IETF Logo Mail Archive

[TLS] Should CCM_8 CSs be Recommended?

Sean Turner <sean@sn3rd.com> Tue, 03 October 2017 22:54 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DC1513421C for <tls@ietfa.amsl.com>; Tue, 3 Oct 2017 15:54:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id momUYFVZzZTt for <tls@ietfa.amsl.com>; Tue, 3 Oct 2017 15:54:08 -0700 (PDT)
Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54FB5132992 for <tls@ietf.org>; Tue, 3 Oct 2017 15:54:08 -0700 (PDT)
Received: by mail-wm0-x22e.google.com with SMTP id i82so17365633wmd.3 for <tls@ietf.org>; Tue, 03 Oct 2017 15:54:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=WMC/nIQLhhWLKGlF6GDDC41Eir2i8w8iz81RU4WMV7k=; b=dUTPK6CFIclV61M+Q9RFTc2zoQL4sZNYvkkrBnqKT0AqG89omEsjAzxta+HrJqp/XH hu+KWfSK4hpv1pD9MGG3XMdKZRWB2MNFHDtkg3p67HfCwh+oM+AdKipXQ6aTTOgP03Re WQfcmcTt8zAmhRiW7WApbPcb++hb+cO1LrsPk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=WMC/nIQLhhWLKGlF6GDDC41Eir2i8w8iz81RU4WMV7k=; b=owQPu2/bZV22qMI7K+6/NydCoA2EdWpk2FXaVeiPHxvLgWfp6cZqYHrjiimJZIkY7m dAGQPqH5hDAXjXcsu8Bobp8lLy+TrfJ0AsZxXSL7SMJD5skSyEUAR+FT7VtXdLiisOnO ABH7w59ksYmnT9iVGETYe+zt/60llPjOQrERxgTOhUJyM1AC6+WwFXfa50vv/sDzXoL2 FF76ZFwiGwS2ME7vFT4z6lrP0YgAlGI7fhIjHX1ldFE6V2NuuhQ57SHwRL2Sryb42zuN Y8iECuwiF/ldT5guiujNr/AHS/FQyV+rGvYWXq6/d4oS7WLnFlvuHbH9qlmjGcQC4GCQ 8TWw==
X-Gm-Message-State: AHPjjUhX0GqSNdfe6tS8opt1zVJ+jGVD8Gg/XL7bGFdSiVemgswA5Dol bzRwMvyFHIgp8SX3vwItfLbY8AaKp6A=
X-Google-Smtp-Source: AOwi7QDuEwwFmbyRPj+9vxXUznv86D7/oA0Cp/Xlb4D+5xP9XN86u4yQlc4T0VbZE+uhHUv2jgnUHw==
X-Received: by 10.80.170.46 with SMTP id o43mr26768391edc.40.1507071246656; Tue, 03 Oct 2017 15:54:06 -0700 (PDT)
Received: from [5.5.33.167] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id j6sm7891356edj.58.2017.10.03.15.54.04 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Oct 2017 15:54:05 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <CA26DC83-9524-4CDA-910A-7FDCBF73F849@sn3rd.com>
Date: Tue, 03 Oct 2017 15:53:59 -0700
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/M7pu22B6b06Epb_ylAH9WEQVxo4>
Subject: [TLS] Should CCM_8 CSs be Recommended?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Oct 2017 22:54:10 -0000

In the IANA registries draft (https://github.com/tlswg/draft-ietf-tls-iana-registry-updates), we’ve added a recommended column to the Cipher Suites (CSs) registry (and some others).  Right now, the criteria for getting a recommended mark is AEAD ciphers with strong authentication standards track ciphers.  While that’s great generally, the list we’ve got five CSs that gave Joe and I pause:

TLS_DHE_RSA_WITH_AES_128_CCM_8
TLS_DHE_RSA_WITH_AES_256_CCM_8
TLS_PSK_DHE_WITH_AES_128_CCM_8
TLS_PSK_DHE_WITH_AES_256_CCM_8
TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256

The CCM_8 CSs have a significantly truncated authentication tag that represents a security trade-off that may not be appropriate for general environment.  In other words, this might be great for some IoT device but we should not generally be recommending these.

We’re recommending that these five suites be dropped from the recommended list.  Please let us know what you think.

J&S
(editor hats on)

v2.23.0 | Report a Bug | By Email