Re: [TLS] "Notes" column in draft-ietf-tls-rfc8447bis?

John Mattsson <john.mattsson@ericsson.com> Fri, 08 December 2023 09:30 UTC

From: John Mattsson <john.mattsson@ericsson.com>
To: Valery Smyslov <smyslov.ietf@gmail.com>, 'Sean Turner' <sean@sn3rd.com>, "'Salz, Rich'" <rsalz@akamai.com>
CC: 'TLS List' <tls@ietf.org>
Thread-Topic: [TLS] "Notes" column in draft-ietf-tls-rfc8447bis?
Thread-Index: AQHZc7yk5dYhdyelckCbTfzFW/WfR7CdJieqgACtp4D//9xXgIAAHVwPgAAoO4CAApSmHQ==
Date: Fri, 08 Dec 2023 09:30:50 +0000
Message-ID: <GVXPR07MB96789CDCFF0F77243BAB2E01898AA@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <4E5AE0C0-E9FD-4BF8-8102-81F4A236C32B@akamai.com> <GVXPR07MB9678C46D361929DA5D14370B8984A@GVXPR07MB9678.eurprd07.prod.outlook.com> <18950AB7-02F8-4D3F-A786-AB233DC489A0@akamai.com> <3976BB0F-9649-4815-BE74-D433240D2833@sn3rd.com> <GVXPR07MB96786BB3FEA1EBC78B2C9ADA8984A@GVXPR07MB9678.eurprd07.prod.outlook.com> <009201da286e$9bd0d8c0$d3728a40$@gmail.com>
In-Reply-To: <009201da286e$9bd0d8c0$d3728a40$@gmail.com>
Accept-Language: en-US
Content-Language: en-GB
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6xmq8tBbh8fQJaLJVxffAdnLdJxAwTo89d85hjoyXjAHV4HGwtmZLHM8V5QIkq7rwtCXYfYjGJjqQNPJFo8PgudiMW3zEMKG9RPfa9yYzrKjBBFqTIIABYVUzFkfZOtRNBzImpo+VWPA2Lm6nn7Wn4B0XvXKkQVEijiE189ucRmAA0a+0XMb2NZnQ7vaZ6tDHVBvwDTSRAsY4BVquBuYWD1J/YvjjcMjuP4lgbPZcPNny326cWXSj4i6CvZ79qPN7zcfbTOzbSTXGg9t+v3VPbGqoW/6Fj4RiZkZqLYqY7t4p/jI2aun7lak8HdDMQ7U6ksZe9t0dtoweu/ykhvFFmS2yu6sDvMkTtYox+uoD/UaZQdsBZ9FuMPbq0HQ2I9FQwv8K01MRu3wRDCTVCaRqucIzz5ihrJVr2OrdaDsTU7AFzP6uoQZD10q7wv+JY0oOP8YwVyNoAcI2MPHXN5xVXLsB2C1XYw3e6tAOJl9euNiZD/Q4JMV40p/68MLj3lT2+A05lEhC7yoNp9ofwPsLEf9RhhpKRL0c4kaV+0COo6njZDKCrEFFG5iEvahAB8gDCR1hGD6PTIPJ8DV2kxqztiUMFEAVzWBMa0A/16C3+ZmfLmZV3NCUVqSZN+IpxPwhASxwnGNkqJ+VRrFYDvfHKCJi+sG9AkOf0YkE0l013DWyoS48Fow4BfuYdViykQRspg6x+P1uOFG3D+2CECJCGyjw9WOP2CduOKbRI9n8UTOY/WMxlSZJXGgj7eLEOBtcEcklTD4dpgy1IYe5lWBbPkNvp3MscRuX3lm69v1e3OYk6xm/fKZp1P/UcpYIC6o3WXjZi0g3tWc2FVRS37AmMHyu6ABat6tQfc+zY5JuDp2fx/hnLj94NurTAh8GE83gHZCPaqfE7tr1OdZTbp/ktSqVMw1tdYKINh9+d2/hk/hBNA271nq9lJtMhzyL8/lZV7f+YqBjpABeBVDVj0JPeFiwNgugH9vO3hJUr/fthDiGtOBZ4WDbSHl6DU7t779UiQuj/wKhOidw9XbLPjUdvvi/GJovs3zyFq1mNIRgrUbBUPlaEsZgw8Ebz/sA15YHp+3vwjgLqNZ2sl+kvv+MkGpu0h7xv4S6eq4Ox2hc6P2efg9+N+etOCYKuTRD70vFU/9D42xCYUSlfd417lcW+Hs2xX3ssqpOy31p/FwSmx+pB0XlUa9PxGWkz8aLL5jv2YN+PkSHW4CIXunNOn44qE6+NwGaQ2WJj0M3Cy93iuTzWxLIwxxD/CbJzCQlavWQQFiiKEsEB2EPM390fDvgNkifDkcWd8BcsdOZKlU88buynT9MOybHPoUotsQf7mCNN83SL8ah4takDqDmiPK6kCJJki6FX6QAU89Ai5vChVJPCYvRdB1Xry0RlfT+Gz994XhNuj64H/kdw5brfG6iuyypPsb//kXd32kW0EmOA0phfPKwnKwmTxTT9x8/NDgM7qmuHsR3gE/cg8lIgBX2zYUdE0If2qZu7ZBIHJRRzx1vzoCgs0vHWgxAm23Xmne/6Jo6XIzwEcb1pKkeiOYSDKrmOOrVYvQ1vM+QUXfwJUXwEp913UZ9t1Dl+Yc+VAqtjlWTuw5JBgtKRXA2W/l7oiyRA7h2T5Dso0Gh/eA50M=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96789CDCFF0F77243BAB2E01898AAGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ce876d41-c6a9-49e4-3119-08dbf7d05dd9
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Dec 2023 09:30:50.2784 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MMeZfxFBXJyba0Qq8AjwnLrd9rgm33LZ6QHZj7X2+9cuBE3Nzahv8bVTr0snoWaRfA5E98J8I70AlqWGIo3pWG9hCSKXIr6+xqCgI0/Xu7I=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2PR07MB8111
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EY562B3QAYyl8jH3lg3x5Jj6agM>
Subject: Re: [TLS] "Notes" column in draft-ietf-tls-rfc8447bis?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Dec 2023 09:30:57 -0000

