IETF Logo Mail Archive

Re: [TLS] EXTERNAL: Re: integrity only ciphersuites

Jack Visoky <jmvisoky@ra.rockwell.com> Tue, 21 August 2018 17:02 UTC

Return-Path: <jmvisoky@ra.rockwell.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9F28130F1E for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 10:02:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5p7pNXZXj2yy for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 10:02:27 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0073.outbound.protection.outlook.com [104.47.33.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2140F130EBA for <tls@ietf.org>; Tue, 21 Aug 2018 10:02:27 -0700 (PDT)
Received: from DM5PR2201MB1433.namprd22.prod.outlook.com (10.174.186.154) by DM5PR2201MB1052.namprd22.prod.outlook.com (10.174.186.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1059.21; Tue, 21 Aug 2018 17:02:25 +0000
Received: from DM5PR2201MB1433.namprd22.prod.outlook.com ([fe80::49f1:7875:b984:9a65]) by DM5PR2201MB1433.namprd22.prod.outlook.com ([fe80::49f1:7875:b984:9a65%2]) with mapi id 15.20.1059.023; Tue, 21 Aug 2018 17:02:25 +0000
From: Jack Visoky <jmvisoky@ra.rockwell.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Ted Lemon <mellon@fugue.com>
CC: "ncamwing=40cisco.com@dmarc.ietf.org" <ncamwing=40cisco.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] EXTERNAL: Re: integrity only ciphersuites
Thread-Index: AQHUOV98dXTtnuVz+kOQWLoA1No/8qTKTN5ggAAUxQCAAAYfAIAABF1g
Date: Tue, 21 Aug 2018 17:02:25 +0000
Message-ID: <DM5PR2201MB143387C77C9E9D08134671EA99310@DM5PR2201MB1433.namprd22.prod.outlook.com>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <64d23891-2f32-9bb8-1ec8-f4fad13cdfb9@cs.tcd.ie> <982363FD-A839-4175-BA53-7CA242F9ADA6@ll.mit.edu> <2D7F2926-6376-4B2C-BDE9-7A6F1C0FA748@gmail.com> <5B7C1571020000AC0015C330@gwia2.rz.hs-offenburg.de> <DM5PR2201MB14335F5B8FBF5DC0B64B2AEF99310@DM5PR2201MB1433.namprd22.prod.outlook.com> <CAPt1N1=BLy5Y1Ecf6zPbC0UkXKCeKAavtKs=K5u5pL_a6CPtBw@mail.gmail.com> <DM5PR2201MB14332BE29A418B74DF8E2AD299310@DM5PR2201MB1433.namprd22.prod.outlook.com> <CAPt1N1kBCRw5hES1DA7DDac5GA=LdYeyvyBcaiHOzvsK6ATMyQ@mail.gmail.com> <3e5ce261-bfa9-a543-1824-099599b460d9@cs.tcd.ie>
In-Reply-To: <3e5ce261-bfa9-a543-1824-099599b460d9@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jmvisoky@ra.rockwell.com;
x-originating-ip: [205.175.250.246]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2201MB1052; 6:PE8yGKlnpJSIUPWUrPCQVVMwDstTcEWhva3GLv+UHPa0410LjPm9OUHhoKJ8INu0VxFE+ErCwvyFTQqhpwjGoASXnnCbIWYGFRN93oGNqlz3K9qzyuMJx33j0+7vs+kZzGdsm4IxdMXgvRYxM6MhTKNl/jHmMU2qL17wHOexnDs52rAXFBL+zSXjF00gh98rs8h8/gDqKNZAtxNHAwvAoHeHJGsRMDuA0iwOLEJRCKs5/H7VLq8yioMvaR2lKBLmfyBEuZDYws+YfLq9n48oTzBU5DxPkxpBJQVKNrm9oj5/HQBvIABnp/JBqB4mBV2jFbqBWQIc5iygoNG4sEkW67I476b8UZ/6eXg31TVjV1aVPJ/ucJfzGGoKiy6XoW0kDR40HFBFAR10nHMbYuOlB27rkltLzM5qD0eK1ZevcLXWfHuy4NrKD+ldJvizuGyhp6LxwwvFDVEWDAd5wApxqA==; 5:/4Sgd28+qK7NKce3o5lGb61zoXJQ8K0wi3wZlvxZs8kjZRiZrDkBGU3o9X1O/BxigVmiUXnheEnb/9kzSyGaoWfGGh1xEbadvWkXNYurQGil7MXwwo8GFbhPFga5jsUxmQSdXbjEjrUUw4eLIVvbMUaqz620L/Ro6N1b2AhXiN8=; 7:vSzoTqHK3w3Ph5LcRo/U6KpRSLBK4qoojzmYSGaIoOBRp2/3u/7zNPl2J+BOKI1E4sxMYN2X5kosjF93tyH+YOrAn/xxoJjADK6jqF6FmMe4ZvzKbTVxqY2ktXmWymJ3YT6CBP21CpbpCYoxDQt5D4ovAAtU89j82L8Phgu/gVsIH1NLTREebaLKKNU4GYKRFw+GjXppPP0NFvHmdRro3PkKly+GXsr3cCrySF0il+bsMsMRDUDHkS2xpwXmeiOy
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 820d2319-4b8e-4b9e-ea49-08d60787deb2
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM5PR2201MB1052;
x-ms-traffictypediagnostic: DM5PR2201MB1052:
