IETF Logo Mail Archive

Re: [TLS] EXTERNAL: Re: integrity only ciphersuites

Jack Visoky <jmvisoky@ra.rockwell.com> Tue, 21 August 2018 17:34 UTC

Return-Path: <jmvisoky@ra.rockwell.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B493E130F72 for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 10:34:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b5_YbANagFBv for <tls@ietfa.amsl.com>; Tue, 21 Aug 2018 10:34:26 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0608.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe49::608]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D897124D68 for <tls@ietf.org>; Tue, 21 Aug 2018 10:34:26 -0700 (PDT)
Received: from DM5PR2201MB1433.namprd22.prod.outlook.com (10.174.186.154) by DM5PR2201MB1705.namprd22.prod.outlook.com (10.164.253.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1059.24; Tue, 21 Aug 2018 17:34:24 +0000
Received: from DM5PR2201MB1433.namprd22.prod.outlook.com ([fe80::49f1:7875:b984:9a65]) by DM5PR2201MB1433.namprd22.prod.outlook.com ([fe80::49f1:7875:b984:9a65%2]) with mapi id 15.20.1059.023; Tue, 21 Aug 2018 17:34:24 +0000
From: Jack Visoky <jmvisoky@ra.rockwell.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "Fries, Steffen" <steffen.fries@siemens.com>
CC: "ncamwing=40cisco.com@dmarc.ietf.org" <ncamwing=40cisco.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: EXTERNAL: Re: [TLS] integrity only ciphersuites
Thread-Index: AQHUOUQUkJpihrEzjkez1izxv4krA6TKHVCAgAASLoCAAAX/gIAAI7YAgAACPQCAAAJBAIAAA5mAgAALN4CAAAUrgIAABZKw
Date: Tue, 21 Aug 2018 17:34:24 +0000
Message-ID: <DM5PR2201MB143394A86DA30B3A98D4FC3A99310@DM5PR2201MB1433.namprd22.prod.outlook.com>
References: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com> <64d23891-2f32-9bb8-1ec8-f4fad13cdfb9@cs.tcd.ie> <982363FD-A839-4175-BA53-7CA242F9ADA6@ll.mit.edu> <2D7F2926-6376-4B2C-BDE9-7A6F1C0FA748@gmail.com> <5B7C1571020000AC0015C330@gwia2.rz.hs-offenburg.de> <E6C9F0E527F94F4692731382340B337804AEFA24@DENBGAT9EH2MSX.ww902.siemens.net> <A51CF46A-8C5F-4013-A4CE-EB90A9EE94CA@akamai.com> <E6C9F0E527F94F4692731382340B337804AEFB10@DENBGAT9EH2MSX.ww902.siemens.net> <D5FF0E0E-F9C3-4843-AB77-19F45E3C00D5@akamai.com> <8A2746A8-6B41-45C3-9D77-6AF3536C6E2D@siemens.com> <B91DE602-C4C2-4A20-9D18-8AE676D3ED2D@akamai.com>
In-Reply-To: <B91DE602-C4C2-4A20-9D18-8AE676D3ED2D@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jmvisoky@ra.rockwell.com;
x-originating-ip: [205.175.250.246]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2201MB1705; 6:Bb8h78erjHX4NiIvxtgamZsVroOoJBebWG2Tit49I0Yc1n8LS/jrj6QY4D0OzuLs0kNrPcyzn1tTSopmwfd57aKQiHe09jWiPahvavusnlVJ+xI9rRsXPHKouuQieUFlOv0cbWhiIhfkIyXXtJ7yMg6j48n1PdTtUYPJQ3DTNvvbw1CRS1putJ/O2F4wsR2tK+XDLANfvfMiWOFTeJlIj84UJm5/EAJYBE6IuK/qAMs7Rr2kDhKi80J4QSjnT/lLK5MrF05xQ3aJJG90bootRIA+rVWDpNfoFBmvPdg8QC76rVdJsvE07omeKdqFTtPfZOPU/FmHk1hUC/oyZkladInZGoZLqq7KNAp7BsXtNYrK2EPSePdR1eiay8lbPsj2qF2JUC5Vqry1gTGSW72bikPsPVddyIJIScS5bQZPiJc2OINxMocRI7tDAoxp8v2a37sEj9w+Z1OIe3hd+6otkw==; 5:kZTs4yC7YSzo/cpb/DYbcwBNGQtBcu2Sfsf5ahuNtUQdAM+sgmp1NGgn4o8FqlkVyf3cYhLNUXe3P0nlRLIkbAZtepjIZZ3D146PtYCxSG8kvV1o40xeT7eiqqnw6BRtotRY14icWPcQvdlOy+OAl4aL8uI3yeYFUIOGyERZo3U=; 7:0WkYuWQzU09KBHScxySou8FIyO7+4STHV1t7QL6RCaK0q6jdIDT/sr8nw5vc5kIh5eQWPYMqo7myV18N0Mnxy2i1gh4J0Ty/xUqrTv61jbN9SoR1tNAXv/6rMaTvKdAiRMUh5AGE+DlYZsv2GNqD1qvtdp8buu6G7dloZ+mT6IyMUjDWJr5WkU5NczHASDq3CNNlY9qpiaNqZo/m56uDuqb/uljH8na17ITNgXxs1LMLZxyfAw6qHbx3qF0TUQsz
