IETF Logo Mail Archive

Re: [TLS] EXTERNAL: Re: integrity only ciphersuites

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 21 August 2018 18:46 UTC

Return-Path: <prvs=177148db12=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 556E1130F6F for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 11:46:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qebH7PHD382G for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 11:46:22 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id EAAB212426A for <tls@ietf.org>; Tue, 21 Aug 2018 11:46:21 -0700 (PDT)
Received: from LLE2K16-MBX03.mitll.ad.local (LLE2K16-MBX03.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id w7LIkKI8033145; Tue, 21 Aug 2018 14:46:20 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Eric Rescorla <ekr@rtfm.com>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] EXTERNAL: Re: integrity only ciphersuites
Thread-Index: AQHUOXStTZMFprYiOUu3YrlZoYzKf6TKxPwAgAAB9oCAAAdpAA==
Date: Tue, 21 Aug 2018 18:45:19 +0000
Message-ID: <A361D467-9A10-43CB-9B9D-3751F093BFA5@ll.mit.edu>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <64d23891-2f32-9bb8-1ec8-f4fad13cdfb9@cs.tcd.ie> <982363FD-A839-4175-BA53-7CA242F9ADA6@ll.mit.edu> <2D7F2926-6376-4B2C-BDE9-7A6F1C0FA748@gmail.com> <5B7C1571020000AC0015C330@gwia2.rz.hs-offenburg.de> <E6C9F0E527F94F4692731382340B337804AEFA24@DENBGAT9EH2MSX.ww902.siemens.net> <A51CF46A-8C5F-4013-A4CE-EB90A9EE94CA@akamai.com> <E6C9F0E527F94F4692731382340B337804AEFB10@DENBGAT9EH2MSX.ww902.siemens.net> <D5FF0E0E-F9C3-4843-AB77-19F45E3C00D5@akamai.com> <8A2746A8-6B41-45C3-9D77-6AF3536C6E2D@siemens.com> <DM5PR2201MB1433B9D7F9AA3B7B688CD33C99310@DM5PR2201MB1433.namprd22.prod.outlook.com> <CAPt1N1mm9FzGknCUTOVZH_S=AsjutXS8qM7Ksa8xWwsSKKAgAg@mail.gmail.com> <EC6705A4-A6CB-45B4-B006-FC0AE42FA6DD@dukhovni.org> <CABcZeBO8tBN4a4SZirxbwNdRyep705dNgGZiuKydg=xu1JT_uQ@mail.gmail.com>
In-Reply-To: <CABcZeBO8tBN4a4SZirxbwNdRyep705dNgGZiuKydg=xu1JT_uQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
Content-Type: multipart/signed; boundary="Apple-Mail-304785C3-72F7-4F0F-96DD-6416E67773D9"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-21_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808210192
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/JZBLax-JEtpSV63kcbUygZgflKI>
Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 18:46:33 -0000

No they should not be recommended (as a typical TLS use case includes confidentiality requirement).

Yes this WG should review them and make a security statement, e.g., like "we reviewed these suites and found that they do provide authentication and integrity protection. No other protection such as confidentiality is provided" (as should be obvious from their names).

I suspect the authors are looking for code point assignment and general approval here, but they can speak for themselves. ;-)

Regards,
Uri

Sent from my iPhone

> On Aug 21, 2018, at 14:20, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> 
> 
>> On Tue, Aug 21, 2018 at 11:11 AM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
>> 
>> 
>> > On Aug 21, 2018, at 1:29 PM, Ted Lemon <mellon@fugue.com> wrote:
>> > 
>> >   You're going to have to change what you do anyway—rather than arguing with us why not bypass us entirely?
>> 
>> TLS is not just a WWW protocol.  Other transport security use-cases
>> should not have to justify their existence.
>> 
>> It is, of course, appropriate to make sure that proposed TLS code-points
>> that cater to specialized needs are well thought out and include
>> suitable security considerations.
>> 
>> It is also reasonable to check that the requirements are not already
>> met without the proposed code-points.
>> 
>> I am concerned that we are going beyond that to questioning the
>> legitimacy of the use-cases.  IPsec is rarely a practical alternative
>> to TLS.
>> 
>> That said, TLS-LTS (a TLS 1.2 profile) may well be a good long-term
>> choice where TLS 1.3 is not sufficiently compatible.
>> 
>> As for TLS 1.3, it is indeed missing both null encryption and null
>> authentication ciphers. 
> 
> If by "null authentication" you mean "without certificates", then TLS 1.3 does
> support these via RFC 7250. See:
> 
> https://tools.ietf.org/rfcmarkup?doc=8446#appendix-C.5
> 
> 
>> This is not to say that null encryption ciphers for TLS 1.3 are
>> unconditionally good, their specification would need to provide
>> sound security considerations and be fit for purpose.  But I do
>> think that we should not reject the proposal out of hand.
> 
> This isn't a matter of rejecting or accepting them. As I said at the beginning of
> this thread. No TLS WG approval is required to get a code point.
> 
> The relevant questions are:
> 
> 1. Should they be marked "Recommended" in the registry?
> 2. Should the TLS WG spend time reviewing these documents?
> 
> Can the authors of this draft please say what they are looking for here?
> 
> -Ekr
> 
> 
>> 
>> -- 
>> -- 
>>         Viktor.
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email