Re: [TLS] EXTERNAL: Re: integrity only ciphersuites
Jack Visoky <jmvisoky@ra.rockwell.com> Tue, 21 August 2018 17:58 UTC
Return-Path: <jmvisoky@ra.rockwell.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08EB6128C65 for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 10:58:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pDBJ8BTgODUP for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 10:58:45 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0058.outbound.protection.outlook.com [104.47.40.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E466D130DF9 for <tls@ietf.org>; Tue, 21 Aug 2018 10:58:43 -0700 (PDT)
Received: from DM5PR2201MB1433.namprd22.prod.outlook.com (10.174.186.154) by DM5PR2201MB1114.namprd22.prod.outlook.com (10.174.186.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1059.21; Tue, 21 Aug 2018 17:58:42 +0000
Received: from DM5PR2201MB1433.namprd22.prod.outlook.com ([fe80::49f1:7875:b984:9a65]) by DM5PR2201MB1433.namprd22.prod.outlook.com ([fe80::49f1:7875:b984:9a65%2]) with mapi id 15.20.1059.023; Tue, 21 Aug 2018 17:58:42 +0000
From: Jack Visoky <jmvisoky@ra.rockwell.com>
To: "Salz, Rich" <rsalz@akamai.com>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "Fries, Steffen" <steffen.fries@siemens.com>
CC: "ncamwing=40cisco.com@dmarc.ietf.org" <ncamwing=40cisco.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] EXTERNAL: Re: integrity only ciphersuites
Thread-Index: AQHUOXbMDTTGz32A1EOTWN7nFkknjKTKfNag
Date: Tue, 21 Aug 2018 17:58:42 +0000
Message-ID: <DM5PR2201MB14331CB8DFA008037C716C4099310@DM5PR2201MB1433.namprd22.prod.outlook.com>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <64d23891-2f32-9bb8-1ec8-f4fad13cdfb9@cs.tcd.ie> <982363FD-A839-4175-BA53-7CA242F9ADA6@ll.mit.edu> <2D7F2926-6376-4B2C-BDE9-7A6F1C0FA748@gmail.com> <5B7C1571020000AC0015C330@gwia2.rz.hs-offenburg.de> <E6C9F0E527F94F4692731382340B337804AEFA24@DENBGAT9EH2MSX.ww902.siemens.net> <A51CF46A-8C5F-4013-A4CE-EB90A9EE94CA@akamai.com> <E6C9F0E527F94F4692731382340B337804AEFB10@DENBGAT9EH2MSX.ww902.siemens.net> <D5FF0E0E-F9C3-4843-AB77-19F45E3C00D5@akamai.com> <8A2746A8-6B41-45C3-9D77-6AF3536C6E2D@siemens.com> <B91DE602-C4C2-4A20-9D18-8AE676D3ED2D@akamai.com> <DM5PR2201MB143394A86DA30B3A98D4FC3A99310@DM5PR2201MB1433.namprd22.prod.outlook.com> <E8FA8D6F-871F-4BC8-A6A9-13291251442A@akamai.com>
In-Reply-To: <E8FA8D6F-871F-4BC8-A6A9-13291251442A@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jmvisoky@ra.rockwell.com;
x-originating-ip: [205.175.250.246]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2201MB1114; 6:qxZD/MaZrae757GXKx1SsO25Ts1I3foT14TxwLd/AvJ4K2d9iRuw8vWfDsVqTXsgNTivYqxiseundVkYj7AJPL/A578lUmBAAEw6iNBBFly9/AB3dkP4uOmrSK69EgJv1JwimsFXsPe8+RnM5PA7ywMoL0EhDJitb/pCbSdYEgQIeuY96gpncHsux0axrllKrsByotx3Vn6jkKJeh3DC4VqnZgnPGLevkU23xdoPbHnGYI3rrWtGd9JezeOsk5+K0Te9cbFRv14sJEcqLaFISh6oW3DDJ3fnMT0PZRoEIV950rm1yx3pDLlp7xPMXzSRjxrHigX/tzQiXvjkpBJXYhhgCgWWc8M7y27sQYZEKE7zlTKov+CDoFw00+ItyYo7avakxuNAF/1xR/PH5A6QiV7sZPMUaqQWnhySalnKBuG1p/bjvrs1P6qkJ93XsgUzqVpwChHiiEynu0yFFim5iQ==; 5:CbTzfYRXsrKk7LNCYiKEQY+47x5FXfEtsnpSRy2TOpDViiv7MdRvdrqdpRzvWHua49A/gRmdWZYBgMAre8QYxRpC2Bqkkdox7syIq0XuuIwfdRW6J0ANFoJV7GTYm0GweZMOXvM+DJAmuQgJ6Y9KLVWbQrxUAEPWpTC+VFjcTr4=; 7:AWgmWEvBsl4fLJ4MIeznpewFwyOlhs+LsNLCVc5Ek4hjmmGUs0BDC8xsn3iPNBBnDo+CkodRzA3gNipb65vEbImZVfYe026smwjseyMAalvUHm80BblmxfzSWhOkQnPRU8xfE0VmSZ9iMYHE3KJV4WeY3EkPJ1Wq5yUp6JlLjgf64/zXkbEhGq8ICvMqu0vDQqQKT7VJOL24l7mscxyV0alLVJlrfhISRj6oMZ7lhjP/Y9/ldPeCwZ8Imgjvr6LT
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 2f450749-e42a-49eb-5430-08d6078fbb92
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM5PR2201MB1114;
x-ms-traffictypediagnostic: DM5PR2201MB1114:
x-microsoft-antispam-prvs: <DM5PR2201MB1114E6BB6F2C7C8516D0331799310@DM5PR2201MB1114.namprd22.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(181554191321653)(269231077054813)(126837547833334)(21748063052155)(33711482430040);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231311)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123564045)(201708071742011)(7699016); SRVR:DM5PR2201MB1114; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2201MB1114;
x-forefront-prvs: 0771670921
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(346002)(366004)(39860400002)(136003)(199004)(189003)(446003)(105586002)(26005)(790700001)(476003)(14454004)(97736004)(11346002)(5250100002)(76176011)(3846002)(86362001)(102836004)(53546011)(25786009)(6506007)(99286004)(6246003)(8936002)(256004)(486006)(106356001)(6116002)(9326002)(2900100001)(7696005)(68736007)(14444005)(4326008)(6436002)(186003)(55016002)(9686003)(54896002)(316002)(6306002)(8676002)(54906003)(33656002)(2906002)(81156014)(81166006)(19609705001)(110136005)(66066001)(478600001)(5660300001)(229853002)(53936002)(93886005)(7736002)(74316002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR2201MB1114; H:DM5PR2201MB1433.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ra.rockwell.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: YJ86fP0X04xqehaZXtG9oMgvzxvPSIjxcJLQTAJYYpfTUnMPVFFb+lXoe5805Bi2/USrU5niuU1dIE9UZ8F4fcoc2wI4b3Srf0WmubrWu5O7lAH5P0Gn+KyYgAze3zxZjL7zoP3/+tuQuhKt698828rJBXfdHWeAJlAG3ak3YDusgk1NsS+/Y7VDLW515RQ8EtZx8y6YyoP+4aRLb8vI1kyY+pwnDhcDYk70QPis/XIYefNdAhWHsG9oR+NnZFAbQwgrge00UBijb/X5n0+OxP1OuZF4vFUzGo5j6t1+pEGx36+/3GnLVAh3V/HPm7xG5cuvhmbIFMIjTtdF+jYss1hM6elfQmj0fZECMHhh9J8=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR2201MB14331CB8DFA008037C716C4099310DM5PR2201MB1433_"
