=temu5d+TOsby4Q@mail.gmail.com> <1612831271487.22543@cs.auckland.ac.nz>
In-Reply-To: <1612831271487.22543@cs.auckland.ac.nz>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 09 Feb 2021 10:57:08 -0500
Message-ID: <CAHbrMsA_RngkJcFgJfBVdXOaYtR-k0690TN1Q670-z-8AJ+H+w@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Jack Visoky <jmvisoky@ra.rockwell.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000061240d05bae95792"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/CwLfwGy1sZawQ5Xf6cG5yjrjEXw>
Subject: Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2021 15:57:22 -0000

Hardware support for AES but not SHA2 is extremely common.  For devices
without acceleration, ChaCha20-Poly1305 is likely to be faster than SHA256
(e.g. according to https://www.bearssl.org/speed.html).

Unless your device has hardware offload for SHA256 but _not_ for AES (a
rare combination), you can likely do AEAD faster than these integrity-only
ciphersuites.  The draft implies that performance ("latency", "processing
power") is a motivation for using these ciphers.  (It also mentions
"runtime memory footprint" and "the need to minimize the number of
cryptographic algorithms used", which are separate considerations.)

On Mon, Feb 8, 2021 at 7:41 PM Peter Gutmann <pgut001@cs.auckland.ac.nz>
wrote:

> Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> writes:
>
> >If you are updating the text, I would recommend removing the claim about
> >performance.  In general, the ciphersuites specified in the text are
> likely
> >to be slower than popular AEAD ciphersuites like AES-GCM.
>
> Uhh... when is AES-GCM faster than SHA2, except on systems with hardware
> support for AES-GCM and no hardware support for SHA2?
>
> Peter.
>
>
>
>

v2.23.0 | Report a Bug | By Email