IETF Logo Mail Archive

Re: [TLS] Authentication Only Ciphersuites RFC

John Mattsson <john.mattsson@ericsson.com> Thu, 28 February 2019 15:56 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E24F130EDB for <tls@ietfa.amsl.com>; Thu, 28 Feb 2019 07:56:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=EkmRF2mL; dkim=pass (1024-bit key) header.d=ericsson.com header.b=TZHfMaD+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kSPoJhSFNozC for <tls@ietfa.amsl.com>; Thu, 28 Feb 2019 07:56:29 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07297130ED6 for <tls@ietf.org>; Thu, 28 Feb 2019 07:56:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1551369387; x=1553961387; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=U5xilt8FTJSwApQRVYGseVrrtCmpW3hRDpmc5rFF/QE=; b=EkmRF2mLOa9xIqHT9rmtEV6lgaSKnTy1cxvQMEJytLkrMT5Ld8O9BFm0Nd92uurX WTtg723d1tWiIN6yX4TdNGMxR457FCipCB36K8FNi7qPhv82i2UC1uld3ENk1KMJ JWMO2Sr1F2o089GrCznxnIbJdL+/IIf9GeD7s02fhKo=;
X-AuditID: c1b4fb2d-2198b9e00000062f-4c-5c7804abc736
Received: from ESESBMB505.ericsson.se (Unknown_Domain [153.88.183.118]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 7B.B7.01583.BA4087C5; Thu, 28 Feb 2019 16:56:27 +0100 (CET)
Received: from ESESSMB503.ericsson.se (153.88.183.164) by ESESBMB505.ericsson.se (153.88.183.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 28 Feb 2019 16:56:26 +0100
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB503.ericsson.se (153.88.183.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 28 Feb 2019 16:56:26 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U5xilt8FTJSwApQRVYGseVrrtCmpW3hRDpmc5rFF/QE=; b=TZHfMaD+FU9XPHBilUUY2g277lFF+oeH2gWUw8IKcszZvwDpYEgGXIgn3NV7lURAtbI/l9vxxDtR9SYY26n+2WVrWqHxwf/cWNNOh7XeTPXli5qg+chted7miq2EtvDcQr70+OG/PgIrGFAhi2uFAi2tmJMfdmRonTE2DWSwEdY=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.166.22) by HE1PR07MB3114.eurprd07.prod.outlook.com (10.170.245.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.12; Thu, 28 Feb 2019 15:56:24 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::49f9:ba7d:bd7d:2ffc]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::49f9:ba7d:bd7d:2ffc%5]) with mapi id 15.20.1665.012; Thu, 28 Feb 2019 15:56:24 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Jack Visoky <jmvisoky@ra.rockwell.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Authentication Only Ciphersuites RFC
Thread-Index: AQHUzpc5W2pxSTaBS0OsWyhr6Jy/M6X1b+OA