Hi,

Valery Smyslov wrote:
>No, they include only hash (GOSTR341112) and AEAD cipher (MAGMA_MGM or KUZNYECHIK_MGM).
>Their order in the names is unusual (hash first, cipher second).

Yes, my misunderstanding based on the weird naming order. So nothing weird technically.

Ilari Liusvaara wrote:
>Also,
>
>0x00,0xC6 TLS_SM4_GCM_SM3
>0x00,0xC7 TLS_SM4_CCM_SM3
>
>Both are explicitly flagged as not OK for DTLS. However, using GCM/CCM
>in usual way, so not difficult to define how those would work in DTLS
>or QUIC (just copy what AES-128 does there).

Yes, I agree that would be straightforward. But it has not been done yet.

Ilari Liusvaara wrote:
>If the _ECCPWD_ ones work for TLS 1.3, why wouldn't those work for DTLS
>1.3 or QUIC? Those ciphersuites use AES in standard way, and DTLS/QUIC
>do serialize the flights.

Yes, you are correct that they should work. DTLS 1.3 and QUIC defined header protection for all cipher suites that use AES.

Ilari Liusvaara wrote:
>Well, _ECCPWD_ is just special snowflake as it modifies the key
>exchange (I haven't checked if what it does actually works).

Feels to me like it would have been good if _ECCPWD_ TLS 1.3 cipher suites had never been registered. What should have been done is to register TLS_AES_256_CCM_SHA384 together with some new key exchange or extentions....

Below is an updated table of TLS 1.3 cipher suites based on Ilari’s comments. One day I hope most of this info will be easy to extract from the IANA registry.

