Re: [TLS] null auth ciphers for TLS 1.3?
Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Wed, 22 August 2018 08:40 UTC
Return-Path: <wang.haiguang.shieldlab@huawei.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 981C7130EBB for <tls@ietfa.amsl.com>; Wed, 22 Aug 2018 01:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NmXSxYdK22EZ for <tls@ietfa.amsl.com>; Wed, 22 Aug 2018 01:40:23 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F230130E09 for <tls@ietf.org>; Wed, 22 Aug 2018 01:40:23 -0700 (PDT)
Received: from lhreml708-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 23720174F3EC9; Wed, 22 Aug 2018 09:40:17 +0100 (IST)
Received: from SINEML705-CAH.china.huawei.com (10.223.161.55) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.399.0; Wed, 22 Aug 2018 09:40:18 +0100
Received: from SINEML521-MBX.china.huawei.com ([169.254.1.52]) by SINEML705-CAH.china.huawei.com ([10.223.161.55]) with mapi id 14.03.0399.000; Wed, 22 Aug 2018 16:40:14 +0800
From: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] null auth ciphers for TLS 1.3?
Thread-Index: AQHUOX2fzC3N3Ph/eEOQyNJiIP7/k6TKfWWAgADyBgA=
Date: Wed, 22 Aug 2018 08:40:13 +0000
Message-ID: <0AE05CBFB1A6A0468C8581DAE58A31309E0E98A7@SINEML521-MBX.china.huawei.com>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <64d23891-2f32-9bb8-1ec8-f4fad13cdfb9@cs.tcd.ie> <982363FD-A839-4175-BA53-7CA242F9ADA6@ll.mit.edu> <2D7F2926-6376-4B2C-BDE9-7A6F1C0FA748@gmail.com> <5B7C1571020000AC0015C330@gwia2.rz.hs-offenburg.de> <E6C9F0E527F94F4692731382340B337804AEFA24@DENBGAT9EH2MSX.ww902.siemens.net> <A51CF46A-8C5F-4013-A4CE-EB90A9EE94CA@akamai.com> <E6C9F0E527F94F4692731382340B337804AEFB10@DENBGAT9EH2MSX.ww902.siemens.net> <D5FF0E0E-F9C3-4843-AB77-19F45E3C00D5@akamai.com> <8A2746A8-6B41-45C3-9D77-6AF3536C6E2D@siemens.com> <DM5PR2201MB1433B9D7F9AA3B7B688CD33C99310@DM5PR2201MB1433.namprd22.prod.outlook.com> <CAPt1N1mm9FzGknCUTOVZH_S=AsjutXS8qM7Ksa8xWwsSKKAgAg@mail.gmail.com> <EC6705A4-A6CB-45B4-B006-FC0AE42FA6DD@dukhovni.org> <CABcZeBO8tBN4a4SZirxbwNdRyep705dNgGZiuKydg=xu1JT_uQ@mail.gmail.com>, <3321850E-D95E-457C-A574-2A1A3F7AC06C@dukhovni.org>, <1534902946308.39422@cs.auckland.ac.nz>
In-Reply-To: <1534902946308.39422@cs.auckland.ac.nz>
Accept-Language: en-SG, en-US
Content-Language: en-SG
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.165.94]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rTXWrbZf4CYnxFEHZFyxvn8Jyqk>
Subject: Re: [TLS] null auth ciphers for TLS 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Aug 2018 08:40:26 -0000
Hi, all. Regarding the raw public, I would like to contribute a few words for you to think about it. Raw public key is useful for IoT networks due to the constraint of bandwidth and processing capability of devices. A normal certificate takes about a few hundred bytes while an raw public key can be less than one hundred bytes. The raw public with TLS can be used together with EAP framework to perform mutual authentication between device and server, i.e. raw public key with EAP-TLS. It not only saves transmission bandwidth, but also simplify the implementation at device side. Currently we are collaborate with some leading telecom operator on a solution of using raw public key with EAP-TLS. However, with the normal raw public, the server side need to maintain a table that maps the public key and identity at server side, which can be huge. To solve this issue, we are investigating of using identity-based cryptography (i.e. ECCSI in RFC 6507) to eliminate the huge mapping table. So far it looks good. Authentication for IoT could be another huge usage scenarios for TLS, it is expected to have more than 50 billion iot devices deployed in the next 10 years. It is good opportunity to extend the usage of TLS. Currently, 3GPP has already enable the support for using EAP-TLS in the 5G neworks. Please find the most recent 5G security specification http://www.3gpp.org/ftp/Specs/archive/33_series/33.501/. It has been specified in the Annex B. We hope the scope of raw public key with TLS can be extended in the future. Regards. Haiguang Wang ________________________________________ From: TLS [tls-bounces@ietf.org] on behalf of Peter Gutmann [pgut001@cs.auckland.ac.nz] Sent: Wednesday, 