Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
Bill Frantz <frantz@pwpconsult.com> Thu, 11 February 2021 14:55 UTC
Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A2D83A1677 for <tls@ietfa.amsl.com>; Thu, 11 Feb 2021 06:55:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IVmnrkENgxH0 for <tls@ietfa.amsl.com>; Thu, 11 Feb 2021 06:55:32 -0800 (PST)
Received: from elasmtp-curtail.atl.sa.earthlink.net (elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 668623A1675 for <tls@ietf.org>; Thu, 11 Feb 2021 06:55:31 -0800 (PST)
Received: from [66.31.15.242] (helo=Williams-MacBook-Pro.local) by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <frantz@pwpconsult.com>) id 1lADNR-0003d4-Fm for tls@ietf.org; Thu, 11 Feb 2021 09:55:29 -0500
Date: Thu, 11 Feb 2021 09:55:28 -0500
From: Bill Frantz <frantz@pwpconsult.com>
To: IETF TLS WG <tls@ietf.org>
X-Priority: 3
Message-ID: <r480Ps-10146i-B7644173C08B43338EC7C1E5C57FE8C4@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4.3 (480)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79ac135d8e15e28b13591b65dd25c5a14c350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 66.31.15.242
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/r2CBhiH8wSpcFBXFIfpaCEdev6s>
Subject: Re: [TLS] EXTERNAL: TLS 1.3 Authentication and Integrity only Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 14:55:35 -0000
On 2/11/21 at 9:01 PM, rsalz=40akamai.com@dmarc.ietf.org (Salz, Rich) wrote: >>I would just like to recognize that there are some situations where it isn't needed. > >Can you explain why TLS 1.2 isn't good enough for your needs? In my experience, there are many attacks that aren't anticipated by the designers, but are successful. How can anyone know that you don't need privacy? Back in the dark ages, I was working with a protocol which provided the same basic assurances as TLS does: confidentiality, authentication, and integrity. It and TlS also provide some other important assurances, such a one-time, in order delivery, which we also depended on. When we looked at a similar protocol which didn't provide confidentiality, we discovered that there was application level data that needed to be kept secret or the application's assurances would be violated. In all honesty, it's probably cheaper to just provide confidentiality than it is to do the analysis and protocol proofs to show you don't need it. Cheers - Bill -------------------------------------------------------------- Bill Frantz | There are now so many exceptions to the 408-348-7900 | Fourth Amendment that it operates only by www.pwpconsult.com | accident. - William Hugh Murray
- [TLS] TLS 1.3 Authentication and Integrity only C… Ben Smyth
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Ben Schwartz
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Peter Gutmann
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Ben Schwartz
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… John Mattsson
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Stephen Farrell
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Salz, Rich
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Stephen Farrell
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Rob Sayre
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Salz, Rich
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Viktor Dukhovni
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Stephen Farrell
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Benjamin Kaduk
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… John Mattsson
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Bill Frantz
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Ira McDonald
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Eric Rescorla
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Eric Rescorla
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Eric Rescorla
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… Jack Visoky
- Re: [TLS] EXTERNAL: TLS 1.3 Authentication and In… John Mattsson