IETF Logo Mail Archive

Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites

John Mattsson <john.mattsson@ericsson.com> Wed, 10 February 2021 09:14 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC33F3A0F3D for <tls@ietfa.amsl.com>; Wed, 10 Feb 2021 01:14:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.351
X-Spam-Level:
X-Spam-Status: No, score=-2.351 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P7HrmSEvUDBC for <tls@ietfa.amsl.com>; Wed, 10 Feb 2021 01:14:44 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80050.outbound.protection.outlook.com [40.107.8.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 088F03A0F46 for <TLS@ietf.org>; Wed, 10 Feb 2021 01:14:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bln6OHoeGTZdS05NFFdCHwE+eGrVmackXxFGCYi4rwg4zqBd2uTZrlY/JwboPLYR24BJApx8OJBOryMmhvW2jquEAxdv/D+F/TjuzSR53bEjSTywlWdNhB68kgE2/W5klzRGZquIQwE3abp2sORnuO+ByItMl+fcZsqtufD4OygWaBy9yeJBjjGL1l1J8/JcnP0infDvfqQNF/P6eSDekaobc30xiJaVuGKAPpgLXM45nkftXo6aWqj/BUtHbDeA9j2+tzVDWTuC4lqUoK3bnhDRXkPghMY6o/1GPDMkVGd333/KcKtAbBggfoxO/ZZEhwXBzvivaPIqMsFnKijWQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ibeMCynFdm66d6YSNy6mVmOEa0BtfNaBZHCQ9A+UGbk=; b=f7CvIouTi4nhkLhfqw6UK7L2hL5wJM9w42Fs5OdNpMWPQLgs5Blo6ASkogvsLgy29nw/lYiwPFeQ8FwalHqTGm12GBwRzBqjOtwUfc+DPDc58hfb6VRLmfziD3UmCDNQTejPpPz3NyRbmDYPOO8YG7u/+Llv8GqE5uazZhkLYhBfz/PSgEbCxM4oM2OoyN08bKGvc/rBmZf+EzQCCkxO9vtUDXLRcCrfE34F/Gf2woaMMBpIlmCWDkWcmVDD77iHGH8hkCaVJV8Di5Amat7N4WOIq5g/+uMx7KGYWVPesQz2N0th57qS0F2eONF/pemJwqwq5CmDNluOBh6dnB2kJQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ibeMCynFdm66d6YSNy6mVmOEa0BtfNaBZHCQ9A+UGbk=; b=TFhiRXXO7h3mbfBQf5BsvDbWdzg1isYKbR1qh9/zsqGaqWcttZvweyThGmep68w/RRU1tV5CRVHonBQwtsJ1ds8ZmicNQP2Klw+m7zHALPVDTd2LlzNGK6PBmKBAyUWESp/t2j4G9VNQVnxUfp7u95rkqhWL0QLdkyxX542GdcI=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2938.eurprd07.prod.outlook.com (2603:10a6:3:4b::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.11; Wed, 10 Feb 2021 09:14:39 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c555:6e47:970c:1268]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c555:6e47:970c:1268%11]) with mapi id 15.20.3846.027; Wed, 10 Feb 2021 09:14:39 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "TLS@ietf.org" <TLS@ietf.org>
Thread-Topic: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
Thread-Index: AQHW/40oXImahIMe80u/3S9Krmf96w==
Date: Wed, 10 Feb 2021 09:14:39 +0000
Message-ID: <378F0459-19FB-4A38-83E0-85024AF42237@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 01e51468-8eb1-49b2-126b-08d8cda44b2d
x-ms-traffictypediagnostic: HE1PR0701MB2938:
x-microsoft-antispam-prvs: <HE1PR0701MB2938670BB9105232C26C0669898D9@HE1PR0701MB2938.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2Kbn0i2KSR5dvUjUo4cvIyyKmWBc2fO9AoxmQU6n4R6iieN7rLtbzX5tXMrwLgaHq6gtkHn93hjECgFVYnpb1LbvU7fmrxZUSyC0Ccjovikposeocd+sC2SRnkqBjpPTAC1lUw1jiKVyjG+NiVSowKNF0PT8zaMA9plkmUY3HOhFw6X+m6xLDn0DjtbGs1MCVTbtpB0hE9vzpastVcWhxVP7eawKGu7ReKTBN3dB4xcUnPSAGCtguY0ebY3k8y1iF4UNJ83yj4o2Cw/NfKJ95VIjpbGk3akTlU8xeDceCRF3A6Mzx2KfeZ6rR0nrEQxBLOCLI24IPOJGKNFKihDJP3c1Oq4ZMzjCiJnfEy022jCF9g5JjM5DA1sbZDYq6wOo6Ij4DynGUyqP1ArHzpQ2ZmdJE7teVddlLZjs1R1afGFamqVZI4CXaUkH5gZdQwEvGib7dtmY439ouXxZ/O2GtnJDSSJdS2GF1LOaRZGNRicZoaeiIJHGXtzkj8jg6vNOQUTegFdOGRVY0yK1+kL/YR339MTOltLk1FB48gzHrS1KFiuOS2GQePtS1cj3agwsw2FrJv8BR+Kc0uufikgERQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(396003)(376002)(39860400002)(136003)(86362001)(83380400001)(33656002)(8676002)(66556008)(66946007)(66476007)(66446008)(64756008)(71200400001)(5660300002)(478600001)(76116006)(2906002)(6916009)(186003)(26005)(6506007)(8936002)(6486002)(6512007)(36756003)(44832011)(2616005)(316002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: g2CQtQulfCe3qVbp34cv1JdnF0KfLlgVUnlLT6pXTlvfbileayHXlg0ssazOAa4t9KzNedxoatUf6YZ3B7Hznnhh+d8shStxNV2gN0ZbGtrul/LXz19ZnY69DVZfaKzGr99FAWQWFuj0bVq9Gg5ZBev3Y6u6Wnh2orSAL1UKtH81h4J7XcLFFimTn7rT/TtNWtFGnUU5fzKiwCczKAa7Z5yBThcHTKmFVF1lu6AQfBc4GOHVGkl+kZWMotmGxD/HY4mQ6rbcZaznxPU3dWnYFVXx9d0KhblDKgVDWsclWik6ajh5OudmFV6GS2/wLCe0pIMNizqFFBWnID/l67+bTWFJXsvRvW/V0tJEvI6ppDe5dWm1k5LIvGRrXsdySU9+GWO/m3ck2CJmEp6URWfJUpkOewhlDEzyl1KDhVzxN+BpLA5Cu7Ejw32CfxeRsMsPyNtirWVRoOtmb6l+eC1IksZwRvyqMdDwOj+G5p/ki64f9Uj8OADSE0ed8hWJft1SMbAyqjnZKcKAtD3N//3kvqV2Ax11vvd8MwZrVDGP1JiFZ2At0cKkUbRI2uHlVXotEYLuumr6ws2S+qknprdvYH1YZPMOl06jWwdcKUkF5jP43jtdd0DGqCOPSfPPeStsFhZWFkX8hp6nhIAnuicwW2ffSPePt0n+V/qeE2PPNd77GUgb2ztt7iHgRDFS7mf55p5Xz7esrDs8XtTLVXOUGfqiaTtJrYV2PJpMPjkw39LGDcuhgkx4YRAPCAprnWwPC8Nnc+s+lve6mL+4KHUGQZDI5lkKZTIlf9Vf166vWhd5GUYALy+9S1eoIGza8Ew+Czin54cGWfKsf0fCxahx6URWaj55uw3yePwx7EphPb41VByVrFdfI2Owt5FFqGf097rHZS/VvxTwzFZbKKSaOxsmfvpv/LJvgswfXqercGzTGMbk9fXpA8/fVsKl7Qo1zEnK6F8JzwXwaWmtXqixa/Y0n/CxOoHdW3aY7xHPhZRqGaHoxatFbIawkFPToNFpFWyhMztxc3S6I50zNFDQn6wmSZ70Ll18xtrAE+DkxgMt76vVRJRIHwDxsmVFRMtyAkaQvG7k2WDnouCVPwUyT/vUDelldln667+Ig2byizA4+/vMKwAhr3aYRpdY2pS1AD3y+Q7TwVY60wnmAIGovb1CxgpiPz9zCUkNejuE/IovJBeBUlRGX4jO9UNsk4hBcy/pMe8nizYjcSHY0oGbn5IWKgnHrWiHVsHtPSa182k4RTcTrTCKVAHcjD3ui+R4uN43GHjFSeHuOIrz2TOOx7yW7wL8sdcFWOVnWSfkyyDJFU2W9lIljaDWtLyvClQn
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <E25B86E4FA2D6C42837479CDC28484D2@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01e51468-8eb1-49b2-126b-08d8cda44b2d
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Feb 2021 09:14:39.1221 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dfVYE602CZjVh509BseOUnct+ubPV8MZImwMLj+NrHHGP4rdQHLUiSS80P2UabxLgfqYxVfrs1ptlD8roRIoFoAl++aKDtkS/f0cEKo9SYQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2938
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gpOnSHnWFwpKUT56RsTpZqfVJyk>
Subject: Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2021 09:14:46 -0000

