Re: [TLS] Authentication Only Ciphersuites RFC
John Mattsson <john.mattsson@ericsson.com> Thu, 28 February 2019 15:56 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E24F130EDB for <tls@ietfa.amsl.com>; Thu, 28 Feb 2019 07:56:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=EkmRF2mL; dkim=pass (1024-bit key) header.d=ericsson.com header.b=TZHfMaD+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kSPoJhSFNozC for <tls@ietfa.amsl.com>; Thu, 28 Feb 2019 07:56:29 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07297130ED6 for <tls@ietf.org>; Thu, 28 Feb 2019 07:56:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1551369387; x=1553961387; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=U5xilt8FTJSwApQRVYGseVrrtCmpW3hRDpmc5rFF/QE=; b=EkmRF2mLOa9xIqHT9rmtEV6lgaSKnTy1cxvQMEJytLkrMT5Ld8O9BFm0Nd92uurX WTtg723d1tWiIN6yX4TdNGMxR457FCipCB36K8FNi7qPhv82i2UC1uld3ENk1KMJ JWMO2Sr1F2o089GrCznxnIbJdL+/IIf9GeD7s02fhKo=;
X-AuditID: c1b4fb2d-2198b9e00000062f-4c-5c7804abc736
Received: from ESESBMB505.ericsson.se (Unknown_Domain [153.88.183.118]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 7B.B7.01583.BA4087C5; Thu, 28 Feb 2019 16:56:27 +0100 (CET)
Received: from ESESSMB503.ericsson.se (153.88.183.164) by ESESBMB505.ericsson.se (153.88.183.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 28 Feb 2019 16:56:26 +0100
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB503.ericsson.se (153.88.183.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 28 Feb 2019 16:56:26 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U5xilt8FTJSwApQRVYGseVrrtCmpW3hRDpmc5rFF/QE=; b=TZHfMaD+FU9XPHBilUUY2g277lFF+oeH2gWUw8IKcszZvwDpYEgGXIgn3NV7lURAtbI/l9vxxDtR9SYY26n+2WVrWqHxwf/cWNNOh7XeTPXli5qg+chted7miq2EtvDcQr70+OG/PgIrGFAhi2uFAi2tmJMfdmRonTE2DWSwEdY=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.166.22) by HE1PR07MB3114.eurprd07.prod.outlook.com (10.170.245.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.12; Thu, 28 Feb 2019 15:56:24 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::49f9:ba7d:bd7d:2ffc]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::49f9:ba7d:bd7d:2ffc%5]) with mapi id 15.20.1665.012; Thu, 28 Feb 2019 15:56:24 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Jack Visoky <jmvisoky@ra.rockwell.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Authentication Only Ciphersuites RFC
Thread-Index: AQHUzpc5W2pxSTaBS0OsWyhr6Jy/M6X1b+OA
Date: Thu, 28 Feb 2019 15:56:24 +0000
Message-ID: <EB6FED0C-59C9-474F-817E-F85EB5835CB4@ericsson.com>
References: <C75F0D18-90FB-46F2-80EB-850DF3C76607@ericsson.com>
In-Reply-To: <C75F0D18-90FB-46F2-80EB-850DF3C76607@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.1.190220
x-originating-ip: [192.176.1.92]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c14948ec-8e73-4bf2-d6f3-08d69d954ab0
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB3114;
x-ms-traffictypediagnostic: HE1PR07MB3114:
x-ms-exchange-purlcount: 2
