Re: [TLS] (offline note) Re: Confirming Consensus on supporting only AEAD ciphers

Michael StJohns <msj@nthpermutation.com> Tue, 06 May 2014 16:35 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26CD11A017E for <tls@ietfa.amsl.com>; Tue, 6 May 2014 09:35:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZHgshBNNpu7D for <tls@ietfa.amsl.com>; Tue, 6 May 2014 09:35:44 -0700 (PDT)
Received: from mail-qa0-f44.google.com (mail-qa0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id B5FB81A0189 for <tls@ietf.org>; Tue, 6 May 2014 09:35:42 -0700 (PDT)
Received: by mail-qa0-f44.google.com with SMTP id j7so3118751qaq.17 for <tls@ietf.org>; Tue, 06 May 2014 09:35:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=beQIXPTkYPpOWZUo9HDb1+rsccAwwMRaOKFOKLCAqEQ=; b=SJAiCsOTwvOLAGvNtfRXRk8kxq7PHWO0QNhLwP+gApTIT6w70BiTMTceq/krbLU0Cr tjJ/Zsm7xvEaL3XqTAErlS/gn+EYUTyssexzILlW+SWHMA1WIjNNXrTjwPByKSySL4+y +UkwmD66a9/9gKwL+QAAjZB7iMFdzA/lF7J1TyXF5CT8vjMkjnup80/93Mto3GZXBCop I0sfxJ+ujIMkjPNRjnutM9MLo5oLDOu2SJ4PlelOnk7+swm1qIJAukyIZD13qBlWWXh2 WNO+cAxGfxgOKMRvqf6KFuMikKrvXTG26N1I1S3JxnSiKUj8zCPHoApz1l+Vi7T3XdlC kP2g==
X-Gm-Message-State: ALoCoQkNVxulCrlcrE1y3ZaO/6FC6NHPXWWOo4O7r8AOCYSN0KnJd+J+DqoAi3Tooo3UNZBQXxvq
X-Received: by 10.224.35.209 with SMTP id q17mr57206308qad.9.1399394138802; Tue, 06 May 2014 09:35:38 -0700 (PDT)
Received: from [192.168.1.105] (c-68-34-113-195.hsd1.md.comcast.net. [68.34.113.195]) by mx.google.com with ESMTPSA id z4sm24378286qas.8.2014.05.06.09.35.38 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 06 May 2014 09:35:38 -0700 (PDT)
Message-ID: <53690F62.408@nthpermutation.com>
Date: Tue, 06 May 2014 12:35:46 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: mrex@sap.com, Rene Struik <rstruik.ext@gmail.com>
References: <20140506162032.AEC6A1ACF7@ld9781.wdf.sap.corp>
In-Reply-To: <20140506162032.AEC6A1ACF7@ld9781.wdf.sap.corp>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/a4XLJ_9s3IW-s39UpLRvU0yZF_8
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] (offline note) Re: Confirming Consensus on supporting only AEAD ciphers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 16:35:46 -0000

On 5/6/2014 12:20 PM, Martin Rex wrote:
> I can not correlate your most recent response to the prior question:
>
>> Michael StJohns wrote:
>>> Sorry - I'm coming late here.  Does this also imply the complete
>>> elimination of the integrity only cipher suites?
> I understand this to refer to these cipher suites:
>      CipherSuite TLS_RSA_WITH_NULL_MD5                  = { 0x00,0x01 };
>      CipherSuite TLS_RSA_WITH_NULL_SHA                  = { 0x00,0x02 };
>
> which provide authentication PLUS integrity, but no confidentiality.

That and about 2 dozen others that are WITH_NULL.


>
> Rene Struik wrote:
>> In general, an AEAD mode takes as input two strings a and m and a key k,
>> and authenticates a and m, while encrypting m. If m is the empty string,
>> this results in an authentication-only mode.
>>
>> Thus, AEAD modes can be used to provide suitable combinations of
>> authentication and/or encryption. Examples hereof include the GCM mode
>> and CCM mode.
> Now this seems to refer to an idea to provide only (initial) authentication,
> but no integrity protection of the actual application data (m).

Nope.  AEAD ciphers provide integrity protection across the entire 
message, plaintext and associated data.  So if the message consists only 
of associated data, that associated data data is still protected.

(m) and (a) together are the application data, not solely (m).  (m) is 
just the data to be encrypted.

Mike

>
> -Martin
>
>