Re: [TLS] Support of integrity only cipher suites in TLS 1.3
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 06 April 2017 14:07 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B5FB129415 for <tls@ietfa.amsl.com>; Thu, 6 Apr 2017 07:07:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WXyqvQ2l9VoV for <tls@ietfa.amsl.com>; Thu, 6 Apr 2017 07:07:57 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BD57127333 for <tls@ietf.org>; Thu, 6 Apr 2017 07:07:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1491487677; x=1523023677; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=3qfwf7jyzWCR/3zKkESTOgalI3iYLj/hKe7HUuVwa7w=; b=LIEY8SlwOc/l8YXY4UUyJYguvuNENbczNtwpQW+m/V0dUbaFkJwxm9/L C393LYw+4SGacSw5MilXL8RUgz9otLYQ5LoW1JD6wj4QLTJO+LDrFbYUL qhXMlkshJ8xJQhqLlnjLBYxDIcOgJrOCumjayk9j5GVfZww2p/D2TJd1X SR1suu9fn//CMewOVuBUtn9MC/OeUMsWUHI+1pmSG7Bnmt4Tw+NHuUCzs fd6O3AQ14++8eDC/UqfpvlaVwB02pFmGssmB5pTYuu3q6ycVdfEqOL7Zu xCUnl03w2dxpnmqnetMKRz3yJsCaCCpglS9eSIVgSpqZ60E6WYjBeriZY Q==;
X-IronPort-AV: E=Sophos;i="5.37,160,1488798000"; d="scan'208";a="148271843"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.5 - Outgoing - Outgoing
Received: from uxcn13-ogg-d.uoa.auckland.ac.nz ([10.6.2.5]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 07 Apr 2017 02:07:55 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.25) by uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.25) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 7 Apr 2017 02:07:55 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Fri, 7 Apr 2017 02:07:55 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "Fries, Steffen" <steffen.fries@siemens.com>, "Salz, Rich" <rsalz@akamai.com>, Hanno Böck <hanno@hboeck.de>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Support of integrity only cipher suites in TLS 1.3
Thread-Index: AdKsldO7ZRItAwyZRXCzcLu6YsWN5QAY08wAADSTLYAAAA5OgAAf1GcAACUJ6FU=
Date: Thu, 06 Apr 2017 14:07:54 +0000
Message-ID: <1491487656110.54778@cs.auckland.ac.nz>
References: <E6C9F0E527F94F4692731382340B337847DB9A@DENBGAT9EH2MSX.ww902.siemens.net> <20170404180838.08ca99cc@pc1> <E6C9F0E527F94F4692731382340B337847F4BE@DENBGAT9EH2MSX.ww902.siemens.net> <6ebe1d10b1e8447999f5db2311ec6197@usma1ex-dag1mb1.msg.corp.akamai.com>, <E6C9F0E527F94F4692731382340B337847FB32@DENBGAT9EH2MSX.ww902.siemens.net>
In-Reply-To: <E6C9F0E527F94F4692731382340B337847FB32@DENBGAT9EH2MSX.ww902.siemens.net>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aDufd6oK1pgYrYsVj6UCDNOAYc0>
Subject: Re: [TLS] Support of integrity only cipher suites in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 14:08:00 -0000
Fries, Steffen <steffen.fries@siemens.com> writes: >One concern is that once in a while the support for TLS 1.2, e.g., in common >browsers will run out and the devices need to be upgraded to support >different versions of TLS to cope with different security policies. But well, >this is likely to be the fate for every long lasting equipment. I don't think you'll need to worry about that for a long time, if ever. The 20-year-old SSLv3 has only recently been killed off and that had some pretty serious security issues. TLS 1.0 devices will be around for years, possibly decades, and TLS 1.2 even longer. Like HTTP 1.1 (vs. HTTP/2), TLS 1.2 could well stick around forever. Peter.
- [TLS] Support of integrity only cipher suites in … Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Harlan Lieberman-Berg
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Hanno Böck
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Salz, Rich
- Re: [TLS] Support of integrity only cipher suites… Eric Rescorla
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Fries, Steffen
- Re: [TLS] Support of integrity only cipher suites… Kyle Rose
- Re: [TLS] Support of integrity only cipher suites… Peter Gutmann