x-microsoft-antispam-prvs: <DM5PR2201MB1052CF7185DF9B47A493987199310@DM5PR2201MB1052.namprd22.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(32856632585715)(269231077054813);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231311)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123558120)(20161123564045)(201703131423095)(201703031522075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(201708071742011)(7699016); SRVR:DM5PR2201MB1052; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2201MB1052;
x-forefront-prvs: 0771670921
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39860400002)(376002)(136003)(346002)(396003)(199004)(189003)(13464003)(256004)(5250100002)(4326008)(476003)(14454004)(446003)(8676002)(33656002)(25786009)(9686003)(11346002)(229853002)(68736007)(5660300001)(6246003)(106356001)(2906002)(6436002)(110136005)(97736004)(86362001)(3846002)(6116002)(66066001)(81156014)(99286004)(54906003)(53546011)(316002)(296002)(74316002)(26005)(81166006)(105586002)(7736002)(486006)(186003)(2900100001)(102836004)(53936002)(478600001)(76176011)(305945005)(6506007)(8936002)(7696005)(93886005)(55016002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR2201MB1052; H:DM5PR2201MB1433.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ra.rockwell.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: pE7CmF+IODRMiYZGm60kIK5hPND6cE0i/yBtgLMX2i+R3RjyzORmQDgvbwfuy0ABfsodGYj1+q/V91IRjftCvcpSQ0nnJZ6DYHjdt1e+QJAlwH1fRAoYd42XnDsYD4vB5w/u0U+jN+rZkbunXV6C19UVHRnjwBAWLKeredupJlzEcV4ohL+q+uKR47Shrkhv7A3LLzZdu7wsYgigP7WIz+6YzXdMkj9vcHNKI4fJm8mZs/5nISBxQE8S7K7rpPZ3E4UwpbZaz9OPJ8MbsRRUocq3hFkTQJtHwLquv85fsj96L3u/eHvHRQofOheU8FxKHTNzw8P3uYmI111ewH0u4c7Unl64ejtBnqrsMEX6w14=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ra.rockwell.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 820d2319-4b8e-4b9e-ea49-08d60787deb2
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2018 17:02:25.6799 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 855b093e-7340-45c7-9f0c-96150415893e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2201MB1052
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NjlaM6gkQlo4Dujn-4UL7geHcgo>
Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 17:02:30 -0000

We (as well as other vendors) have certainly done testing on this.  We have some products with hardware accelerators and some without, testing has been performed across a wide range.  AES is always an adder when done in software, and in many hardware installations it is still a timing adder (and always a power consumption adder).  Less testing was done with Cha Cha as that was not as prominent in TLS 1.2.

The fact is that for ours and many other vendors devices the encryption is a non-trivial adder for a number of I/O applications.

Thanks and Best Regards,

--Jack

-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
Sent: Tuesday, August 21, 2018 12:38 PM
To: Ted Lemon <mellon@fugue.com>; Jack Visoky <jmvisoky@ra.rockwell.com>
Cc: ncamwing=40cisco.com@dmarc.ietf.org; tls@ietf.org
Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites



On 21/08/18 17:15, Ted Lemon wrote:
> I asked you if you have any specific devices for which this is an issue.
>  Do you?   How did you determine that it was an issue?   Do you have A/B
> testing results on power consumption and/or performance of a null 
> cipher suite versus encryption?

If doing such comparisons, then it's very well worth noting the significant differences between e.g. h/w accelerated AES, vs s/w AES vs chacha. It'd be hard to evaluate claims about difficulty of implementation/deployment without that.

S.

v2.23.0 | Report a Bug | By Email