x-microsoft-exchange-diagnostics: 1;HE1PR07MB3114;23:gX6U5ffhc5/FiGHHjQynbAIzj7bT0y1XrHzogA5BBLP0L5Fm/XJnS0lyS/ApmWi5XBY19leR8be7klhC9lBN/Kb7+RBIplPNQZ+lAkngvBkO74ALV5vXfYCXI83UBd2E5wlMwdyCTtkMB3jYQxERK9h0oM1U9tqwbA5mWuOPyIKpgXRa+Ja1F+6hkc9XSaRyBZP8oV786aecwG1sxR6Sh8hYSEQW9lwfKLP3dqStIF9o4fejUhOfsBmOKrAemDd+1Xv5wpp288ghXVOoq4XREApyAzuKzCyhwUteGX5Er4ZSosi4uvyz+qnT5leu1abESGyP1vQdnzOB2heIIMZt1/KtBKxZD4K2Gh1ZhINOXDMuCoTxlL7A4leiIT7Qp0PHivipZQzXWby3WJT4z5CrnjBYzivrNdQFcvHo2CuHM568eJq47CDkiAnG3cbPnT3H03nrmEj2kUGt8EaMBF8RXXlawILHV7pAdrcLKEQ8Fed0gd7yEi8dyPWOzY0sQZyXcpj3ePk8Wi7qUXQBvxmsBSHOdQCubajjIaBqBnU4E4WP5NZ8PYZmnHTLduWqzy1RAPJparXvo2lNNDrcXaz9NaIyewnz9EOxfobgulJpxJ0lkjLxB0mz5glol0yL9fXxwYvrbSN4+BxK6K97t8+Og89Q6AbVA28a7vngBPSpcYKrsK4lbXBiTxSZtiOElALDsDeYK+UjwiZu7iUMmFgDCrYm5CGa6fOLjqp5+AHO68utZEW9vXj7SYouz5lMYjCrFg24izM5nRLcM/SAJ0SE/f0V5eEBxudzhKIR7u8fTgLymblf05GgCbnCFVDpRXsyRzmEmqlDYiphqZx/y9sQE5jBQpbmor6V1pNGRI/OfzdvtZy/uZWHEB1hLFPJuq9MJ6ykRN8aCHQVepll7vzr5TZgMi9Q4PH5QKKHKdPrZ7BCArTyu2pK7QggCkm2J6Ft97f81xq3NT+0M5t2dOJEdTgbGBtNI4F5Clh60tbc9/MJXTnYRswbbJ2BZUoJpvNr0besd9efdiud2F9ZpET09RwxxMhBj8AptrPY+KomDlloTLSQSMqWte2zMNyQsm78vgoq73T7O/QaBBAfQcdoDQSTWadQFqsglytgrAkFOFupHjBRVkuIpIbjLjMi7cTLedy6bCm5C8Tn2U+6wWi9AjTbAxeQSdm1Ll/BTCW/0syMWRxhW/bcGmlqF2BgkYcBk1tAzJFSpZniKISUS09xWQgQJ0I16FxMumIn5KwsFZ1Zw9+fW51ON6sLdB1TNA9Trw9VgM9KGfcOJdgK19svXZqvHdHBlMcyoU0dSjdfo4iyJ673t7Nc2Mj9yIHvmNC0kmQQeuaZVJFZzjKhpFFMlTh4MZlX/zDAQ+Or/g6jaQBhzjhG+kW/KpA7ZlVVuqUbS3vyJl95mBP7Xuav8slnYg==
x-microsoft-antispam-prvs: <HE1PR07MB31145B7368F6C5F33F2541AD89750@HE1PR07MB3114.eurprd07.prod.outlook.com>
x-forefront-prvs: 0962D394D2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(346002)(376002)(396003)(366004)(189003)(199004)(229853002)(71200400001)(966005)(71190400001)(86362001)(6306002)(33656002)(83716004)(478600001)(6512007)(25786009)(76176011)(105586002)(106356001)(2906002)(82746002)(54896002)(6436002)(99286004)(6486002)(8936002)(316002)(14454004)(236005)(58126008)(97736004)(81156014)(66574012)(8676002)(6916009)(81166006)(5660300002)(7736002)(11346002)(486006)(2616005)(6116002)(3846002)(476003)(446003)(606006)(36756003)(4326008)(256004)(14444005)(5024004)(68736007)(26005)(102836004)(6346003)(66066001)(53546011)(6506007)(53936002)(186003)(6246003)(44832011); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3114; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: BiwYk3Lj3BFekpLRthPvAkdG6uSfNH0UfMvi3pWJgeu+Na9DPHWbfuM5STd641EmGzK01wDrp30j7z/O7KkZTZVEM6ziCP05PYs4G3VwQrY3u26EN+UN8b2pPGw/pP6svolD5MBUaSaZuVSZdZtRJB+/F4uzLSZfD4AJ71p55vfIoNRr5Y6ybc3480FjiJ9TlGWMOkF9gKMfXWhVikMgs1B5Xq41OrYftZqdHW5oyVQGIW6kdFFpTC3QedoneMzWMTopHH6S2xWw0LqQmS2pJq7u2xKZvAN93nMGFfELXwSnepiQ2FHawO9WcKHjnuhrdimv4mSfb6OH6KwPb9Hbbq0wpseJBReNzCnpiqv2ZtwwAkjAIF2ELnO9genKD4WL/boByP41GFwIkV2s5e536p7eVkuMUemVhhIAV6RBpog=
Content-Type: multipart/alternative; boundary="_000_EB6FED0C59C9474F817EF85EB5835CB4ericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c14948ec-8e73-4bf2-d6f3-08d69d954ab0
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2019 15:56:24.7144 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3114
