IETF Logo Mail Archive

Re: [TLS] Authentication Only Ciphersuites RFC

Tony Putman <Tony.Putman@dyson.com> Wed, 27 February 2019 10:16 UTC

Return-Path: <prvs=9543b41e3=Tony.Putman@dyson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB394130EA1 for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 02:16:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Nfh-PiesmvL for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 02:16:50 -0800 (PST)
Received: from esa2.dyson.c3s2.iphmx.com (esa2.dyson.c3s2.iphmx.com [68.232.133.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 027E4130E27 for <tls@ietf.org>; Wed, 27 Feb 2019 02:16:49 -0800 (PST)
X-IronPort-SPF: SKIP
X-IronPort-AV: E=McAfee;i="5900,7806,9179"; a="46848613"
X-IronPort-AV: E=Sophos; i="5.58,419,1544486400"; d="scan'208,217"; a="46848613"
Received: from unknown (HELO uk-dlp-smtp-01.dyson.global.corp) ([62.189.202.16]) by esa2.dyson.c3s2.iphmx.com with ESMTP; 27 Feb 2019 10:17:47 +0000
Received: from uk-dlp-smtp-01.dyson.global.corp (uk-dlp-smtp-01.dyson.global.corp [127.0.0.1]) by uk-dlp-smtp-01.dyson.global.corp (Service) with ESMTP id B7083FA10; Wed, 27 Feb 2019 07:45:10 +0000 (GMT)
Received: from UK-MAL-CAS-01.dyson.global.corp (unknown [10.1.108.2]) by uk-dlp-smtp-01.dyson.global.corp (Service) with ESMTP id 9720AFA02; Wed, 27 Feb 2019 07:45:10 +0000 (GMT)
Received: from UK-MAL-OWA-02.dyson.global.corp (10.1.108.7) by UK-MAL-CAS-01.dyson.global.corp (10.1.108.2) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 27 Feb 2019 10:16:39 +0000
Received: from UK-MAL-MBOX-01.dyson.global.corp ([fe80::3975:cbc9:490b:523a]) by UK-MAL-OWA-02.dyson.global.corp ([fe80::64d5:21cc:e3cf:37f2%14]) with mapi id 14.03.0319.002; Wed, 27 Feb 2019 10:16:39 +0000
From: Tony Putman <Tony.Putman@dyson.com>
To: Jack Visoky <jmvisoky@ra.rockwell.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Authentication Only Ciphersuites RFC
Thread-Index: AdTOFIIaiE+qoBOKQdSotuuQ5A30qAAb/o5A
Date: Wed, 27 Feb 2019 10:16:39 +0000
Message-ID: <140080C241BAA1419B58F093108F9EDC5858AE40@UK-MAL-MBOX-01.dyson.global.corp>
References: <BN6PR2201MB1092B0FAD8AB0334CF151996997B0@BN6PR2201MB1092.namprd22.prod.outlook.com>
In-Reply-To: <BN6PR2201MB1092B0FAD8AB0334CF151996997B0@BN6PR2201MB1092.namprd22.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.108.27]
Content-Type: multipart/alternative; boundary="_000_140080C241BAA1419B58F093108F9EDC5858AE40UKMALMBOX01dyso_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EDuhso5kgJPfeoLLjyMH98cqJPE>
Subject: Re: [TLS] Authentication Only Ciphersuites RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 10:16:53 -0000

I take no position on whether this is a good idea or not. Regarding the draft itself, I was expecting to see a clear definition of the integrity check computation in terms of an AEAD-Encrypt computation. Something along the lines of:
  AEAD-Encrypt-HMAC(write_key, nonce, additional_data, plaintext) =
    plaintext || HMAC(write_key, nonce || additional_data || plaintext)

In particular, AIUI, nonce must be included to prevent replay attacks. Also include N_MIN = N_MAX = 8 bytes.

-- Tony

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Jack Visoky
Sent: 26 February 2019 20:54
To: tls@ietf.org
Subject: [External Mail] [TLS] Authentication Only Ciphersuites RFC


TLS Colleagues,

If you recall we discussed a draft for authentication only ciphersuites over email back in August of 2018.  We've since made some updates to that draft.  We also have gotten IANA assignments to the authentication only ciphersuites for TLS 1.3 and have updated the draft to reflect the new assignments.

To that extent, as the IoT community is looking to adopt these ciphersuites, we would like to solicit review of the draft:



    https://tools.ietf.org/html/draft-camwinget-tls-ts13-macciphersuites-02



and request that it be published as informational draft given that the IoT forums are looking to adopt its use and the draft can serve as the guide for use and interoperability.

Thanks and Best Regards,

--Jack (and Nancy)



Dyson Technology Limited, company number 01959090, Tetbury Hill, Malmesbury, SN16 0RP, UK.
This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please immediately and permanently delete it, and do not use, copy or disclose the information contained in this message or in any attachment.
Dyson may monitor email traffic data and content for security & training.

v2.23.0 | Report a Bug | By Email