IETF Logo Mail Archive

Re: [TLS] Authentication Only Ciphersuites RFC

John Mattsson <john.mattsson@ericsson.com> Wed, 27 February 2019 12:23 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54AD1130EB8 for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 04:23:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=BWdpaRxg; dkim=pass (1024-bit key) header.d=ericsson.com header.b=G4qcsSVp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LI7r76Il8Jtl for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 04:23:24 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 950EA130EB4 for <tls@ietf.org>; Wed, 27 Feb 2019 04:23:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1551270201; x=1553862201; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=G+Hh4Zqyztj6Vu/6HKLwkL7+/1RmUSFLbwJ27JvM3U4=; b=BWdpaRxgFY3QAb7IJYtWUseO97epNdP/Ow04CktWy1CaBcwQb/GZoJ37P39wz7NM SK6oq9sUjhJp0Nr6KfIfTpqt12/Dc8VUhzsZjwqEM9V95RHWWwX1lBLz0P4k07tV 6uWhE3l+RBGTPc+ABS2RDNENYRlwrL67xTMbAAghj3g=;
X-AuditID: c1b4fb30-f93ff7000000355c-94-5c768139c193
Received: from ESESSMB503.ericsson.se (Unknown_Domain [153.88.183.121]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 05.24.13660.931867C5; Wed, 27 Feb 2019 13:23:21 +0100 (CET)
Received: from ESESSMB502.ericsson.se (153.88.183.163) by ESESSMB503.ericsson.se (153.88.183.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 27 Feb 2019 13:23:21 +0100
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB502.ericsson.se (153.88.183.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Wed, 27 Feb 2019 13:23:21 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G+Hh4Zqyztj6Vu/6HKLwkL7+/1RmUSFLbwJ27JvM3U4=; b=G4qcsSVpqtLug2RV6bqDpS1Io+ybX0/jtpVKnwN8NatpXE/kb0kDl04CDdLrmr9oC3wnGGv4tOkCO/PVD76dvIdhwBoCLQfrCk5F526Mis6PkaPL/iRRzHn04S8PCSDKtWbwFFiuZoK0comf1vcvGG6LBdlj9p9IAkfQhPKi3bg=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.166.22) by HE1PR07MB3484.eurprd07.prod.outlook.com (10.170.247.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.5; Wed, 27 Feb 2019 12:23:20 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::49f9:ba7d:bd7d:2ffc]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::49f9:ba7d:bd7d:2ffc%5]) with mapi id 15.20.1665.012; Wed, 27 Feb 2019 12:23:20 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Tony Putman <Tony.Putman@dyson.com>, Jack Visoky <jmvisoky@ra.rockwell.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Authentication Only Ciphersuites RFC
Thread-Index: AQHUzpc5W2pxSTaBS0OsWyhr6Jy/Mw==
Date: Wed, 27 Feb 2019 12:23:20 +0000
Message-ID: <C75F0D18-90FB-46F2-80EB-850DF3C76607@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.0.190211
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.92]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0c183cdb-3ae8-45cd-7567-08d69cae5c11
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB3484;
x-ms-traffictypediagnostic: HE1PR07MB3484:
x-ms-exchange-purlcount: 2
x-microsoft-exchange-diagnostics: 1;HE1PR07MB3484;23:4mznz/UKxlnqC+aUiIwiHFM+jcKzNqUnMqP6xRXwxkxuk/KiRKtcrQo+eeqUB8Q1w8rsaNgBEFRfAXpEtJSqhWxD7TOH+15mZ79tXkTuPk2xX0W1Jh3IBhOpa2nneJqfRZ9CckT8nv3mtmD3YqOE0zHvPUe3gBfcG459ffPGVSxhvvDqc1WPyLip63ZxLHZygQYktyNl/NolatKHmZPgSGIUuZYDo8lNp0HZTPrYit9LAQQY8/HJtxPNJKwSc3td1mO36JbMgGJOYgLh+U3bT54efqqODpYEi+8GLqjbd/vQ6ynjq3a3DlXxFC8XxgDKsRL9pMLdSnt/gBGQ7NN4ZIq2EeFF2b+q9YIhRuzN0FaQo3rhKlvLfQPNhLSNNZRdMSR2EO2iqhbMFHjN6SZC7gJqhLLRJrLeX7kHadIPe0JboMA0y5MlnpcS6dVzpepYC63f8lBbfV1qd1HvaP0rsMl1YRqUMbNIasVV5kuKYli3NawdIKC3IsJTcHaIVJjldn85zemKrHvWQll7ssUEt2SdVFCpQbNbSsXxheeCvheXkyzfyZXR3ifdKxE6Gk0gRDHdEbsXDTrRVKDtprUwBPUOHy+vZNDMHteBTErry0jvVz20zd32I2gRIAVNrSIra4hAqHpN5Qo6nZtEHYmLRMhV846HSh+MPBIn/289euDzinwzlRfm+xMTpzC5KVvaseaTdAOdY+9nF7rm+hDs6Y8mC16GcmNMEUgVDIcOCAtJkMq6DfkC1cLjMpxphBPyg4WUPAnC1fnrXp1G1KTiGiHIhjn6FFwB3SJtFZxczoJCYq2vNRCeuZYexTskJFgCzJHcbM4r/prChhvos454n0nV8nalq/DySzYyuSxG4uKNdL0jV/vjTBCu8171yhO6oAPVM+GgLio6zu0/yQjUsNzgmtAWzTX3NaeTiyIuvCnlrXqMMkJ5zU5mIINmHOrO/HDDysGPNU1TTogp2kw4pRAYMkQndmMIBDp18gBVVze5OJrWAcTLG1WngzDfmtCh9jkWCLoJj+kcst4k2v1P5krw1Xq5NEnrQ4+1QT6enLGNEY8b4sPKVukqJ9tJSBVt1X+044UuuxS7HFMCgHKKqXZbKXlfIcduDi9U4CpQtr5nXZdVjQkQv+duW7qyMmsmLowso34sSqmIkqYmKrFtl9H6N6DdkrLvKOagzZ9iFS+IWEK9NMQtsGGShTlCXyHQ6AlybRxdXA/Y/0RrXn4eqjyVzLFH+gppSIi6S7oRa+sHnSVzgnqCzokAZd9bdnT4SlHf3WqVwoRgLu3EuzsDR/D2gAWURGeVua8RmiHIzmmR6iDPoE81tIBh1+NfjF4HuvUQJiJiPYWwRgIPtkHh0Q==
x-microsoft-antispam-prvs: <HE1PR07MB34841CAEA907FF2370CA84B589740@HE1PR07MB3484.eurprd07.prod.outlook.com>
x-forefront-prvs: 0961DF5286
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(366004)(136003)(39860400002)(376002)(189003)(199004)(33656002)(44832011)(5024004)(14444005)(256004)(105586002)(54896002)(6512007)(236005)(6306002)(478600001)(53936002)(6246003)(14454004)(106356001)(97736004)(2906002)(316002)(6436002)(6486002)(606006)(66066001)(966005)(486006)(476003)(110136005)(83716004)(68736007)(71200400001)(5660300002)(58126008)(71190400001)(81166006)(2616005)(81156014)(102836004)(6116002)(4326008)(790700001)(186003)(3846002)(8676002)(36756003)(99286004)(7736002)(25786009)(6506007)(53546011)(8936002)(86362001)(26005)(229853002)(82746002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3484; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: FTcV+fEwPert01JePzk3f6zC4eEjohAqGJrMwZPtGO3FL6dO040rHfKwAv+Ce2aFbcS+AYUC8cIfjHWpIlfr1pPISbhRtlop5NmdWG0xn5xXWGUvhMuIkod2zutSaLXWc/MG3Ze66ue8f+Ug5xuel8SccYjItcXsHYjxAi53OtEFI2I+QLzhPYIzId4nU8yK0WcjoLwJ4ZzdzJR3itEt6/N31cdoLfDBOrkPx2Nm2B2w3QtXjI+kvxsvruonqfDzkg3FB6fXidLcBmVzUqgnQDPK9ZTeXTzl5bCzoBs4EcJUuxZwhSuR1PelJTXtQA0lHisEQ3mcYBZetNJ/GDxly2ObXvbw1mO18eSRooGLWZgJcGxEbsQrPYHsMm9+T1lbcwRgBIwpk9JHMW64T8SzLgqXyX1qREt9x9ZHslUKmAI=
Content-Type: multipart/alternative; boundary="_000_C75F0D1890FB46F280EB850DF3C76607ericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 0c183cdb-3ae8-45cd-7567-08d69cae5c11
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2019 12:23:20.0643 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3484
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hTYRjHe3fOtuNw9Xp0+WQWuhJKvCdkZJrRBwmkEunGukw96HBuutlI oXKQCoo3lMS5acYoM8WlxaS84DBBSSQRRUWlTVIp8vJBkUTa9i7wy+H3vP/fed7zPByGYof4 AYxCVcBpVHKlVCCiG+9YC8Mv6HWyKP3gubjF1mVh3NZEOYqzfligL1PJtt1dXrLZ7Hz09wwI blD3RPGZnFKh4zSRCY9E2Y6+ESqvuQo9KbPa6WLUU47KkRcDOBbaulf55UjEsHgYgcWywnMF LN5GMLqVQgIzD8pa9LSroHENBfqBYgFJ6ngw92IXkcKOYPrrGO16X4CjwNTnsrwYP3wTuseN lIspHAzrk81uxxefh4V3VRRx4uDL+ktEOAIMn9rc30HjEPi1NO/uI8aJ0O8wux2Ej8LOWAeP 9PSHueUWHhkIg7lvgiIsgTXHPt/FEhwJXcvER/g+lJQ08IkTBHuTdgHhEzDZUuFZTAoMDiy6 pwQ8i6DK2Oq5IBRmmqeEhANgx7EpJFIHC6WjI56uOfC63uIMGCcHwkZ1CHH2+VDRPY7Ihjl4 21mCalCY4cAQhDNguvYnZXAP7QOjjcu0wdmKwmeh63OkwbPH+oofQsJnoMRo8nAyTBnqhAed V4hpRxItp03PzYqJieA0igytVq2KUHEF3cj5Yw19/BvVi9ZWkmwIM0jqLQ7U6GQsX67TFuba EDCU1E9c6ToSZ8oLiziN+qHmsZLT2tBxhpb6i/dYHxmLs+QFXA7H5XGa/ymP8QooRmnvS7nh jd7nq1f6fDLRd98076Btvg6KVGNJXY7mUzPTaWxH9YMEZaKpQXY4/mI+m99zZPbZ0rTXn07G cm0z+lhjeurp6+mKk1fTQ/jhpm9qfXvLreDfA29sh5Kanvbn2Ttm0lKaYs1BlZK7tWqBMZWd X+paTRgOvn3JulUnDpPS2mx5dCil0cr/Aaw5CO5UAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/abA5jAgxwCu_PCFpEbU2MbSoWSE>
Subject: Re: [TLS] Authentication Only Ciphersuites RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 12:23:27 -0000