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: cd9dbc38-6d28-4bdd-a619-08d6078c5691
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM5PR2201MB1705;
x-ms-traffictypediagnostic: DM5PR2201MB1705:
x-microsoft-antispam-prvs: <DM5PR2201MB17057CFE0D9BA14059D0820299310@DM5PR2201MB1705.namprd22.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(181554191321653)(126837547833334)(21748063052155)(33711482430040);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231311)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123560045)(20161123558120)(201708071742011)(7699016); SRVR:DM5PR2201MB1705; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2201MB1705;
x-forefront-prvs: 0771670921
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(136003)(366004)(396003)(189003)(199004)(8936002)(66066001)(110136005)(316002)(54906003)(9326002)(93886005)(76176011)(3846002)(6116002)(790700001)(99286004)(26005)(97736004)(478600001)(33656002)(7696005)(74316002)(6506007)(102836004)(186003)(53546011)(19609705001)(14454004)(5660300001)(7736002)(6246003)(486006)(476003)(53936002)(55016002)(446003)(11346002)(256004)(229853002)(5250100002)(86362001)(5024004)(6436002)(54896002)(105586002)(6306002)(2906002)(4326008)(14444005)(25786009)(81156014)(106356001)(2900100001)(68736007)(9686003)(81166006)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR2201MB1705; H:DM5PR2201MB1433.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ra.rockwell.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: HNm5mD4Oph5iBhOBhZgoCdjSpJHiVNrcp1Ix2k9bf2wYmcI/yDYlDP6O1Bpyc+tEY12NYtwvox+9j21zRq7VYLPB9wRNck1pOqaEtnldvcX8lsZGHNotzrWAuFZ+lRrzDJwyOUzJMjF1JEyQEm+j4ooXtcsG9W9O4fKynRI2dx/JkWRsfgNHuAFDE0GnQo5Magozpp/r+EsGIZMmepyQL+gh0S2Ox9jQZxoajbve8lIZZ3IgVJBEBq2dPpWEO1Sz3QqSzIe3ljitI33WLw6oK4fDNAIBVILlt6mC0kTazHexyKKVmkW8ABTVV+nRPzhE+ZI8cN42wV2SDOXntGcUy8TpsfYKTZQC5VnSRZ/NoXE=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR2201MB143394A86DA30B3A98D4FC3A99310DM5PR2201MB1433_"
MIME-Version: 1.0
X-OriginatorOrg: ra.rockwell.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cd9dbc38-6d28-4bdd-a619-08d6078c5691
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2018 17:34:24.7794 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 855b093e-7340-45c7-9f0c-96150415893e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2201MB1705
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZqA-GYXllQTqdensG6hcb9sanTY>
Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 17:34:29 -0000

Hi Rich,

I’m not sure if I’m following the question, but what was meant was that these ciphers are generally NOT used for browser access.  Machine to machine communication usually does not involve a browser.  Apologies if I’ve misunderstood the question.

Thanks and Best Regards,

--Jack

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Salz, Rich
Sent: Tuesday, August 21, 2018 1:12 PM
To: Fries, Steffen <steffen.fries@siemens.com>
Cc: ncamwing=40cisco.com@dmarc.ietf.org; tls@ietf.org
Subject: EXTERNAL: Re: [TLS] integrity only ciphersuites


[Use caution with links & attachments]


Now I think I am as confused as Stephen and others.

One justification was “small footprint.”  But now you’re saying that for debugging encryption (standard?) ciphers are used for browser access?

v2.23.0 | Report a Bug | By Email