IETF Logo Mail Archive

Re: [TLS] Should CCM_8 CSs be Recommended?

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 13 October 2017 09:49 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D89D0133054 for <tls@ietfa.amsl.com>; Fri, 13 Oct 2017 02:49:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.7
X-Spam-Level:
X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZu5cRxFQ1bB for <tls@ietfa.amsl.com>; Fri, 13 Oct 2017 02:49:16 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E348A1321C9 for <tls@ietf.org>; Fri, 13 Oct 2017 02:49:15 -0700 (PDT)
Received: from [192.168.91.203] ([80.92.116.99]) by mail.gmx.com (mrgmx001 [212.227.17.190]) with ESMTPSA (Nemesis) id 0MS5xC-1dfOOw3Fww-00TBOS; Fri, 13 Oct 2017 11:49:13 +0200
To: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <CA26DC83-9524-4CDA-910A-7FDCBF73F849@sn3rd.com> <4EDF7DF9-D9C9-4A5B-AA9C-5A39823FA250@sn3rd.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <fe9a932f-44fa-a8ba-33f9-db206c242708@gmx.net>
Date: Fri, 13 Oct 2017 11:49:04 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <4EDF7DF9-D9C9-4A5B-AA9C-5A39823FA250@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:S/RcmbNurIjFBLmgqjouoNORi6gHjrwhY4gYJTxRHBo49sNTa67 Z8Js2bhsjRET21WXxDXOzCVx6tZhgrip1eTkVzxHFDVFO5EyGaCicGR//5Fln5LmaWnDglo AhM6WKXpmeMb0S+7PGnhaN85Y6xg4NWVaFQ6/GpK5Ts6xe19wXKi4b1vGxaTsL5GUJTKO+a se54byXHI+uhgg0AMvFzw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:SKS36iBL6iU=:VIiCKXde0b/uqCjw741bNB jxLED3PRfkVeejRpbvh94bbMqQp+aW5jiPS06//9GlVTBnHW71EGEx1Gia6jp/LsZRjrz2Gvp eo+PM803Bd9kLK+ZWOJvL7owFAIUhlAqW37dIt6Mw6fQpx9Goy/bLvkj3GTkLE9pxsAu8lQ1N o70pwTWpv+Oob9F0dh5Poj295CYHz7IosNSHMOUsN49WhjpRob3jj6ywN/n34X4t/WdJVLml6 R0OgY432zYYZXJCFUzTAzwERQTmzw4EXpmGKwQvi4BfjvVCUh/hnkYia3SRgNItlUwm0sy8sA rPWOq4NJ2B8+EbCuGTq9x6m9Hp3m8e3wA0ypkEXlZB1kKvWKuJSZ0IpjmligX2jJzpjxil/t9 jGHVX5Z63eom765Gsr/LIbdS2VbNPIHktgqvayhUSeIuoE7BvUBuH9b/ELSbVKoY9iHb194E9 tPJ+qhYbrhaJeBHXyULE3ybrhyS9++ud9BRhgzHYXpq1l/XYYq23c2Kme1jii8sP4n7ADlXRH SFQd2Zycd7uIidd1cCwoD8R6iAVFywnf6J5LN3M4BxeqvnPm9veY/ZLH6fgsEcBWZPxjdo5AB +eAip5Q7BNvPjBQcLKjV8/yLQeZeJMlC9QZmptnlnw89clsAHOgin4XWptmpBCymrTwSnnR4A gP7wwL9IOdWFgjZbL6cCNDT7lJTS+nL+YeOu8h0EVSYl2iIHGOEXj+r5WZorkW7cWLXM/ipcl Lcj7webjoLD3ARrzjdfCRdF2Q9sYhEGXAp5aOqWtukDfunR8EUq13Kf3rKXFG8JVe00QPMx6t I4X4Dhwn8cIFw9Sf5kezO5zn8dZpdht8+/b0YgOhiw6fJTMhWY=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T_5W4L8qiCK8C1YVufLQvf_C_GA>
Subject: Re: [TLS] Should CCM_8 CSs be Recommended?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Oct 2017 09:49:18 -0000

CCM_8 is used in the IoT space because some SDOs believed that they need
to optimize the transmission overhead. Clearly, this is not meant for
general purpose use but rather for IoT only.

Is it a good idea to truncate the authentication tag? I don't have an
opinion about that but that's what the specifications make you use and
that's also what is now in hardware.

On 10/10/2017 01:05 AM, Sean Turner wrote:
> Anybody else has thoughts on this?
> 
> spt
> 
>> On Oct 3, 2017, at 18:53, Sean Turner <sean@sn3rd.com> wrote:
>>
>> In the IANA registries draft (https://github.com/tlswg/draft-ietf-tls-iana-registry-updates), we’ve added a recommended column to the Cipher Suites (CSs) registry (and some others).  Right now, the criteria for getting a recommended mark is AEAD ciphers with strong authentication standards track ciphers.  While that’s great generally, the list we’ve got five CSs that gave Joe and I pause:
>>
>> TLS_DHE_RSA_WITH_AES_128_CCM_8
>> TLS_DHE_RSA_WITH_AES_256_CCM_8
>> TLS_PSK_DHE_WITH_AES_128_CCM_8
>> TLS_PSK_DHE_WITH_AES_256_CCM_8
>> TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256
>>
>> The CCM_8 CSs have a significantly truncated authentication tag that represents a security trade-off that may not be appropriate for general environment.  In other words, this might be great for some IoT device but we should not generally be recommending these.
>>
>> We’re recommending that these five suites be dropped from the recommended list.  Please let us know what you think.
>>
>> J&S
>> (editor hats on)
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email