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hTYRjHec85bmejwevc8mlq1EIwwUsaaHTRvsSIBCkiEUunHlScU3fM 24eQUjQtL5mV8w4Glq3ENK+ZTkuUzFiEmhfKaVraLKFWptK2s8Bvv+d5/u//ufDSpPiZg4xO UKcxGrVSJecJqcqwjnSvZiozwjf/LhE417DAD1wfL0TBhKKx8Q+heP60jxdKhAuPxTKqhHRG 43MiShi/1FTPT9mYRJndv7uoHFT1DhUiAQ34MIyOv7axGA8hmFiWFCKhhX8haHvxneCCRgJ6 Oxf51oDCpSToGt6SXKWcgIKfVRQXzCNomX5DWM142BdqenN4VpZgT9D1GUgrk3g/rBlqKSs7 4QCYfVBMcppA6Fm7gzj2g8X2XL6VKewOpQ0jNh8RDoK6YaMDN2wQfK022fQCHAyd6xM2T4R3 g3n0EcH1coYPC3UEtyiGxt5xkmMpfDFu23yk2Afaij9SXH4fbBrmeRy7gaGuyH6kEEuvbWRd EvAUgoobw/YHntA+sG1nGZiNP/icqNYJCvp1ls60JUiEpSF/TuMK93Nn7EPU8+DxTShF3tod s3IcA/1TV/la286OMFK5QGktTiQ+CE+6fbT2M94u+sTn2APyqmvsrIDr2lcOOzX1iH6IpCzD sklxfv7ejCYhhmWT1d5qJq0VWX7TQNtfr07UvHJSjzCN5LtEM8sZEWIHZTqblaRHQJNyici8 ZUmJYpVZ2YwmOVJzWcWweuRCU3Jn0abYMUKM45RpTCLDpDCa/1WCFshyUJl/fgc+49XxeV0n Xg0XsBdSJcTgWGjz7FazSm5a7Dv9LTI6KrrVO2X6bM2gB9KP8a69b6kzBWy6nmOSJoznTeHq 2Oy9x1+eCl3F7lNt5bdWLs1OapvKejYU0j1H5rozSlKN+GLDAdI3rMJFKAkvIWevdAlDXO65 yfLMAeKjcoqNVx7yJDWs8h/iMQFXSQMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yMO_04kltfDRqocow-oa0z8u4g4>
Subject: Re: [TLS] Authentication Only Ciphersuites RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 15:56:33 -0000
Hi, I dislike having a document (even a internet-draft with non-recommended cipher suites) that kind of implies that confidentially needs to be disabled for low latency. Especially as the suggested cipher suites would increase latency in a lot of cases. Anybody googling (or DuckDuckGoing) “TLS” and “low latency” is now likely to find this document… Irrespectively of what happens with this document, I suggest either: * Removing any claims about low latency. * Describe exactly which cases the suggested cipher suites provide significantly lower latency. (The numbers I posted yesterday for aes128gcmv1 was accidently taken from Cortex-A57, the correct numbers for Cortex-A5 are [186.11, 193.94, 203.11], but that is still likely a little bit faster than HMAC-SHA-256). Cheers, John From: John Mattsson <john.mattsson@ericsson.com> Date: Wednesday, 27 February 2019 at 13:23 To: Tony Putman <Tony.Putman@dyson.com>, Jack Visoky <jmvisoky@ra.rockwell.com> Cc: "TLS@ietf.org" <tls@ietf.org> Subject: Re: [TLS] Authentication Only Ciphersuites RFC Hi, The document repeats the requirement of low latency several times. It would be interesting to know which platforms/networks/deployments you have in mind. My understanding is that HMAC-SHA-256 only have better latency than AES on a little bit longer messages where the larger block size matters. Short messages are common in many IoT deployments. Looking e.g. at the benchmarks at https://bench.cr.yp.to for "armeabi; Cortex-A5 (417fc051)" on 64 byte messages, SHA-256 alone requires significantly more cycles than AES-GCM for 64 byte messages. Cycles/byte for 64 bytes 86.14 86.73 93.59 sha256 Cycles/byte for 64+0 encrypt 24.20 24.20 24.34 aes128gcmv1 On more constrained processors such as the Cortex-M0, AES128-CCM also seems to have lower latency than HMAC-SHA-256 on short messages (37677 cycles vs. 48924 cycles) https://github.com/ctz/cifra. On longer messages, HMAC-SHA-256 likely have lower latency (https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-2015/documents/presentations/session7-vincent.pdf). Note that this pdf shows timing for SHA-256, not HMAC-SHA-256. Increasing the tag size from 8 bytes (CCM_8) or 16 (GCM) to 32 or 64 may also increase the latency as these additional bytes