Date: Thu, 28 Feb 2019 15:56:24 +0000
Message-ID: <EB6FED0C-59C9-474F-817E-F85EB5835CB4@ericsson.com>
References: <C75F0D18-90FB-46F2-80EB-850DF3C76607@ericsson.com>
In-Reply-To: <C75F0D18-90FB-46F2-80EB-850DF3C76607@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.1.190220
x-originating-ip: [192.176.1.92]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c14948ec-8e73-4bf2-d6f3-08d69d954ab0
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB3114;
x-ms-traffictypediagnostic: HE1PR07MB3114:
x-ms-exchange-purlcount: 2
x-microsoft-exchange-diagnostics: 1;HE1PR07MB3114;23:gX6U5ffhc5/FiGHHjQynbAIzj7bT0y1XrHzogA5BBLP0L5Fm/XJnS0lyS/ApmWi5XBY19leR8be7klhC9lBN/Kb7+RBIplPNQZ+lAkngvBkO74ALV5vXfYCXI83UBd2E5wlMwdyCTtkMB3jYQxERK9h0oM1U9tqwbA5mWuOPyIKpgXRa+Ja1F+6hkc9XSaRyBZP8oV786aecwG1sxR6Sh8hYSEQW9lwfKLP3dqStIF9o4fejUhOfsBmOKrAemDd+1Xv5wpp288ghXVOoq4XREApyAzuKzCyhwUteGX5Er4ZSosi4uvyz+qnT5leu1abESGyP1vQdnzOB2heIIMZt1/KtBKxZD4K2Gh1ZhINOXDMuCoTxlL7A4leiIT7Qp0PHivipZQzXWby3WJT4z5CrnjBYzivrNdQFcvHo2CuHM568eJq47CDkiAnG3cbPnT3H03nrmEj2kUGt8EaMBF8RXXlawILHV7pAdrcLKEQ8Fed0gd7yEi8dyPWOzY0sQZyXcpj3ePk8Wi7qUXQBvxmsBSHOdQCubajjIaBqBnU4E4WP5NZ8PYZmnHTLduWqzy1RAPJparXvo2lNNDrcXaz9NaIyewnz9EOxfobgulJpxJ0lkjLxB0mz5glol0yL9fXxwYvrbSN4+BxK6K97t8+Og89Q6AbVA28a7vngBPSpcYKrsK4lbXBiTxSZtiOElALDsDeYK+UjwiZu7iUMmFgDCrYm5CGa6fOLjqp5+AHO68utZEW9vXj7SYouz5lMYjCrFg24izM5nRLcM/SAJ0SE/f0V5eEBxudzhKIR7u8fTgLymblf05GgCbnCFVDpRXsyRzmEmqlDYiphqZx/y9sQE5jBQpbmor6V1pNGRI/OfzdvtZy/uZWHEB1hLFPJuq9MJ6ykRN8aCHQVepll7vzr5TZgMi9Q4PH5QKKHKdPrZ7BCArTyu2pK7QggCkm2J6Ft97f81xq3NT+0M5t2dOJEdTgbGBtNI4F5Clh60tbc9/MJXTnYRswbbJ2BZUoJpvNr0besd9efdiud2F9ZpET09RwxxMhBj8AptrPY+KomDlloTLSQSMqWte2zMNyQsm78vgoq73T7O/QaBBAfQcdoDQSTWadQFqsglytgrAkFOFupHjBRVkuIpIbjLjMi7cTLedy6bCm5C8Tn2U+6wWi9AjTbAxeQSdm1Ll/BTCW/0syMWRxhW/bcGmlqF2BgkYcBk1tAzJFSpZniKISUS09xWQgQJ0I16FxMumIn5KwsFZ1Zw9+fW51ON6sLdB1TNA9Trw9VgM9KGfcOJdgK19svXZqvHdHBlMcyoU0dSjdfo4iyJ673t7Nc2Mj9yIHvmNC0kmQQeuaZVJFZzjKhpFFMlTh4MZlX/zDAQ+Or/g6jaQBhzjhG+kW/KpA7ZlVVuqUbS3vyJl95mBP7Xuav8slnYg==
x-microsoft-antispam-prvs: <HE1PR07MB31145B7368F6C5F33F2541AD89750@HE1PR07MB3114.eurprd07.prod.outlook.com>