Value
Description
DTLS 1.3
QUIC
Comment
0x00,0xC6
TLS_SM4_GCM_SM3
N
N
Would be straightforward to specify use in DTLS 1.3 and QUIC
0x00,0xC7
TLS_SM4_CCM_SM3
N
N
Would be straightforward to specify use in DTLS 1.3 and QUIC
0x13,0x01
TLS_AES_128_GCM_SHA256
Y
Y
0x13,0x02
TLS_AES_256_GCM_SHA384
Y
Y
0x13,0x03
TLS_CHACHA20_POLY1305_SHA256
Y
Y
0x13,0x04
TLS_AES_128_CCM_SHA256
Y
Y
0x13,0x05
TLS_AES_128_CCM_8_SHA256
Y
N
QUIC RFC states MUST NOT use
0x13,0x06
TLS_AEGIS_256_SHA512
Y
Y
0x13,0x07
TLS_AEGIS_128L_SHA256
Y
Y
0xC0,0xB0
TLS_ECCPWD_WITH_AES_128_GCM_SHA256
Y
Y
0xC0,0xB1
TLS_ECCPWD_WITH_AES_256_GCM_SHA384
Y
Y
0xC0,0xB2
TLS_ECCPWD_WITH_AES_128_CCM_SHA256
Y
Y
0xC0,0xB3
TLS_ECCPWD_WITH_AES_256_CCM_SHA384
Y
Y
0xC0,0xB4
TLS_SHA256_SHA256
N
N
Impossible to use in DTLS 1.3 and QUIC as NULL encryption is used.
0xC0,0xB5
TLS_SHA384_SHA384
N
N
Impossible to use in DTLS 1.3 and QUIC as NULL encryption is used.
0xC1,0x03
TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L
N
N
Not straightforward to specify use in DTLS 1.3 and QUIC due to per-packet rekeying
0xC1,0x04
TLS_GOSTR341112_256_WITH_MAGMA_MGM_L
N
N
Not straightforward to specify use in DTLS 1.3 and QUIC due to per-packet rekeying
0xC1,0x05
TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S
N
N
Not straightforward to specify use in DTLS 1.3 and QUIC due to per-packet rekeying
0xC1,0x06
TLS_GOSTR341112_256_WITH_MAGMA_MGM_S
N
N
Not straightforward to specify use in DTLS 1.3 and QUIC due to per-packet rekeying

Cheers,
John

From: Valery Smyslov <smyslov.ietf@gmail.com>
Date: Wednesday, 6 December 2023 at 19:04
To: John Mattsson <john.mattsson@ericsson.com>, 'Sean Turner' <sean@sn3rd.com>, 'Salz, Rich' <rsalz@akamai.com>
Cc: 'TLS List' <tls@ietf.org>
Subject: RE: [TLS] "Notes" column in draft-ietf-tls-rfc8447bis?
Hi John,

just a clarification:

The _GOSTR341112_ seems to include authentication and key exchange…. I did not think this was how TLS 1.3 cipher suites were supposed to be used.

            No, they include only hash (GOSTR341112) and AEAD cipher (MAGMA_MGM or KUZNYECHIK_MGM).
            Their order in the names is unusual (hash first, cipher second).

            Regards,
            Valery.

Cheers,
John Preuß Mattsson

From: Sean Turner <sean@sn3rd.com>
Date: Wednesday, 6 December 2023 at 14:55
To: Salz, Rich <rsalz@akamai.com>, John Mattsson <john.mattsson@ericsson.com>
Cc: TLS List <tls@ietf.org>
Subject: Re: [TLS] "Notes" column in draft-ietf-tls-rfc8447bis?

> On Dec 6, 2023, at 08:02, Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> wrote:
>
> Yes, I think information regarding if a cipher suite is for TLS 1.3 is very needed to have.  I already asked for that in
> https://mailarchive.ietf.org/arch/msg/tls/0gDKfXJvAemFDm7MWcS1DTDVIe8/
>
> In addition, I would also like to information if the cipher suite can be used in QUIC.
>
> The 8447bis draft added a notes column to every TLS registry. The “1.2 is frozen” draft says to use it to indicate things like “for TLS 1.3 and later”. It’s a free-form text field, so we can direct IANA to put anything we want. :)

Yep we added it via:
https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-cc6bdfdfb39824c6&q=1&e=9148a29f-ecfe-46e0-869e-33ffd8475127&u=https%3A%2F%2Fgithub.com%2Ftlswg%2Frfc8447bis%2Fpull%2F48

spt

[TLS] "Notes" column in draft-ietf-tls-rfc8447bis? Salz, Rich
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… Salz, Rich
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… John Mattsson
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… Salz, Rich
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… Sean Turner
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… John Mattsson
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… Salz, Rich
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… Ilari Liusvaara
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… Valery Smyslov
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… John Mattsson
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… Valery Smyslov
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… John Mattsson
Re: [TLS] "Notes" column in draft-ietf-tls-rfc844… Valery Smyslov