Hi,

The document repeats the requirement of low latency several times. It would be interesting to know which platforms/networks/deployments you have in mind. My understanding is that HMAC-SHA-256 only have better latency than AES on a little bit longer messages where the larger block size matters. Short messages are common in many IoT deployments. Looking e.g. at the benchmarks at https://bench.cr.yp.to for "armeabi; Cortex-A5 (417fc051)" on 64 byte messages, SHA-256 alone requires significantly more cycles than AES-GCM for 64 byte messages.

Cycles/byte for 64 bytes
86.14     86.73     93.59     sha256

Cycles/byte for 64+0 encrypt
24.20     24.20     24.34     aes128gcmv1

On more constrained processors such as the Cortex-M0, AES128-CCM also seems to have lower latency than HMAC-SHA-256 on short messages (37677 cycles vs. 48924 cycles) https://github.com/ctz/cifra. On longer messages, HMAC-SHA-256 likely have lower latency (https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-2015/documents/presentations/session7-vincent.pdf). Note that this pdf shows timing for SHA-256, not HMAC-SHA-256.

Increasing the tag size from 8 bytes (CCM_8) or 16 (GCM) to 32 or 64 may also increase the latency as these additional bytes have to be transmitted.

/John

From: TLS <tls-bounces@ietf.org> on behalf of Tony Putman <Tony.Putman@dyson.com>
Date: Wednesday, 27 February 2019 at 11:17
To: Jack Visoky <jmvisoky@ra.rockwell.com>
Cc: "TLS@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Authentication Only Ciphersuites RFC

I take no position on whether this is a good idea or not. Regarding the draft itself, I was expecting to see a clear definition of the integrity check computation in terms of an AEAD-Encrypt computation.. Something along the lines of:
  AEAD-Encrypt-HMAC(write_key, nonce, additional_data, plaintext) =
    plaintext || HMAC(write_key, nonce || additional_data || plaintext)

In particular, AIUI, nonce must be included to prevent replay attacks. Also include N_MIN = N_MAX = 8 bytes.

-- Tony

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Jack Visoky
Sent: 26 February 2019 20:54
To: tls@ietf.org
Subject: [External Mail] [TLS] Authentication Only Ciphersuites RFC


TLS Colleagues,

If you recall we discussed a draft for authentication only ciphersuites over email back in August of 2018.  We've since made some updates to that draft.  We also have gotten IANA assignments to the authentication only ciphersuites for TLS 1.3 and have updated the draft to reflect the new assignments.

To that extent, as the IoT community is looking to adopt these ciphersuites, we would like to solicit review of the draft:



    https://tools.ietf.org/html/draft-camwinget-tls-ts13-macciphersuites-02



and request that it be published as informational draft given that the IoT forums are looking to adopt its use and the draft can serve as the guide for use and interoperability.

Thanks and Best Regards,

--Jack (and Nancy)



Dyson Technology Limited, company number 01959090, Tetbury Hill, Malmesbury, SN16 0RP, UK.
This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please immediately and permanently delete it, and do not use, copy or disclose the information contained in this message or in any attachment.
Dyson may monitor email traffic data and content for security & training.

v2.23.0 | Report a Bug | By Email