x-forefront-prvs: 0962D394D2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(346002)(376002)(396003)(366004)(189003)(199004)(229853002)(71200400001)(966005)(71190400001)(86362001)(6306002)(33656002)(83716004)(478600001)(6512007)(25786009)(76176011)(105586002)(106356001)(2906002)(82746002)(54896002)(6436002)(99286004)(6486002)(8936002)(316002)(14454004)(236005)(58126008)(97736004)(81156014)(66574012)(8676002)(6916009)(81166006)(5660300002)(7736002)(11346002)(486006)(2616005)(6116002)(3846002)(476003)(446003)(606006)(36756003)(4326008)(256004)(14444005)(5024004)(68736007)(26005)(102836004)(6346003)(66066001)(53546011)(6506007)(53936002)(186003)(6246003)(44832011); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3114; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: BiwYk3Lj3BFekpLRthPvAkdG6uSfNH0UfMvi3pWJgeu+Na9DPHWbfuM5STd641EmGzK01wDrp30j7z/O7KkZTZVEM6ziCP05PYs4G3VwQrY3u26EN+UN8b2pPGw/pP6svolD5MBUaSaZuVSZdZtRJB+/F4uzLSZfD4AJ71p55vfIoNRr5Y6ybc3480FjiJ9TlGWMOkF9gKMfXWhVikMgs1B5Xq41OrYftZqdHW5oyVQGIW6kdFFpTC3QedoneMzWMTopHH6S2xWw0LqQmS2pJq7u2xKZvAN93nMGFfELXwSnepiQ2FHawO9WcKHjnuhrdimv4mSfb6OH6KwPb9Hbbq0wpseJBReNzCnpiqv2ZtwwAkjAIF2ELnO9genKD4WL/boByP41GFwIkV2s5e536p7eVkuMUemVhhIAV6RBpog=
Content-Type: multipart/alternative; boundary="_000_EB6FED0C59C9474F817EF85EB5835CB4ericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c14948ec-8e73-4bf2-d6f3-08d69d954ab0
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2019 15:56:24.7144 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3114
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hTYRjHec85bmejwevc8mlq1EIwwUsaaHTRvsSIBCkiEUunHlScU3fM 24eQUjQtL5mV8w4Glq3ENK+ZTkuUzFiEmhfKaVraLKFWptK2s8Bvv+d5/u//ufDSpPiZg4xO UKcxGrVSJecJqcqwjnSvZiozwjf/LhE417DAD1wfL0TBhKKx8Q+heP60jxdKhAuPxTKqhHRG 43MiShi/1FTPT9mYRJndv7uoHFT1DhUiAQ34MIyOv7axGA8hmFiWFCKhhX8haHvxneCCRgJ6 Oxf51oDCpSToGt6SXKWcgIKfVRQXzCNomX5DWM142BdqenN4VpZgT9D1GUgrk3g/rBlqKSs7 4QCYfVBMcppA6Fm7gzj2g8X2XL6VKewOpQ0jNh8RDoK6YaMDN2wQfK022fQCHAyd6xM2T4R3 g3n0EcH1coYPC3UEtyiGxt5xkmMpfDFu23yk2Afaij9SXH4fbBrmeRy7gaGuyH6kEEuvbWRd EvAUgoobw/YHntA+sG1nGZiNP/icqNYJCvp1ls60JUiEpSF/TuMK93Nn7EPU8+DxTShF3tod s3IcA/1TV/la286OMFK5QGktTiQ+CE+6fbT2M94u+sTn2APyqmvsrIDr2lcOOzX1iH6IpCzD sklxfv7ejCYhhmWT1d5qJq0VWX7TQNtfr07UvHJSjzCN5LtEM8sZEWIHZTqblaRHQJNyici8 ZUmJYpVZ2YwmOVJzWcWweuRCU3Jn0abYMUKM45RpTCLDpDCa/1WCFshyUJl/fgc+49XxeV0n Xg0XsBdSJcTgWGjz7FazSm5a7Dv9LTI6KrrVO2X6bM2gB9KP8a69b6kzBWy6nmOSJoznTeHq 2Oy9x1+eCl3F7lNt5bdWLs1OapvKejYU0j1H5rozSlKN+GLDAdI3rMJFKAkvIWevdAlDXO65 yfLMAeKjcoqNVx7yJDWs8h/iMQFXSQMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yMO_04kltfDRqocow-oa0z8u4g4>
Subject: Re: [TLS] Authentication Only Ciphersuites RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 15:56:33 -0000

