IETF Logo Mail Archive

Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites

Eric Rescorla <ekr@rtfm.com> Thu, 11 February 2021 19:51 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC2533A18BA for <tls@ietfa.amsl.com>; Thu, 11 Feb 2021 11:51:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z30a3x5KBwXB for <tls@ietfa.amsl.com>; Thu, 11 Feb 2021 11:51:50 -0800 (PST)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DB4E3A18BF for <TLS@ietf.org>; Thu, 11 Feb 2021 11:51:39 -0800 (PST)
Received: by mail-lj1-x231.google.com with SMTP id a25so8872786ljn.0 for <TLS@ietf.org>; Thu, 11 Feb 2021 11:51:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/9YLBeFi0R5HFtiPm/lO09OLiOQHSxkTufWwngVbmE4=; b=NXiH0+jh/4RupqNkDnbiahrKDxHL6JjbW3vcaeWcE1uazf8zre1tr4ZLckwu0l9IrG P4ouktNpvqAZiKNqrars0aiNjk7ekfa0O4yCHKoOoNZTpIc1uoWfXOMbTMVTWcz94uDr jjjQx4apjb0D6Pl9fMF4Bc6wApgu+k7zZImL/ffXUIYM5tBAlU+5ssNlpYDwLmb+ZXQk HxXAwu2oYM2/p683n16Ljq+mlPFAGZZrhstzQX0OF7sGtqyeli0CVWslAnDZ602cD/FH c51geVEmuo1Jz2VZvtE4vFbtUq57LW9v6qenS33yFyQNuRyAqEJ54wd1d1aatKdtxIOq glcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/9YLBeFi0R5HFtiPm/lO09OLiOQHSxkTufWwngVbmE4=; b=jps4Vqki6Oup5K15zh8+rhSsaStFFPZoBYNmDyQrwTpPJuuWLpvXiy91AhYor2PIBF VrPbEgWc6gA9Ee91BbrxLvjBtuUc+9fCLCzk3g2bXEQiH+FPJ9SdZtpsXSNMWVtzmSMK 2Ev7wCUS+qEDyXKUymm6csqppUpN6KiBPmIDzC5d14gkfWxgX8UatfF6Taez7v7ELWOl hxcDRmxMxpjL2wqtAes81q6RsfBY6aEfVT26Y1hfcOiovpi+iuRXezKKnRVuT7oyW5jm VlSaCmSrTNx5r797DIgWZhefaglTBT3LhDgS9G/saLwrlwzwlVUlxYdfzTLILyOg5phj E2eA==
X-Gm-Message-State: AOAM531kab51YUl4vukuBKuVUMRxGbs/MXNfG5xw+9Bzm1N9E6W/hZyk Sket8SohuQJvo2/Uyt4CDXOMdc6cvsPyRiqsoEnotw==
X-Google-Smtp-Source: ABdhPJzur1WQrSiVkgKcPtBzrAKmmlmWeP25UTL2AGhysArCsk2+T8rtK/o9a5oRwqFq4xAWs0sTvkXQJZVeQi4H27U=
X-Received: by 2002:a2e:8986:: with SMTP id c6mr5892313lji.82.1613073097626; Thu, 11 Feb 2021 11:51:37 -0800 (PST)
MIME-Version: 1.0
References: <D553EA7A-1B49-4A7F-8992-FEEFC4B7C176@ericsson.com> <CABcZeBMvZyuZKoKykR=sXADDP2Pez6yT+FCGg=10++sNj+LC-A@mail.gmail.com> <DM5PR2201MB1643321F09407F251ADC8CFB998C9@DM5PR2201MB1643.namprd22.prod.outlook.com>
In-Reply-To: <DM5PR2201MB1643321F09407F251ADC8CFB998C9@DM5PR2201MB1643.namprd22.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 11 Feb 2021 11:51:01 -0800
Message-ID: <CABcZeBPjTKRE52QsZxAm9NWk_4rrNx583njJ4W-TggTm3SXDyQ@mail.gmail.com>
To: Jack Visoky <jmvisoky@ra.rockwell.com>
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "TLS@ietf.org" <TLS@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fb256005bb14d87c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aGIgJfUbKIf85hA35jpktfKxuYQ>
Subject: Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 19:51:52 -0000

On Thu, Feb 11, 2021 at 11:13 AM Jack Visoky <jmvisoky@ra.rockwell.com>
wrote:

> Hi John, Eric,
>
>
>
> Thanks for the input. We will certainly make some changes to the draft
> regarding the inspection case. However, I can’t support removing the
> performance/latency information completely, as I have heard from those who
> have this very concern. That said, we will edit the language to make it
> clear that this is not true in all cases.
>

Well, the draft just claims that there are latency concerns, but doesn't
present details. If you want to make this case, it would be helpful to
present performance numbers that show that these ciphersuites are
substantially faster than the alternative algorithms (in particular
ChaCha20/Poly1305) which is quite fast on many low end platforms.

-Ekr

v2.23.0 | Report a Bug | By Email