Re: [TLS] Use-case for non-AEAD ciphers in network monitoring

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 17 May 2021 20:48 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D5663A449B for <tls@ietfa.amsl.com>; Mon, 17 May 2021 13:48:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dj6C_qnyvI3A for <tls@ietfa.amsl.com>; Mon, 17 May 2021 13:48:16 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2114.outbound.protection.outlook.com [40.107.20.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 753713A4469 for <tls@ietf.org>; Mon, 17 May 2021 13:48:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hj931a9t7uIYpLTaEvU9dVzBQyGodCv/+dOf+Du8HYjVEssv08YNxTFSqty8s6QodaRbU/AamZgEmZmDenYPtSo5NW1GThdBAV+zrfzW0Bs3jKR8AgptzBwqOYxI2T6CZJsb5q38eLTwRTJO/vC7acm+hhq5S7vCiHOdVFdoee3sbFOzn+vQvDrL2BtNS8SngdkaXr+mN9x+Py92fEo8wRmPYS4fUa5iYFbIAedWep/ffErplI7Rr6MVCktFFvwTEnhSkOdPi/n8gT/NIgsZgJD69zkqFnSGabV3aLI26df5Dyv58N3PO4vuVskFflXvRWZhigdEvO4nW/nZGxQRrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AasabBUkwrzOPAeIE/N/DTEPvbezECA0lzn+TLvSIjQ=; b=aiFPRJcC29w1va4uEOstaG9Jj9DBTemrg5+3HGWn8X1Q5KKW/Yg/2xTc9pXxlaOCUlwUEls/gLwo2hb/8mZWzrjJpOahRCChkLHUlp2KHHXtT8kods2FI0TuiH9T2stVOCoIGJ9iAbTG5W4UBMnoyjOaCXYCJ0ofxWgohB7o9H5DxUrxFy6HWDGRihvNubsxqP4ijCM2o34T8MdyZcZXZwk/Y14Lx14xpX7+zHCuEF08RbnrHUroflW9xAo/dkRWvBdfJw87cF8ybysZMkeGRkjHeFOaOMsTtJJKFSaCHZGxsEzuUFEbyQlVc2N42h+bjc6VgmV9VRZLtdoUj4A/og==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AasabBUkwrzOPAeIE/N/DTEPvbezECA0lzn+TLvSIjQ=; b=DqPjzstPzQ8czb7MXJZ9HbpRJvGZgVMdpJBpl8JjThVZzQ/tgMfgWUsniPC7b+/uNmmhADz0y+Mn3+xpLK/0pLYEpARE5Y11KuuM1buqgrWaBGKK+EMt845J3BABu86F2IWiELfN0RKh52ZTHOPJMPSXNlj7CjP1ktT/n60T1tczLBRS1+QR3/N3jN6FIcqC7sSKTR5Gyz+qarBFzTpdRxJ08flPDkCfB4PUcgYA/Y6ZhgcS83LQl0yyrMGU8YeXb93wLSllhDkPu2AH7eV6ox/dfKR29MAZeJWiaVzQB1pFOaR4KnFY1L1nGoTwjmLz6DE3e2IzwuXI5pVRafeWnA==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB6PR0201MB2232.eurprd02.prod.outlook.com (2603:10a6:4:46::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.25; Mon, 17 May 2021 20:48:11 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849%6]) with mapi id 15.20.4129.031; Mon, 17 May 2021 20:48:11 +0000
To: Darin Pettis <dpp.standards@gmail.com>, Eric Rescorla <ekr@rtfm.com>
Cc: tls@ietf.org
References: <b084b7a8-80a9-c7d9-fca7-dabb12ad6949@informatik.uni-hamburg.de> <CABcZeBNQRYwyFmwSwnGMXjN-U8UuDHdJCYpg_=YVqfYrRFFByQ@mail.gmail.com> <CAEMoRCuhMPVe=3cT10mgPAjTXNwnsZ2xkiFVL2qtmrbFsz6JVg@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <0fc98cd5-ab73-d284-82c3-677a32828fda@cs.tcd.ie>
Date: Mon, 17 May 2021 21:48:09 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
