Re: [TLS] Should CCM_8 CSs be Recommended?

Benjamin Kaduk <bkaduk@akamai.com> Wed, 18 October 2017 19:23 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 805E513321F for <tls@ietfa.amsl.com>; Wed, 18 Oct 2017 12:23:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tmY29hYF68dv for <tls@ietfa.amsl.com>; Wed, 18 Oct 2017 12:23:22 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFF28133011 for <tls@ietf.org>; Wed, 18 Oct 2017 12:23:22 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v9IJLVoX008488; Wed, 18 Oct 2017 20:23:20 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=jan2016.eng; bh=HKxwZvTBagE70VNxBBcGfNrkPKobealo5fZuWzTxkEc=; b=ZMDmwNWXGcO6LiVkNgrAfV4LDUZc2x3syb8KH/UYFLh3t/V496dHLKT9vV8ZLhRzjTTB NPVqtlQ0ljX6l5nlchu4dOQ+4QWRqYyTE/XgtajhRifBxQ7yiGmAGWk45QVvPWlS8iTZ 72WFVfgasy0LDE72L+y/5zxrhQa2oQF/g8R2TPy4mMgHYyiawi8MAUSXwcrqkC75072Q Hdox9Haye6yWL/pcuZ9FDO+NoRH/e91q55usMEmGgilw8QBo6vg9ycmO8Ixg1grAhGC5 62FYSODeellx+dyoXIuC7puH1n86NQVlvRxK/FIO6jvVJOjN2k8JBsuFhbXKEgWszoJP Fw==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by m0050102.ppops.net-00190b01. with ESMTP id 2dngqcmqd3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Oct 2017 20:23:20 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id v9IJLRjQ026677; Wed, 18 Oct 2017 15:23:19 -0400
Received: from prod-mail-relay11.akamai.com ([172.27.118.250]) by prod-mail-ppoint1.akamai.com with ESMTP id 2dkdwud0pf-1; Wed, 18 Oct 2017 15:23:19 -0400
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id 80B8A1FC8B; Wed, 18 Oct 2017 19:23:19 +0000 (GMT)
To: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <CA26DC83-9524-4CDA-910A-7FDCBF73F849@sn3rd.com> <4EDF7DF9-D9C9-4A5B-AA9C-5A39823FA250@sn3rd.com>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <09e8dfa7-2e27-b14b-2354-d6132cc03113@akamai.com>
Date: Wed, 18 Oct 2017 14:23:19 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <4EDF7DF9-D9C9-4A5B-AA9C-5A39823FA250@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-18_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710180268
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-18_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710180268
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PamIOmxjVHbFAwf2cd4FAIfj78Q>
Subject: Re: [TLS] Should CCM_8 CSs be Recommended?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2017 19:23:24 -0000

I agree with "everyone"; it seems like these fall into what "not
recommended" is intended to encompass.  I don't have a preference for
whether there's an extra annotation about IoT usage.

-Ben

On 10/09/2017 06:05 PM, Sean Turner wrote:
> Anybody else has thoughts on this?
>
> spt
>
>> On Oct 3, 2017, at 18:53, Sean Turner <sean@sn3rd.com> wrote:
>>
>> In the IANA registries draft (https://github.com/tlswg/draft-ietf-tls-iana-registry-updates), we’ve added a recommended column to the Cipher Suites (CSs) registry (and some others).  Right now, the criteria for getting a recommended mark is AEAD ciphers with strong authentication standards track ciphers.  While that’s great generally, the list we’ve got five CSs that gave Joe and I pause:
>>
>> TLS_DHE_RSA_WITH_AES_128_CCM_8
>> TLS_DHE_RSA_WITH_AES_256_CCM_8
>> TLS_PSK_DHE_WITH_AES_128_CCM_8
>> TLS_PSK_DHE_WITH_AES_256_CCM_8
>> TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256
>>
>> The CCM_8 CSs have a significantly truncated authentication tag that represents a security trade-off that may not be appropriate for general environment.  In other words, this might be great for some IoT device but we should not generally be recommending these.
>>
>> We’re recommending that these five suites be dropped from the recommended list.  Please let us know what you think.
>>
>> J&S
>> (editor hats on)
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls