IETF Logo Mail Archive

Re: [TLS] EXTERNAL: Re: Authentication Only Ciphersuites RFC

Jack Visoky <jmvisoky@ra.rockwell.com> Wed, 27 February 2019 17:05 UTC

Return-Path: <jmvisoky@ra.rockwell.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0D52131068 for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 09:05:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ra.rockwell.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRhQv5t8eqhI for <tls@ietfa.amsl.com>; Wed, 27 Feb 2019 09:05:12 -0800 (PST)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-eopbgr690049.outbound.protection.outlook.com [40.107.69.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23EDB1310CA for <tls@ietf.org>; Wed, 27 Feb 2019 09:05:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ra.rockwell.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=as2wFEQDpwjhIZJjtQ1qSr6GS+w7AlUQuB+0YuJmSzQ=; b=KQ5TVRvIuU8stin8SA+IEqmb1uc2dbkJTXgE6xqyhyb/aaGo2kbAkhZ/Sr3iGoG9sFRPJsJdqQ+RFXUFneuay9eWvdN22O4bU7etfWCfymsWu4/GwQunTXxvCaTeCwCpdYll4mZEDyPy5itPAldnrY+FrlAXZ0NI2vM+/ZUvFM4=
Received: from BN6PR2201MB1092.namprd22.prod.outlook.com (10.174.88.29) by BN6PR2201MB1186.namprd22.prod.outlook.com (10.174.85.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.15; Wed, 27 Feb 2019 17:05:10 +0000
Received: from BN6PR2201MB1092.namprd22.prod.outlook.com ([fe80::dd5e:b340:8fa8:b113]) by BN6PR2201MB1092.namprd22.prod.outlook.com ([fe80::dd5e:b340:8fa8:b113%5]) with mapi id 15.20.1665.015; Wed, 27 Feb 2019 17:05:10 +0000
From: Jack Visoky <jmvisoky@ra.rockwell.com>
To: David Wong <davidwong.crypto@gmail.com>, Hanno Böck <hanno@hboeck.de>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: EXTERNAL: Re: [TLS] Authentication Only Ciphersuites RFC
Thread-Index: AdTOFIIaiE+qoBOKQdSotuuQ5A30qAAAjqKAAAPYEoAAJhYTEA==
Date: Wed, 27 Feb 2019 17:05:10 +0000
Message-ID: <BN6PR2201MB109206A76E8A3B14C3DDA9C699740@BN6PR2201MB1092.namprd22.prod.outlook.com>
References: <BN6PR2201MB1092B0FAD8AB0334CF151996997B0@BN6PR2201MB1092.namprd22.prod.outlook.com> <20190226220335.0d75968f@computer> <CAK3aN2rQS4f4XafS7JFF6YPDsKbCEwoRktWfP4M=YNGVTr7_-w@mail.gmail.com>
In-Reply-To: <CAK3aN2rQS4f4XafS7JFF6YPDsKbCEwoRktWfP4M=YNGVTr7_-w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jmvisoky@ra.rockwell.com;
x-originating-ip: [205.175.250.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0e2d5f78-d2f3-4531-fb90-08d69cd5bb63
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4618075)(2017052603328)(7153060)(7193020); SRVR:BN6PR2201MB1186;
x-ms-traffictypediagnostic: BN6PR2201MB1186:
x-ms-exchange-purlcount: 3
x-microsoft-exchange-diagnostics: 1;BN6PR2201MB1186;23:7/U3JHCSVgxDAnWIJoTpCAoVm49aEyAhDz/J6KuD9SlX7BpWmReKR18rb0y+Myrh8ZLnDuVjPUhyB641FplCLzKsNwn014ZOYqKTBwjwJO8znqcVWP44+ZUToLbvheue0spDdBaLg54LtlIjuDEvWTCrxwTCDd71MLB9uQiXKl1FuggpbcExA1UAvitdtUQy5ilVBikUqP8u1CgDJwH9pxMhDvzJUXIATJFynkmQEFLfSEBlDSaXb5FmNtGAJU2JRmR08Sv1f+8MoZmaekUSwSMyBRpkGEMB+FvUa1S+W7AiYkHoJ1H9Vpf9HLDBMmFbh30uZRCkZE/Wv620ul1Ww4uxZAkiZdEHpb6EYXa7YlWxeRYhcl2SExElO8a6n8eeZqHBuC3hCc5N4f3CVuzFIPE7ZFd+pou80v00r6nJeSMmTsoHnMBy+rVnDGMYYwFcKO2UF80DHBI7yhn+zM27GsDk08vpHIjZQcNBcdQnNfg6XADr3h6Jf75Dm8oiqUMwOOxpeajD6dp+otQyDfwHQfN6qS8mGGEaIXUpsEpLkglFrWVEAvBsc/brANxIY346TjQuuWI6D1D4SyyOPCJsGcr/6OJdMXyGGsBqXnlCoxFsP2StOMVtGU4n2ieFrhpprM4X4mVpQCLVDLjqFKFzdMzoBOl3ge0Z7hsAqOS3tjk7ts2TI057vFPWJfH37n4a/WX961mv2fVMJdlHG7p+wB6up1XcIvg85cQzhYh7Mp1HqMQ0dIr36rx7TYVxgMAzogIqFh4hWj0kVtdCk/xwZ4Iz2RUfhNkZs/NR/NqrqR/F2eF1o8obnvVlC/3ueJpiNA+XcHvyZSkvFLow4RiBRu0UdF0fWcdzzaW9q0AKHQNQkx+ayQtcTV6f8w30GZj+10mVFxZ/Na4AH0OjbYXJn5H9CFxmMZbzTSeqNVFxvgiSOwdW/kkBSYnjWzbNWwiryzzAbx4SzpJtLc47CLcQ15TT4RItf/SCy4qj4+rTXieap12VytTL+MrRrEJ0ULXYjJ1Vpbh/wjDuxIjJdMFe9zhjCWjpdkfAjtnrId0tijwuy6+9cMJVpJDaU0qRcIGgDqXIUqO1k8EYPrY4imiyGGCiHWOt1+YGBfbh0yN+G3iRbJXi9FZXFMgwfn5kYrfF54cCs20FiVR1jR+e0UlVwI0euDyVJ8EWqjYDKY6pgW7CLkzrUkXEvEN4l3iZ70ZFB+Vq0+/kwKV+2G0F9Htzc4sttZX3JJmaVZneArML+FXBaRT9AcvwbtC5KQkn6kpGEEdrVz069f1thkR6E8pmYto/kMeLNwEeY+M+tKpAg+JfcEJIauJ6DTc97Ec/e68sOSWiNTiv4dU48K9tHpXQ1g==
x-microsoft-antispam-prvs: <BN6PR2201MB11862CB3B40593E3A799829699740@BN6PR2201MB1186.namprd22.prod.outlook.com>
x-forefront-prvs: 0961DF5286
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(396003)(39860400002)(376002)(136003)(346002)(54094003)(189003)(199004)(13464003)(33656002)(6436002)(6246003)(105586002)(5024004)(14444005)(86362001)(25786009)(229853002)(256004)(106356001)(4326008)(99286004)(110136005)(7696005)(76176011)(8676002)(81166006)(81156014)(74316002)(305945005)(7736002)(8936002)(53936002)(316002)(68736007)(9686003)(55016002)(6306002)(14454004)(478600001)(97736004)(966005)(66066001)(3846002)(6116002)(2906002)(476003)(446003)(486006)(66574012)(11346002)(71190400001)(71200400001)(186003)(26005)(102836004)(5660300002)(53546011)(52536013)(6506007); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR2201MB1186; H:BN6PR2201MB1092.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ra.rockwell.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: QcR8Q3YYRo7zFGwnftgWNqmS0D6vQySaQpJ3uwcbu+Wf9NKblfKVtdyKzKnyGuuRwfeDII6XFO9+8eXyAAXga1l7TjEckJQVs9kT4hCrc8IwogQyoPbgK6rz2nqceIVayhpU4sFCrUsEAcYVbolxyiFXES9AAUwvAim4FqWotLUv/wJalVvZek+s+/zkoMAmcP9mfcuEi6/mHKpMm8+UvKeQXDLqj1VQ28bqeWrxbbKlZZkLHNeqTubk0xx3fChr+K5rkgKFHkiTPEvLrKdP6HtF8vhXDsQgSuv7RXateOblh6JwKdLfSKNjZvQnngMer6a5Dt0cWJAU6iZS3STGWODxb/1iRYotwfqKPxoiad150m1pMe56oirEcSZwWQ4uQ/VylbdD55KoCUCLubD8+pyni67Z5x900JG0n/jYLQo=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ra.rockwell.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0e2d5f78-d2f3-4531-fb90-08d69cd5bb63
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2019 17:05:10.4071 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 855b093e-7340-45c7-9f0c-96150415893e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR2201MB1186
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6h_4YgaTK_6b-XziWcbTK2mWPMY>
Subject: Re: [TLS] EXTERNAL: Re: Authentication Only Ciphersuites RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 17:05:21 -0000