Hi,

I dislike having a document (even a internet-draft with non-recommended cipher suites) that kind of implies that confidentially needs to be disabled for low latency. Especially as the suggested cipher suites would increase latency in a lot of cases. Anybody googling (or DuckDuckGoing) “TLS” and “low latency” is now likely to find this document…

Irrespectively of what happens with this document, I suggest either:


  *   Removing any claims about low latency.
  *   Describe exactly which cases the suggested cipher suites provide significantly lower latency.

(The numbers I posted yesterday for aes128gcmv1 was accidently taken from Cortex-A57, the correct numbers for Cortex-A5 are [186.11, 193.94, 203.11], but that is still likely a little bit faster than HMAC-SHA-256).

Cheers,
John

From: John Mattsson <john.mattsson@ericsson.com>
Date: Wednesday, 27 February 2019 at 13:23
To: Tony Putman <Tony.Putman@dyson.com>, Jack Visoky <jmvisoky@ra.rockwell.com>
Cc: "TLS@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Authentication Only Ciphersuites RFC

Hi,

The document repeats the requirement of low latency several times. It would be interesting to know which platforms/networks/deployments you have in mind. My understanding is that HMAC-SHA-256 only have better latency than AES on a little bit longer messages where the larger block size matters. Short messages are common in many IoT deployments. Looking e.g. at the benchmarks at https://bench.cr.yp.to for "armeabi; Cortex-A5 (417fc051)" on 64 byte messages, SHA-256 alone requires significantly more cycles than AES-GCM for 64 byte messages.

Cycles/byte for 64 bytes
86.14     86.73     93.59     sha256

Cycles/byte for 64+0 encrypt
24.20     24.20     24.34     aes128gcmv1

On more constrained processors such as the Cortex-M0, AES128-CCM also seems to have lower latency than HMAC-SHA-256 on short messages (37677 cycles vs. 48924 cycles) https://github.com/ctz/cifra. On longer messages, HMAC-SHA-256 likely have lower latency (https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-2015/documents/presentations/session7-vincent.pdf). Note that this pdf shows timing for SHA-256, not HMAC-SHA-256.

Increasing the tag size from 8 bytes (CCM_8) or 16 (GCM) to 32 or 64 may also increase the latency as these additional bytes have to be transmitted.

/John

From: TLS <tls-bounces@ietf.org> on behalf of Tony Putman <Tony.Putman@dyson.com>
Date: Wednesday, 27 February 2019 at 11:17
To: Jack Visoky <jmvisoky@ra.rockwell.com>
Cc: "TLS@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Authentication Only Ciphersuites RFC

I take no position on whether this is a good idea or not. Regarding the draft itself, I was expecting to see a clear definition of the integrity check computation in terms of an AEAD-Encrypt computation.. Something along the lines of:
  AEAD-Encrypt-HMAC(write_key, nonce, additional_data, plaintext) =
    plaintext || HMAC(write_key, nonce || additional_data || plaintext)

In particular, AIUI, nonce must be included to prevent replay attacks. Also include N_MIN = N_MAX = 8 bytes.

-- Tony

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Jack Visoky
Sent: 26 February 2019 20:54
To: tls@ietf.org
Subject: [External Mail] [TLS] Authentication Only Ciphersuites RFC


TLS Colleagues,

If you recall we discussed a draft for authentication only ciphersuites over email back in August of 2018.  We've since made some updates to that draft.  We also have gotten IANA assignments to the authentication only ciphersuites for TLS 1.3 and have updated the draft to reflect the new assignments.

To that extent, as the IoT community is looking to adopt these ciphersuites, we would like to solicit review of the draft:



    https://tools.ietf.org/html/draft-camwinget-tls-ts13-macciphersuites-02



and request that it be published as informational draft given that the IoT forums are looking to adopt its use and the draft can serve as the guide for use and interoperability.

Thanks and Best Regards,

--Jack (and Nancy)



Dyson Technology Limited, company number 01959090, Tetbury Hill, Malmesbury, SN16 0RP, UK.
This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please immediately and permanently delete it, and do not use, copy or disclose the information contained in this message or in any attachment.
Dyson may monitor email traffic data and content for security & training.

v2.23.0 | Report a Bug | By Email