Re: [TLS] integrity only ciphersuites

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 21 August 2018 04:32 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D559130ED8 for <tls@ietfa.amsl.com>; Mon, 20 Aug 2018 21:32:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id idKa1ZUzfCZX for <tls@ietfa.amsl.com>; Mon, 20 Aug 2018 21:32:19 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AC91130EB9 for <tls@ietf.org>; Mon, 20 Aug 2018 21:32:19 -0700 (PDT)
Received: from [192.168.1.161] (unknown [192.168.1.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id EA7FD4369 for <tls@ietf.org>; Tue, 21 Aug 2018 00:32:17 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <CABcZeBNpgnfBerkutLB0jKA4vF_FrpXNHnEeKQhAOFm-y=xJsA@mail.gmail.com>
Date: Tue, 21 Aug 2018 00:32:16 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: "<tls@ietf.org>" <tls@ietf.org>
Message-Id: <D67B2BB4-C445-4443-898B-EF1AFC5BF64D@dukhovni.org>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <CABcZeBNpgnfBerkutLB0jKA4vF_FrpXNHnEeKQhAOFm-y=xJsA@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/H4YFZt6oYMFoU77M6udnmjn4ZNI>
Subject: Re: [TLS] integrity only ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 04:32:21 -0000

> On Aug 20, 2018, at 4:57 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> With that said, I don't think this document makes a very strong case for these cipher suites. Essentially you say:
> 
> 1. We don't need confidentiality
> 2. Code footprint is important

There is also a use-case for communication between processes on the same
machine, e.g. over unix-domain sockets and the like.  Encryption in this
context is pointless.  TLS can be used with client certificates as a means
of client authentication.

Postfix supports eNULL ciphers for unix-domain socket LMTP communication.
This works with TLS <= 1.2, but would require enabling unnecessary encryption
with TLS 1.3.

  http://www.postfix.org/TLS_README.html#client_tls_levels

  NOTE: Opportunistic encryption of LMTP traffic over UNIX-domain sockets
  or loopback TCP connections is futile. TLS is only useful in this context
  when it is mandatory, typically to allow at least one of the server or the
  client to authenticate the other. The "null" cipher grade may be appropriate
  in this context, when available on both client and server. The "null" ciphers
  provide authentication without encryption.

-- 
	Viktor.