have to be transmitted. /John From: TLS <tls-bounces@ietf.org> on behalf of Tony Putman <Tony.Putman@dyson.com> Date: Wednesday, 27 February 2019 at 11:17 To: Jack Visoky <jmvisoky@ra.rockwell.com> Cc: "TLS@ietf.org" <tls@ietf.org> Subject: Re: [TLS] Authentication Only Ciphersuites RFC I take no position on whether this is a good idea or not. Regarding the draft itself, I was expecting to see a clear definition of the integrity check computation in terms of an AEAD-Encrypt computation.. Something along the lines of: AEAD-Encrypt-HMAC(write_key, nonce, additional_data, plaintext) = plaintext || HMAC(write_key, nonce || additional_data || plaintext) In particular, AIUI, nonce must be included to prevent replay attacks. Also include N_MIN = N_MAX = 8 bytes. -- Tony From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Jack Visoky Sent: 26 February 2019 20:54 To: tls@ietf.org Subject: [External Mail] [TLS] Authentication Only Ciphersuites RFC TLS Colleagues, If you recall we discussed a draft for authentication only ciphersuites over email back in August of 2018. We've since made some updates to that draft. We also have gotten IANA assignments to the authentication only ciphersuites for TLS 1.3 and have updated the draft to reflect the new assignments. To that extent, as the IoT community is looking to adopt these ciphersuites, we would like to solicit review of the draft: https://tools.ietf.org/html/draft-camwinget-tls-ts13-macciphersuites-02 and request that it be published as informational draft given that the IoT forums are looking to adopt its use and the draft can serve as the guide for use and interoperability. Thanks and Best Regards, --Jack (and Nancy) Dyson Technology Limited, company number 01959090, Tetbury Hill, Malmesbury, SN16 0RP, UK. This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please immediately and permanently delete it, and do not use, copy or disclose the information contained in this message or in any attachment. Dyson may monitor email traffic data and content for security & training.
- Re: [TLS] Authentication Only Ciphersuites RFC Hanno Böck
- [TLS] Authentication Only Ciphersuites RFC Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Stephen Farrell
- Re: [TLS] Authentication Only Ciphersuites RFC Eric Rescorla
- Re: [TLS] Authentication Only Ciphersuites RFC David Wong
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Hanno Böck
- Re: [TLS] Authentication Only Ciphersuites RFC Tony Putman
- Re: [TLS] Authentication Only Ciphersuites RFC John Mattsson
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Eric Rescorla
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Salz, Rich
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Stephen Farrell
- Re: [TLS] Authentication Only Ciphersuites RFC John Mattsson
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… John Mattsson
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Stephen Farrell
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky
- Re: [TLS] Authentication Only Ciphersuites RFC Sean Turner
- Re: [TLS] Authentication Only Ciphersuites RFC Salz, Rich
- Re: [TLS] EXTERNAL: Re: Authentication Only Ciphe… Jack Visoky