Re: [TLS] EXTERNAL: Re: integrity only ciphersuites
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 22 August 2018 02:52 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63263130DE6 for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 19:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xWsSpFTwsD2Q for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 19:52:01 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F3B8130DE2 for <tls@ietf.org>; Tue, 21 Aug 2018 19:52:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1534906321; x=1566442321; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=nN4ZnXtoVbGayg69VKopHLUYG82F+fr4SZ4mDeiC86I=; b=2NcoYh2UZTj6GncQbkZ68LirDvq3j7EVwwUJs+oMhjD34hVoogjj9ZxH bnyJvGgPsCDNk7yW4DWwP8kEL3Pp4fVvNm38pCqtFHQUFPDZb+pGH7k7T 3/37JhFadIK92X1f9GA5Cap9zNZE/2G9ZS9GVW4fFkZgXtu+TLNd2CxUI hSZy+X4tN7BJpWzOQZzHygpuK5WgduhsLOB1k+FFbRhjWaX1uBmfBdKp9 tMtiNPd1zQPJSNVXLzWLl7t5cQ34emrUOkcOHkLgX4AZGLNIB4yykoXUD TsEO8YWS8RouLcQP3A4DQKSlIDlyYhd1AiwSpKD2mn8+oCvEoR9/PVQPj Q==;
X-IronPort-AV: E=Sophos;i="5.53,272,1531742400"; d="scan'208";a="27497271"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.4 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-tdc-c.UoA.auckland.ac.nz) ([10.6.3.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 22 Aug 2018 14:51:58 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-c.UoA.auckland.ac.nz (10.6.3.4) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 22 Aug 2018 14:51:57 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1263.000; Wed, 22 Aug 2018 14:51:57 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Jack Visoky <jmvisoky@ra.rockwell.com>, "Salz, Rich" <rsalz@akamai.com>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "Fries, Steffen" <steffen.fries@siemens.com>
CC: "ncamwing=40cisco.com@dmarc.ietf.org" <ncamwing=40cisco.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] EXTERNAL: Re: integrity only ciphersuites
Thread-Index: AQHUOXVWYE9NHymwGkOkdCwKjbQlv6TJsXmAgAADowCAAV3txw==
Date: Wed, 22 Aug 2018 02:51:57 +0000
Message-ID: <1534906315720.1588@cs.auckland.ac.nz>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <64d23891-2f32-9bb8-1ec8-f4fad13cdfb9@cs.tcd.ie> <982363FD-A839-4175-BA53-7CA242F9ADA6@ll.mit.edu> <2D7F2926-6376-4B2C-BDE9-7A6F1C0FA748@gmail.com> <5B7C1571020000AC0015C330@gwia2.rz.hs-offenburg.de> <E6C9F0E527F94F4692731382340B337804AEFA24@DENBGAT9EH2MSX.ww902.siemens.net> <A51CF46A-8C5F-4013-A4CE-EB90A9EE94CA@akamai.com> <E6C9F0E527F94F4692731382340B337804AEFB10@DENBGAT9EH2MSX.ww902.siemens.net> <D5FF0E0E-F9C3-4843-AB77-19F45E3C00D5@akamai.com> <8A2746A8-6B41-45C3-9D77-6AF3536C6E2D@siemens.com> <B91DE602-C4C2-4A20-9D18-8AE676D3ED2D@akamai.com> <DM5PR2201MB143394A86DA30B3A98D4FC3A99310@DM5PR2201MB1433.namprd22.prod.outlook.com> <E8FA8D6F-871F-4BC8-A6A9-13291251442A@akamai.com>, <DM5PR2201MB14331CB8DFA008037C716C4099310@DM5PR2201MB1433.namprd22.prod.outlook.com>
In-Reply-To: <DM5PR2201MB14331CB8DFA008037C716C4099310@DM5PR2201MB1433.namprd22.prod.outlook.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VcTK7V1X5GYE49laI2CoZusiICE>
Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Aug 2018 02:52:04 -0000
Jack Visoky <jmvisoky@ra.rockwell.com> writes: >What we did in ODVA was to add TLS (and DTLS in some cases) to protect this >communication. What about using LoRa security? That's actually a really nice design for a lot of SCADA environments (particularly for something that came from a behind- closed-doors background), and not tied to LoRaWAN in any way. In particular they took a complete-infrastructure view, not just "we'll specify the crypto, the rest is someone else's problem", e.g. the concept of device <-> gateway and device <-> application security, OTA enrolment, etc. If you're doing M2M then you don't need TLS, just use LoRa. Peter.
- [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Eric Rescorla
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Eric Rescorla
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] integrity only ciphersuites Mike Bishop
- Re: [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Judson Wilson
- Re: [TLS] integrity only ciphersuites Geoffrey Keating
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Lyndon Nerenberg
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Judson Wilson
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Peter Gutmann
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Viktor Dukhovni
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Judson Wilson
- Re: [TLS] integrity only ciphersuites Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] integrity only ciphersuites Viktor Dukhovni
- Re: [TLS] integrity only ciphersuites Kathleen Moriarty
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Bill Frantz
- Re: [TLS] integrity only ciphersuites Andreas Walz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Richard Barnes
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] integrity only ciphersuites Ted Lemon
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Stephen Farrell
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] integrity only ciphersuites Bill Frantz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Viktor Dukhovni
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Eric Rescorla
- Re: [TLS] null auth ciphers for TLS 1.3? Viktor Dukhovni
- Re: [TLS] null auth ciphers for TLS 1.3? Eric Rescorla
- Re: [TLS] null auth ciphers for TLS 1.3? David Benjamin
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] integrity only ciphersuites Martin Thomson
- Re: [TLS] null auth ciphers for TLS 1.3? Peter Gutmann
- Re: [TLS] integrity only ciphersuites Peter Gutmann
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Peter Gutmann
- Re: [TLS] raw public keys in the wild? Viktor Dukhovni
- Re: [TLS] raw public keys in the wild? Peter Gutmann
- Re: [TLS] null auth ciphers for TLS 1.3? Wang Haiguang
- Re: [TLS] null auth ciphers for TLS 1.3? Bill Frantz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] raw public keys in the wild? Richard Barnes
- Re: [TLS] raw public keys in the wild? Viktor Dukhovni