Re: [TLS] draft-ietf-tls-rfc8446bis - Security propterites - Protection of endpoint identities
Ben Smyth <research@bensmyth.com> Wed, 10 February 2021 14:01 UTC
Return-Path: <research@bensmyth.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28A853A107C for <tls@ietfa.amsl.com>; Wed, 10 Feb 2021 06:01:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bensmyth.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3pzF4cCQaRmg for <tls@ietfa.amsl.com>; Wed, 10 Feb 2021 06:01:06 -0800 (PST)
Received: from 4.smtp.34sp.com (4.smtp.34sp.com [IPv6:2a00:1ee0:2:5::2eb7:8d2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 944E33A1073 for <tls@ietf.org>; Wed, 10 Feb 2021 06:00:49 -0800 (PST)
Received: from smtpauth5.mailarray.34sp.com (lvs5.34sp.com [46.183.13.73]) by 4.smtp.34sp.com (Postfix) with ESMTPS id D359FBA0422 for <TLS@ietf.org>; Wed, 10 Feb 2021 14:00:40 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bensmyth.com; s=dkim; t=1612965640; bh=hfAzmMXJwgRsSdvjTkn6wwybOmuplcHYy1QBH0+QSd0=; h=References:In-Reply-To:Reply-To:From:Date:Subject:To:Cc; b=Zon7dbfcma5kvwwlgE6Wsh4/RW0GiuqeIAjZ0xsMHvDa/3vQN8Ac4z4zLWnncR1h2 TuvCXhRKFrbgOMYHVmwK6pD7b5AkNPnH/Oja1raYNnCyVp2Mht9GPsmkAIl6r9A1AZ OBKMttaGlv5gl1mJ9MYJyi5+tsEHGC39bILLFI/8=
Received: from mail-vs1-f49.google.com ([209.85.217.49]:34935) by smtpauth5.mailarray.34sp.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <research@bensmyth.com>) id 1l9q2q-0002iL-LF for TLS@ietf.org; Wed, 10 Feb 2021 14:00:40 +0000
Received: by mail-vs1-f49.google.com with SMTP id u7so1111266vsp.12 for <TLS@ietf.org>; Wed, 10 Feb 2021 06:00:40 -0800 (PST)
X-Gm-Message-State: AOAM533i0h5biEjMDhJjJMbKF6JMSFtSpwQBl1TyGbtr1EWf5W/B8J1+ B8iXCFsrr4DOdqmPxuZYUiJ4EsYOn7aHs7UQIUI=
X-Google-Smtp-Source: ABdhPJxMMhrV18kvXiuFq0SB8RO6BuF/WX0vr54LssBHrei5RSL0OZrMg438maAyP4UK0R1+3tRnLGdeYXN1PhRA6cE=
X-Received: by 2002:a67:fd9a:: with SMTP id k26mr1900346vsq.37.1612965639407; Wed, 10 Feb 2021 06:00:39 -0800 (PST)
MIME-Version: 1.0
References: <2CBD606F-E391-47DD-AEBB-1673D57752D3@ericsson.com> <CA+_8xu06Aq=bGuP6iJ9g=wVoA-L2aW-3HLfMJctbKpLBw9Ou_w@mail.gmail.com>
In-Reply-To: <CA+_8xu06Aq=bGuP6iJ9g=wVoA-L2aW-3HLfMJctbKpLBw9Ou_w@mail.gmail.com>
Reply-To: research@bensmyth.com
From: Ben Smyth <research@bensmyth.com>
Date: Wed, 10 Feb 2021 15:00:13 +0100
X-Gmail-Original-Message-ID: <CA+_8xu19_ZpYheMh0RQipEFw0-z5ZxBwFCZRgerBX7gLGx9gaw@mail.gmail.com>
Message-ID: <CA+_8xu19_ZpYheMh0RQipEFw0-z5ZxBwFCZRgerBX7gLGx9gaw@mail.gmail.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Cc: "<tls@ietf.org>" <TLS@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f8cc9505bafbd3f8"
X-Authenticated-As: f594447444afb5e8e542d6cd3ee989c5ad593da02deb40a8d61181d2a2c508bd
X-OriginalSMTPIP: 209.85.217.49
X-34spcom-MailScanner-Information: Please contact the ISP for more information
X-34spcom-MailScanner-ID: D359FBA0422.A608B
X-34spcom-MailScanner: Found to be clean
X-34spcom-MailScanner-SpamCheck: not spam, SpamAssassin (score=-11.1, required 6.5, autolearn=disabled, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_MESSAGE 0.00, SPF_PASS -0.00, X34SP_ALLOW_GMAIL_EVEN_IF_BLACKLISTED -10.00, X34SP_OVERRIDE -1.00)
X-34spcom-MailScanner-From: research@bensmyth.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/E36zW7MmAy4vO_0VMNYSmNSAwtI>
Subject: Re: [TLS] draft-ietf-tls-rfc8446bis - Security propterites - Protection of endpoint identities
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2021 14:01:10 -0000
On Wed, 10 Feb 2021 at 12:09, Ben Smyth <research@bensmyth.com> wrote: > On Wed, 10 Feb 2021, 10:19 John Mattsson, <john.mattsson= > 40ericsson.com@dmarc.ietf.org> wrote: > >> I think RFC8446bis needs to state that this property only holds for >> cipher suites with confidentiality. >> > > All cipher suites defined by RFC8446bis (Appendix B.4) provide > confidentiality. The property always holds. > Given that Appendix C.5 discusses unauthenticated cipher suites, perhaps Appendix B.4 could be extended as follows: Previous versions of TLS explicitly offered a null cipher (wherein encryption consists of the identity operation, i.e., the data is not encrypted). These modes have been deprecated in TLS 1.3. (At least, that's my understanding.)
- [TLS] draft-ietf-tls-rfc8446bis - Security propte… John Mattsson
- Re: [TLS] draft-ietf-tls-rfc8446bis - Security pr… Ben Smyth
- Re: [TLS] draft-ietf-tls-rfc8446bis - Security pr… Ben Smyth
- Re: [TLS] draft-ietf-tls-rfc8446bis - Security pr… Salz, Rich
- Re: [TLS] draft-ietf-tls-rfc8446bis - Security pr… Eric Rescorla
- Re: [TLS] draft-ietf-tls-rfc8446bis - Security pr… John Mattsson