Re: [TLS] EXTERNAL: Re: integrity only ciphersuites
Jack Visoky <jmvisoky@ra.rockwell.com> Mon, 20 August 2018 21:36 UTC
Return-Path: <jmvisoky@ra.rockwell.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BD65130DC7 for <tls@ietfa.amsl.com>; Mon, 20 Aug 2018 14:36:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bjv3hrQLa2rC for <tls@ietfa.amsl.com>; Mon, 20 Aug 2018 14:36:05 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0080.outbound.protection.outlook.com [104.47.32.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0463F129619 for <tls@ietf.org>; Mon, 20 Aug 2018 14:36:05 -0700 (PDT)
Received: from DM5PR2201MB1433.namprd22.prod.outlook.com (10.174.186.154) by DM5PR2201MB1417.namprd22.prod.outlook.com (10.174.177.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1059.19; Mon, 20 Aug 2018 21:36:03 +0000
Received: from DM5PR2201MB1433.namprd22.prod.outlook.com ([fe80::49f1:7875:b984:9a65]) by DM5PR2201MB1433.namprd22.prod.outlook.com ([fe80::49f1:7875:b984:9a65%2]) with mapi id 15.20.1059.023; Mon, 20 Aug 2018 21:36:03 +0000
From: Jack Visoky <jmvisoky@ra.rockwell.com>
To: Eric Rescorla <ekr@rtfm.com>, "Nancy Cam-Winget (ncamwing)" <ncamwing=40cisco.com@dmarc.ietf.org>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: EXTERNAL: Re: [TLS] integrity only ciphersuites
Thread-Index: AQHUOMilgC0HRr8W2EOuV8r28re96KTJKAvw
Date: Mon, 20 Aug 2018 21:36:03 +0000
Message-ID: <DM5PR2201MB1433AABB629D610944E470D899320@DM5PR2201MB1433.namprd22.prod.outlook.com>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <CABcZeBNpgnfBerkutLB0jKA4vF_FrpXNHnEeKQhAOFm-y=xJsA@mail.gmail.com>
In-Reply-To: <CABcZeBNpgnfBerkutLB0jKA4vF_FrpXNHnEeKQhAOFm-y=xJsA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jmvisoky@ra.rockwell.com;
x-originating-ip: [205.175.250.241]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2201MB1417; 6:PGTW1GLcGobnBOhWZ+QQXNdVMnyYx+Ebzwit+ArFPJ97K3j3AU1w85IFhkVQ1ZXpI4UxWe2waBhSOlEAB8U+trN+92bPJ7r7V3y/aEf1PzndSvv9UuSC4CFMadSN7h/IcJ27oDF9qzeKzz7a8pxojft7voIwEfKPRCtkOQgn3N6Lr3xQL3nIfUg5a6ZzDF9hcxW4/pzO+GpGsqZvRgYdWSBh7NKTOwgJbGlPjKD3zWf7Ln9/eWkSCj6kaRP54QVyzXll+ayDuYpIcbHCfBJfBgRX0BKZfJ3jG4597rp5FFxz2kHFmv8jE2QnxJZEyjOfRcHU39XqDyCOhTzJl/7NvcK741jLVWvoSlQG8FlRM5LWEOOAnflC5KfrrvHUPllha1PSj0V7Q1QWB6XWNEAQJ/eCRXiobhZnIN3LpxcVXSdfpLOb4a7DzGu6UGJL50cJgJg5Zr9B9/G5mT8nJsEDQQ==; 5:cgRj8T0NAOMsG6nfZ4ZBUVPHS09JV7AgizqqEfRYfc05bkLPptKlIYbVTpBHOpysD5yftienqTncdydKBNMZtAZZzBzLgmLNbf7bsJ4hJ1A8BMVbujdrApfPAZpAv4tRdrhIawh+SgXHfQc2bCl6+GQxRtkYv0ev69Vko77EgO8=; 7:yPn7UF1henCBtupS5NhkkZPyAfY9y+eE9uSJUJ6KnyfaTUam3eiQW9U9Jf9ZmcjfUmZINHgEbpj+ZfRt/1Jdjg1FRJfBOLyzTI6Tl3Avp+kXUov5bgsKXAlttrvchKSjd877REJo2uC6jZ4WzrxsR6LP9lHD0Py/XwUo6YoynkdvYT0pE5ElmLfOpuuy7DJg2Qge3xR/AahWN6wTZtTT81VBdsqEKHupjK6lzlsmc30IjwabIuDe8fMDCMB1DtZk
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 0451921c-9d02-4c13-0bfa-08d606e4edec
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM5PR2201MB1417;
x-ms-traffictypediagnostic: DM5PR2201MB1417:
x-microsoft-antispam-prvs: <DM5PR2201MB1417D1480EA6D57FD228515E99320@DM5PR2201MB1417.namprd22.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(278428928389397)(166708455590820)(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231311)(944501410)(52105095)(3002001)(6055026)(149027)(150027)(6041310)(20161123564045)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(201708071742011)(7699016); SRVR:DM5PR2201MB1417; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2201MB1417;
x-forefront-prvs: 0770F75EA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(136003)(396003)(39860400002)(366004)(199004)(189003)(106356001)(4326008)(2906002)(53546011)(316002)(186003)(86362001)(446003)(102836004)(14444005)(5024004)(8676002)(256004)(6506007)(110136005)(476003)(66066001)(14454004)(97736004)(105586002)(966005)(6436002)(81156014)(478600001)(81166006)(53936002)(11346002)(229853002)(76176011)(7696005)(3846002)(33656002)(486006)(2900100001)(99286004)(6116002)(5660300001)(5250100002)(68736007)(9686003)(26005)(25786009)(305945005)(7736002)(6306002)(8936002)(55016002)(74316002)(6246003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR2201MB1417; H:DM5PR2201MB1433.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ra.rockwell.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: /1SwkEuFBfISuMo8CP8TDijb7tWPcTgsh9LsmeOqKhDaa0Z+Br3PbSrw5v3LjTH7gNFKNMrr6es8JrhdQ3Q2rIL3AnaQzfKjICOltBVW87gBcRzzelImgS4pntNR7UVzrJLXfUVdlXLTYufEAgSaUQ/Rswb+38emqnTEToltxRSmvhdCcSBCq3y95tkV2UXwVerLmJARTWxqZz3Df79o98RDRAUM8gtVPqdvN1EzKjHtcLN2Dm6A59sViurt+UtCDxEYnnekfSPBFQWAJ8u+YMhzWBwgUQqN1cLU/WvpRjrfP6g1zLHT+IdtlMFYs9w1CR5R0WdY6sG2g1I5uQardvVs3XfTcxuc0wTaL2DFDXk=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ra.rockwell.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0451921c-9d02-4c13-0bfa-08d606e4edec
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Aug 2018 21:36:03.2072 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 855b093e-7340-45c7-9f0c-96150415893e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2201MB1417
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DqjDD6iNycHMMZeGlSYGocQJcp8>
Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2018 21:37:38 -0000
