IETF Logo Mail Archive

Re: [TLS] EXTERNAL: Re: Authentication Only Ciphersuites RFC

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 26 February 2019 22:20 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D811F1200D8 for <tls@ietfa.amsl.com>; Tue, 26 Feb 2019 14:20:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ibyxPx74R9r for <tls@ietfa.amsl.com>; Tue, 26 Feb 2019 14:20:33 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98CA812D4F3 for <tls@ietf.org>; Tue, 26 Feb 2019 14:20:32 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5CF55BE53; Tue, 26 Feb 2019 22:20:30 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bLAm2cFmcplo; Tue, 26 Feb 2019 22:20:28 +0000 (GMT)
Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 08B92BE4C; Tue, 26 Feb 2019 22:20:28 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551219628; bh=MrianR3BlLz/V6EOvIUTiGbqDS+232bzY5n+o/8uxQM=; h=Subject:To:References:From:Date:In-Reply-To:From; b=pBOu8SoIfG2ifRyvS+HF36/shSl03XRRxAxeoSrww2NiRu/kPsGcOdJIvIld+g0et JU78Vdh+y4qt0Tj+3PX4EC4KYg0+YSFSsCvq4zOJN6J4WaVGhfmdDHUy77KIIt8MeQ Mrdgy1pTvwFyK0Quy9jW4G+R8LPnVw8Kq3AzQ2EE=
To: Jack Visoky <jmvisoky@ra.rockwell.com>, Hanno Böck <hanno@hboeck.de>, "tls@ietf.org" <tls@ietf.org>
References: <BN6PR2201MB1092B0FAD8AB0334CF151996997B0@BN6PR2201MB1092.namprd22.prod.outlook.com> <20190226220335.0d75968f@computer> <BN6PR2201MB1092253ADEAB76CD72B8976D997B0@BN6PR2201MB1092.namprd22.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <2707f00f-70da-f57c-18a3-49b22652adb8@cs.tcd.ie>
Date: Tue, 26 Feb 2019 22:20:26 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <BN6PR2201MB1092253ADEAB76CD72B8976D997B0@BN6PR2201MB1092.namprd22.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="T3c2d8wRLLWftnVz5ApW9nkzvkipPhyuD"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kVcY7JYsJT8gDRK72gK5aoAVEy0>
Subject: Re: [TLS] EXTERNAL: Re: Authentication Only Ciphersuites RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2019 22:20:36 -0000

FWIW I tend to agree with Hanno. Sending this to the ISE is
likely better if an RFC is even needed. We already opened up
the ciphersuite registration process to allow this kind of
thing without the WG having to try (and sometimes fail to)
reach rough consensus on things like this.

On 26/02/2019 21:26, Jack Visoky wrote:
> Hi Hanno,
> 
> We have done tests on this and it there is a difference.  For some 
> industries (industrial automation) throughput is very sensitive so 
> what might appear as a small difference can actually be quite 
> significant.  On that same note, yes you are absolutely correct that 
> the asymmetric handshake is far more computationally expensive. 
> However, this generally happens at the start of a connection where 
> timing is less sensitive.  Once the application I/O is actually
> being sent/received is when the performance really becomes
> sensitive.
> 
> Point taken that the ciphersuites could be used within an
> application where it isn't appropriate, however this would have to be
> weighed against the benefit of industries adopting TLS 1.3 and
> securing the many IoT applications that desire this.

That last appears to contradict the text in the draft itself
that says that these ciphersuites are for niche use cases.

For non-niche cases we really don't want to see use of these
ciphersuites.

Cheers,
S.

> This probably goes without saying but of course the best line of
> defense is to properly design, build, and configure the
> implementation.  I recognize that doesn't completely obviate your
> point but it does seem relevant.
> 
> Thanks,
> 
> --Jack
> 
> -----Original Message----- From: TLS <tls-bounces@ietf.org> On
> Behalf Of Hanno Böck Sent: Tuesday, February 26, 2019 4:04 PM To: 
> tls@ietf.org Subject: EXTERNAL: Re: [TLS] Authentication Only 
> Ciphersuites RFC
> 
> [Use caution with links & attachments]
> 
> 
> 
> I think I have raised my concerns before, but I have serious doubts 
> there's real need for such ciphersuites.
> 
> The reasoning seems to be that performance constrained devices are 
> unable to do "normal" TLS. I don't have benchmarks, but it's my 
> experience that people vastly overestimate the costs of symmetric 
> encryption operations (by far the largest computational cost of TLS 
> is the asymmetric handshake). I wonder if the people who believe
> they need an authentication only ciphersuite ever ran tests.
> 
> I also see a non-neglegible risk in standardizing such ciphersuites.
>  Some implementations will end up adding them and coupled with 
> implementation flaws we may end up in a situation where
> inadvertently insecure ciphersuites are chosen.
> 
> -- Hanno Böck https://hboeck.de/
> 
> mail/jabber: hanno@hboeck.de GPG: 
> FE73757FA60E4E21B937579FA5880072BBB51E42
> 
> _______________________________________________ TLS mailing list 
> TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls 
> _______________________________________________ TLS mailing list 
> TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email