Hi David,

Thanks for sharing this, although the strong preference is to use standard TLS for securing the communications.

Thanks,

--Jack

-----Original Message-----
From: TLS <tls-bounces@ietf.org> On Behalf Of David Wong
Sent: Tuesday, February 26, 2019 5:54 PM
To: Hanno Böck <hanno@hboeck.de>
Cc: <tls@ietf.org> <tls@ietf.org>
Subject: EXTERNAL: Re: [TLS] Authentication Only Ciphersuites RFC

[Use caution with links & attachments]



Shameless plug, but have you looked at constructions like Disco
(https://eprint.iacr.org/2019/180) that target specifically this issue?

David


On Tue, Feb 26, 2019 at 10:04 PM Hanno Böck <hanno@hboeck.de> wrote:
>
> I think I have raised my concerns before, but I have serious doubts 
> there's real need for such ciphersuites.
>
> The reasoning seems to be that performance constrained devices are 
> unable to do "normal" TLS. I don't have benchmarks, but it's my 
> experience that people vastly overestimate the costs of symmetric 
> encryption operations (by far the largest computational cost of TLS is 
> the asymmetric handshake). I wonder if the people who believe they 
> need an authentication only ciphersuite ever ran tests.
>
> I also see a non-neglegible risk in standardizing such ciphersuites.
> Some implementations will end up adding them and coupled with 
> implementation flaws we may end up in a situation where inadvertently 
> insecure ciphersuites are chosen.
>
> --
> Hanno Böck
> https://hboeck.de/
>
> mail/jabber: hanno@hboeck.de
> GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email