Hi Eric, Thanks for your feedback. Just a few points to add: 1. There really are some applications where confidentiality isn’t important, for example some motion control that might involve very simple move instructions (e.g. go to X, go to Y, go to Z, repeat). Certainly there are also applications that would benefit from confidentiality, but there’s a non-trivial amount that really gain little to nothing. 2. In some cases the code size is quite important. It’s not uncommon for hardware to be in the field in Industrial Automation for 15 or more years, so in some cases the hardware is already stretched pretty thin and might not be able to handle the demands of encryption. At the same time it is hugely beneficial to take advantage of the security of TLS for many of these installations. 3. Another use case for these NULL encryption suites is around inspection of data. I think this has been discussed in this forum already, but these cipher suites could support that as well. Thanks and Best Regards, Jack Visoky Security Architect and Sr. Project Engineer Common Architecture and Technology Group Rockwell Automation | 1 Allen-Bradley Drive | Mayfield Heights, OH 44124 From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Eric Rescorla Sent: Monday, August 20, 2018 4:58 PM To: Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org> Cc: tls@ietf.org Subject: EXTERNAL: Re: [TLS] integrity only ciphersuites [Use caution with links & attachments] On Mon, Aug 20, 2018 at 1:48 PM, Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org> wrote: All, A couple IoT consortiums are trying to embrace the improvements made to TLS 1.3 and as they define their new security constructs would like to adopt the latest protocols, in this case TLS 1.3. To that extent, they have a strong need for mutual authentication, but integrity only (no confidentiality) requirements. In following the new IANA rules, we have posted the draft https://tools.ietf.org/html/draft-camwinget-tls-ts13-macciphersuites-00 to document request for registrations of HMAC based cipher selections with TLS 1.3…..and are soliciting feedback from the WG on the draft and its path forward. Nancy, As you say, you don't need WG approval for code point registration as long as you don't want Recommended status. With that said, I don't think this document makes a very strong case for these cipher suites. Essentially you say: 1. We don't need confidentiality 2. Code footprint is important Generally, I'm not very enthusiastic about argument (1). It's often the case that applications superficially need integrity but actually rely on confidentiality in some way (the obvious case is that HTTP Cookies are an authentication mechanism, but because they are a bearer token, you actually need confidentiatilty). It's much easier to just always supply confidentiality than to try to reason about when it is or is not needed. The second argument is that you are trying to keep code size down. It's true that not having AES is cheaper than having AES, but it's possible to have very lightweight AES stacks (see for instance: https://github.com/01org/tinycrypt). So, overall, this doesn't seem very compelling.. -Ekr Warm regards, Nancy (and Jack) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Eric Rescorla
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Eric Rescorla
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] integrity only ciphersuites Mike Bishop
- Re: [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Judson Wilson
- Re: [TLS] integrity only ciphersuites Geoffrey Keating
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Lyndon Nerenberg
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Judson Wilson
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Peter Gutmann
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Viktor Dukhovni
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Judson Wilson
- Re: [TLS] integrity only ciphersuites Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] integrity only ciphersuites Viktor Dukhovni
- Re: [TLS] integrity only ciphersuites Kathleen Moriarty
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Bill Frantz
- Re: [TLS] integrity only ciphersuites Andreas Walz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Richard Barnes
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] integrity only ciphersuites Ted Lemon
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Stephen Farrell
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] integrity only ciphersuites Bill Frantz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Viktor Dukhovni
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Eric Rescorla
- Re: [TLS] null auth ciphers for TLS 1.3? Viktor Dukhovni
- Re: [TLS] null auth ciphers for TLS 1.3? Eric Rescorla
- Re: [TLS] null auth ciphers for TLS 1.3? David Benjamin
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] integrity only ciphersuites Martin Thomson
- Re: [TLS] null auth ciphers for TLS 1.3? Peter Gutmann
- Re: [TLS] integrity only ciphersuites Peter Gutmann
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Peter Gutmann
- Re: [TLS] raw public keys in the wild? Viktor Dukhovni
- Re: [TLS] raw public keys in the wild? Peter Gutmann
- Re: [TLS] null auth ciphers for TLS 1.3? Wang Haiguang
- Re: [TLS] null auth ciphers for TLS 1.3? Bill Frantz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] raw public keys in the wild? Richard Barnes
- Re: [TLS] raw public keys in the wild? Viktor Dukhovni