IETF Logo Mail Archive

Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites

Bill Frantz <frantz@pwpconsult.com> Thu, 11 February 2021 14:55 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A2D83A1677 for <tls@ietfa.amsl.com>; Thu, 11 Feb 2021 06:55:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IVmnrkENgxH0 for <tls@ietfa.amsl.com>; Thu, 11 Feb 2021 06:55:32 -0800 (PST)
Received: from elasmtp-curtail.atl.sa.earthlink.net (elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 668623A1675 for <tls@ietf.org>; Thu, 11 Feb 2021 06:55:31 -0800 (PST)
Received: from [66.31.15.242] (helo=Williams-MacBook-Pro.local) by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <frantz@pwpconsult.com>) id 1lADNR-0003d4-Fm for tls@ietf.org; Thu, 11 Feb 2021 09:55:29 -0500
Date: Thu, 11 Feb 2021 09:55:28 -0500
From: Bill Frantz <frantz@pwpconsult.com>
To: IETF TLS WG <tls@ietf.org>
X-Priority: 3
Message-ID: <r480Ps-10146i-B7644173C08B43338EC7C1E5C57FE8C4@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4.3 (480)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79ac135d8e15e28b13591b65dd25c5a14c350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 66.31.15.242
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/r2CBhiH8wSpcFBXFIfpaCEdev6s>
Subject: Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 14:55:35 -0000

On 2/11/21 at 9:01 PM, rsalz=40akamai.com@dmarc.ietf.org (Salz, 
Rich) wrote:

>>I would just like to recognize that there are some situations where it isn't needed.
>
>Can you explain why TLS 1.2 isn't good enough for your needs?

In my experience, there are many attacks that aren't anticipated 
by the designers, but are successful. How can anyone know that 
you don't need privacy?

Back in the dark ages, I was working with a protocol which 
provided the same basic assurances as TLS does: confidentiality, 
authentication, and integrity. It and TlS also provide some 
other important assurances, such a one-time, in order delivery, 
which we also depended on. When we looked at a similar protocol 
which didn't provide confidentiality, we discovered that there 
was application level data that needed to be kept secret or the 
application's assurances would be violated.

In all honesty, it's probably cheaper to just provide 
confidentiality than it is to do the analysis and protocol 
proofs to show you don't need it.

Cheers - Bill

--------------------------------------------------------------
Bill Frantz        | There are now so many exceptions to the
408-348-7900       | Fourth Amendment that it operates only by
www.pwpconsult.com | accident.  -  William Hugh Murray

v2.23.0 | Report a Bug | By Email