Hi,

- The draft has a lot of claims regarding benefits:

  "strong requirement for low latency."
  "minimize the cryptographic algorithms are prioritized"
  "important for latency to be very low."
  "pay more for a sensor with encryption capability"
  "come with a small runtime memory footprint and reduced processing power, the need to minimize"
   the number of cryptographic algorithms used is prioritized."

  I don't think this draft should be published as long as it gives the idea that sacrificing confidentiality has significant benefits for latency, memory, processing power, and cost. This is in general not the case.

  The two cipher suites TLS_SHA256_SHA256 and TLS_SHA384_SHA384  defined by the draft causes much more message expansion (32 and 48 bytes tags instead of 16 or 8 bytes) than the already registered cipher suites for TLS 1.3. In many IoT radio systems with small frames this will leads to significantly increased latency. I think that needs to be mentioned.


- The draft has ridiculous amount of sentences saying that confidentiality is not strictly needed.

  "do not require confidentiality"
  "privacy is not strictly needed"
  "no strong requirement for confidentiality"
  "no requirement to encrypt messages"
  "no need for confidentiality"
  "reduced need for confidentiality"
  "confidentiality requirements are relaxed"
  "do not require confidential communications"
  "does not convey private information"
  "without requiring the communication to/from the robotic arm to be encrypted"
  "doesn't grant the attacker information that can be exploited"
  "no confidentiality requirements"

  It would be more honest if the draft simply stated that "the are use cases that require visibility". If visibility is not a requirement for the use cases, I think IETF could help you to standardize SHA-2 only cipher suites offering confidentiality.


- The draft mentions that the security considerations regarding confidentiality and privacy does not hold. The draft does not mention that it breaks one of the stated security properties of TLS 1.3, namely "Protection of endpoint identities". This is actually quite problematic. EAP-TLS 1.3 relied on this stated TLS 1.3 property to be true. 

John

v2.23.0 | Report a Bug | By Email