MIME-Version: 1.0
X-OriginatorOrg: ra.rockwell.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2f450749-e42a-49eb-5430-08d6078fbb92
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2018 17:58:42.6959 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 855b093e-7340-45c7-9f0c-96150415893e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2201MB1114
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ph3JbFNec2XcWYmVwt4wz7pNYR4>
Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 17:58:48 -0000
Hi Rich, M2M might be common TLS, but with something else at the application layer. I’ll give this example, but admittedly the terminology is confusing: there is another protocol that is called EtherNet/IP (here IP stands for Industrial Protocol, hence the concern about confusion). In this case this protocol is built upon TCP and UDP, but then above that there is a different protocol meant for machine to machine communication that will enable a number of industrial applications. What we did in ODVA was to add TLS (and DTLS in some cases) to protect this communication. This communication is often high speed and latency is a major concern. So it is standard TLS, but rather than HTTP on top of the TLS, it is an Industrial Protocol. Even if the device is “capable” of encryption, encrypting the data adds overhead and is unnecessary in some applications. So capable might mean it can do encryption, but not at the speeds necessary for machine to machine I/O. Thanks and Best Regards, --Jack From: Salz, Rich [mailto:rsalz@akamai.com] Sent: Tuesday, August 21, 2018 1:46 PM To: Jack Visoky <jmvisoky@ra.rockwell.com>; Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>; Fries, Steffen <steffen.fries@siemens.com> Cc: ncamwing=40cisco.com@dmarc.ietf.org; tls@ietf.org Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites Ø I’m not sure if I’m following the question, but what was meant was that these ciphers are generally NOT used for browser access. Machine to machine communication usually does not involve a browser. Apologies if I’ve misunderstood the question. You understood me. So the devices (or rather at least some of them since they are splendiferous in their variances) do speak common TLS. But not for M2M. That part confuses me, since “too small to encrypt” was a reason given.
- [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Eric Rescorla
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Eric Rescorla
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] integrity only ciphersuites Mike Bishop
- Re: [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Judson Wilson
- Re: [TLS] integrity only ciphersuites Geoffrey Keating
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Lyndon Nerenberg
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Judson Wilson
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Peter Gutmann
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Viktor Dukhovni
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Judson Wilson
- Re: [TLS] integrity only ciphersuites Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] integrity only ciphersuites Viktor Dukhovni
- Re: [TLS] integrity only ciphersuites Kathleen Moriarty
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Bill Frantz
- Re: [TLS] integrity only ciphersuites Andreas Walz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Richard Barnes
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] integrity only ciphersuites Ted Lemon
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Stephen Farrell
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] integrity only ciphersuites Bill Frantz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Viktor Dukhovni
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Eric Rescorla
- Re: [TLS] null auth ciphers for TLS 1.3? Viktor Dukhovni
- Re: [TLS] null auth ciphers for TLS 1.3? Eric Rescorla
- Re: [TLS] null auth ciphers for TLS 1.3? David Benjamin
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] integrity only ciphersuites Martin Thomson
- Re: [TLS] null auth ciphers for TLS 1.3? Peter Gutmann
- Re: [TLS] integrity only ciphersuites Peter Gutmann
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Peter Gutmann
- Re: [TLS] raw public keys in the wild? Viktor Dukhovni
- Re: [TLS] raw public keys in the wild? Peter Gutmann
- Re: [TLS] null auth ciphers for TLS 1.3? Wang Haiguang
- Re: [TLS] null auth ciphers for TLS 1.3? Bill Frantz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] raw public keys in the wild? Richard Barnes
- Re: [TLS] raw public keys in the wild? Viktor Dukhovni