22 August, 2018 9:55:47 AM To: <tls@ietf.org> Subject: Re: [TLS] null auth ciphers for TLS 1.3? Viktor Dukhovni <ietf-dane@dukhovni.org> writes: >I've not yet seen raw public key support in any mainstream TLS libraries, >though admittedly my focus is primarily on OpenSSL. Do any of NSS, GnuTLS, >BoringSSL, LibreSSL, ... support raw public keys? I've never seen it either. My code does actually support them, but not in the way you think, for devices that don't have the ability to deal with certs there's the memcpy()-into-send() certificate implementation I've mentioned before, you memcpy() a pre-encoded cert chain onto the network, and for receiving memcpy() the data in and pick out the SPKI. So in effect it's raw public keys, but to anyone watching it looks like it's certificates. There are other embedded implementations that do this too, it's a pretty obvious optimisation (in other words I'm not trying to claim credit for inventing it). >We'd need to invent some sort of special X.509 object that holds only a >public key, but behaves in some sensible way when used with functions that >expect X.509 certificates. That's exactly what my code does, but with certificates (CONFIG_USE_PSEUDOCERTIFICATES). So there's no need for raw public keys, you just treat certs as raw keys and everything works the way it already does with certificates. Is there any known actual use of raw public keys for TLS? Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Eric Rescorla
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Eric Rescorla
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] integrity only ciphersuites Mike Bishop
- Re: [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Judson Wilson
- Re: [TLS] integrity only ciphersuites Geoffrey Keating
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Lyndon Nerenberg
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Judson Wilson
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Peter Gutmann
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Viktor Dukhovni
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Judson Wilson
- Re: [TLS] integrity only ciphersuites Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] integrity only ciphersuites Viktor Dukhovni
- Re: [TLS] integrity only ciphersuites Kathleen Moriarty
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Bill Frantz
- Re: [TLS] integrity only ciphersuites Andreas Walz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Richard Barnes
- Re: [TLS] integrity only ciphersuites Stephen Farrell
- Re: [TLS] integrity only ciphersuites Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] integrity only ciphersuites Ted Lemon
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Stephen Farrell
- Re: [TLS] integrity only ciphersuites Fries, Steffen
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] integrity only ciphersuites Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] integrity only ciphersuites Bill Frantz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Salz, Rich
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Ted Lemon
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Jack Visoky
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Viktor Dukhovni
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Eric Rescorla
- Re: [TLS] null auth ciphers for TLS 1.3? Viktor Dukhovni
- Re: [TLS] null auth ciphers for TLS 1.3? Eric Rescorla
- Re: [TLS] null auth ciphers for TLS 1.3? David Benjamin
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] integrity only ciphersuites Martin Thomson
- Re: [TLS] null auth ciphers for TLS 1.3? Peter Gutmann
- Re: [TLS] integrity only ciphersuites Peter Gutmann
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Peter Gutmann
- Re: [TLS] raw public keys in the wild? Viktor Dukhovni
- Re: [TLS] raw public keys in the wild? Peter Gutmann
- Re: [TLS] null auth ciphers for TLS 1.3? Wang Haiguang
- Re: [TLS] null auth ciphers for TLS 1.3? Bill Frantz
- Re: [TLS] EXTERNAL: Re: integrity only ciphersuit… Nancy Cam-Winget (ncamwing)
- Re: [TLS] integrity only ciphersuites Nancy Cam-Winget (ncamwing)
- Re: [TLS] raw public keys in the wild? Richard Barnes
- Re: [TLS] raw public keys in the wild? Viktor Dukhovni