In-Reply-To: <CAEMoRCuhMPVe=3cT10mgPAjTXNwnsZ2xkiFVL2qtmrbFsz6JVg@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="RyGSYPyKOY5uIFY8IYfQ1wafPazyIpR7n"
X-Originating-IP: [2001:bb6:5e5e:b458:9857:4061:85c6:bd59]
X-ClientProxiedBy: LO4P123CA0062.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:153::13) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:9857:4061:85c6:bd59] (2001:bb6:5e5e:b458:9857:4061:85c6:bd59) by LO4P123CA0062.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:153::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25 via Frontend Transport; Mon, 17 May 2021 20:48:10 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 31dd16ec-3dd1-4696-adb2-08d919751519
X-MS-TrafficTypeDiagnostic: DB6PR0201MB2232:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB6PR0201MB2232CDC6316192088AAA2B82A82D9@DB6PR0201MB2232.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:983;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: fjHNaAzVMJCAIEdcOkhYV8QzfkgBftBnVfgbRMCoqSEyThYpD/1AiT5MakchxI4vY4gmStWIwYVpg5kH77W0xz6hMhBvus1A4OokJNiMt9SjoZ2Pxof9nPzb5eL8ZQYb1Fu5DoycD1+PnEAfIrXpCgEir48pYy1j6dHYgYcDKQnLaiDARK/v3+0CgQ3krponr4iENuoJgv0XR493FYyIzRU3QibpNVxtEv6UD5yaD+Q5+VL7zwG2Lrrmt4z9rHKLBi4+MnEvp9ewl/p49ohEmp3Msg8LxBy1vY4e2HBbuAPm09v8TZR0BLiArfdf1jj8Q7Ajkeqj74So/f7V2o5UvXgZtBxoPVa5d80LoHVZO1u7lAIyQbM4MRyc0S1+dJSy9RHUso/yWfGZI+Q7VLTLWlO8dLtl2+famDBoAjmlxRUy7Pd+phDdvXawDtqOeh/tn4lPjzh/V/W0SEiRpQXvnpD5zAcjNmcEHeqeXfNjN7LVu5Ni+nhkf9jLv3HIdxtzTIid9LEA48HOQmXObx+9Jr1rYc0okFUj/PnuwZSim4AoqRN9UYeEJBAtPyxOgVU97Sby00zbDBGx7TdmLjI9rOwtFr7TEBTZ0+KxmHk/IjI1Q9J2Txa1alS5FCxQ2ff0jW7E2Owm38+AhsCZszv/ZSzDBeM4FDBIJMwzb1MHPENPdS3TofkFXLRRFU5JSVdM
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(376002)(346002)(39860400002)(396003)(53546011)(110136005)(478600001)(86362001)(786003)(2906002)(316002)(2616005)(33964004)(52116002)(8676002)(4326008)(31696002)(21480400003)(186003)(16526019)(66476007)(66556008)(66946007)(38100700002)(6486002)(31686004)(5660300002)(44832011)(66616009)(83380400001)(8936002)(235185007)(66574015)(36756003)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?eEpRaXQ3N3A3SEVVRkpRWDNNN2xKejhSelZEamxWME1BbjNLZEYvTEtWL3h2?= =?utf-8?B?QldqVm4xVkYzWFlwWUxzbzE4YnVJNnRmSWNaVWcxL1ptZnkyRWVlcmU1MGxh?= =?utf-8?B?cTFZMHRQNWNXZFhIQ1k1dWgrT2h1ZFhKTFFXbzlwdFhuWGs5bG9mcWlwUmFn?= =?utf-8?B?RDEzQSt5dklyOGlzd3AwMjViVkRxVVFtTFJRa3pOUmVLVERpQ1Fnek8yb1c0?= =?utf-8?B?TkdxWWJ2Y2xWSFQ5aWVzMGdBZVd5MFNTdFhJUDkzKzJLSjVTczhWUTJMYTAv?= =?utf-8?B?Vk05Y3piSWltL0o5QWpNQkJla0dWUDdDbFEySEdicnR0RStzRTM5Unl2TXlI?= =?utf-8?B?UTBEb3R0cVZjQ2ZYelU4N3hhb0tlSGFBRFlsRVJiSXZ3TytYRlYraEUvNERN?= =?utf-8?B?ODVGM21LRXUyRnd2NDJudTU1bTlyRzBIVitvdjRzRWVjR28zUXAzUlNKcGZN?= =?utf-8?B?ZWd0aTMrVWxJOHQvekc1T3JYbHJTdi9sNHpBallhc2txVVpPbDBXNUYxdU92?= =?utf-8?B?YjRmOCt5OWoyOUFBYXhpa0lqTFdxOHdSSzZIb1FwYmpvZC9tbnUwRERiV2ZS?= =?utf-8?B?elkrbkdabmMwV1pKVWE2RWU3cGUybjM5dmVuRlBFVVcwcTVFL1h6Sm5xeXFo?= =?utf-8?B?T01senl5WnA1REZuYzNONUxkK09BMnh4T21CZk9hZWlaYkxLYmlESGhleGpQ?= =?utf-8?B?Y0VuNzdRanEvT2pRNWp3Mm54dDA5UGd5NVVHY1VjT3l4Ly93cFJxVDNxZDR5?= =?utf-8?B?dGhZTytpdHloTkRhVU1zMGRvS2RHZjlTTmRsTlk5cXUvWHhOcXo2ZWRoOXgy?= =?utf-8?B?enVaNGZ6RndKY012bDYvV3gxWm5aVCtldUdveUphM3VVVVRFKzNWcVNvQmpU?= =?utf-8?B?MHZHQ1hQcUVqMjhpODE3eVFRSWZseldJT0Z6Tmtpb0wrREVVQXFtaDcrSEN6?= =?utf-8?B?Ujd2NzNFdmM4TFJrZ1RObndTLzRtczlsT1RETjBMS0NFQ053OUNRQW9CYVli?= =?utf-8?B?MFUzNjlaQjM5L3NQZGxWbkdMQnU1eUdVZzlyVENPdFVWbGNFczlTTlN5aXJl?= =?utf-8?B?Qm40ZGNpWUlrY1h4YWlxRmpiR2lQNHoyK2VGNi9rTHpTcVEvRmk1Qk16SHRZ?= =?utf-8?B?VXdjUitNVGlTaEdPRTdRK25PbnB4UUJvTUVZYWJGaHk5Vk12Q2xocGVwc21q?= =?utf-8?B?RVlaM1krNmQrTXJ5akJhelRINUwxdTFRZXhLZGNQNDZXKzBFU0Q3K2JpcjFu?= =?utf-8?B?N1JMalhjZEoyVU9NZUNkSDNQcVBJbkJqKzYxa1E5dEFHZ2JOTnRRWEpZSlJ4?= =?utf-8?B?ajZXczduVEh4ZjVaSkVxNDNubGg2VkVUZDhwbEJmVG9FQ3lRMFUzQzJyYVNo?= =?utf-8?B?alJyL2M1aWZSRjRwOGNjaGYxM0RsbWcrempDWHErbDhEWVRMQkh2RUh2WHMy?= =?utf-8?B?b3dTTnJGZ0J0Q0ZGRFVodGdOcUNYZmdCbXlZV1ZocDA2NzBjcEFVeEFiUU82?= =?utf-8?B?SFJLSjBlSkxwUlM3OGRwSWExVnVJTVVLb1l3Q3Z3YTk0alR6aW1pZFhxU1ly?= =?utf-8?B?K3BWOW5uUE9uKzZJbWI5UGMwWFEreFlCaTQ1Q2pLZEFSdThYaWhEU01Hd3Jq?= =?utf-8?B?bTRBRUFZMURKVGdDWlgva2ZZSVZyeFdiWGxqb2FBUGc2dWp1Wm5zby9Yb1J0?= =?utf-8?B?L3JaLzRqeldRWTVBL0l1d0YzODlkZGx6UnJpdFh4TU9JUEhGeTE0UWhrYlhy?= =?utf-8?B?YU50R2RMY1FaQTFaUVY4Q0xzbE1Dam52enNOY1BVdXVna2F0MGhPKzdwN1da?= =?utf-8?B?Szg5TWsvKzNKQi9udnBaYzhIT05ZVDZkdmphdzE3d21mQUo0akNmcXp5MzB0?= =?utf-8?Q?S4ky8myD+51dh?=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 31dd16ec-3dd1-4696-adb2-08d919751519
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2021 20:48:10.8516 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: vqk2yDqB5f7MA2WGzHzEt6m7+GlGrAAuIAE15lK155Jj1GEyM+QFRmViyUPLhERR
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0201MB2232
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tv725f-aVSfhmo56BbnjBCAmshQ>
Subject: Re: [TLS] Use-case for non-AEAD ciphers in network monitoring
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2021 20:48:31 -0000

Hiya,

On 17/05/2021 21:33, Darin Pettis wrote:
> TLS 1.3 did a great job regarding safety of data on the Internet. For the
> next version, let’s focus on how to best meet this used case

I think we had this discussion a few years ago. There is
no sensible boundary at which TLS can apply different
cryptographic treatment.

There were also many many other points raised at that
time that I don't think we'll benefit from repeating.

Cheers,
S.