IETF Logo Mail Archive

[TLS] integrity only ciphersuites

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Mon, 20 August 2018 20:48 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2DB6130DCE for <tls@ietfa.amsl.com>; Mon, 20 Aug 2018 13:48:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xikErQeTPPNA for <tls@ietfa.amsl.com>; Mon, 20 Aug 2018 13:48:05 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54F5912F1A5 for <tls@ietf.org>; Mon, 20 Aug 2018 13:48:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5122; q=dns/txt; s=iport; t=1534798085; x=1536007685; h=from:to:cc:subject:date:message-id:mime-version; bh=IAL33TKmuaQPYzonSNIZ2Yah0P6tTQWOh773OpvM69M=; b=KV4PgmH9sFDAcVeUOHi5isz4d9olsRvE3HQkVkn8d+YaUaIYJrjKjkDU XZ584kCXm80ONLSnbq65YNb4EMBkqZ8ALeXciWsRMsisPwztcDZF/nNzX e96+rv0KIqIS4zQxN6aOfFp3AJBavfppSgy6uNUwxnxoukbYPewuBfx/Q 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D5AABOKHtb/51dJa1cGgEBAQEBAgEBAQEIAQEBAYJXeGN/MoNmiAqMHZJ5hSuBegsjhEkZgzYhNBgBAgEBAgEBAm0cAQuFYVYSAQw+AgQwHwgEDoMnAYEdZA+oDoEuhGiFcwWJGBeCAIESJx+FZwEBA4RfMYImAox3jgUJAoYniTcPBo44iwyHdQIRFIEkHTiBUnAVZQGCP4sUhT6OUIEbAQE
X-IronPort-AV: E=Sophos;i="5.53,266,1531785600"; d="scan'208,217";a="440588988"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Aug 2018 20:48:04 +0000
Received: from XCH-RTP-015.cisco.com (xch-rtp-015.cisco.com [64.101.220.155]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id w7KKm3O0008705 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 20 Aug 2018 20:48:04 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-015.cisco.com (64.101.220.155) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 20 Aug 2018 16:48:03 -0400
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1320.000; Mon, 20 Aug 2018 16:48:03 -0400
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: integrity only ciphersuites
Thread-Index: AQHUOMcWIQ0ztQCz9UKccOekmBKudw==
Date: Mon, 20 Aug 2018 20:48:03 +0000
Message-ID: <E29465D4-E4C5-466F-9E3F-240E258DC7C2@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.c.0.180410
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.155.208.72]
Content-Type: multipart/alternative; boundary="_000_E29465D4E4C5466F9E3F240E258DC7C2ciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.155, xch-rtp-015.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/z-PqcayE5ALvV4bMMGK7NrdTixc>
Subject: [TLS] integrity only ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2018 20:48:08 -0000

All,
A couple IoT consortiums are trying to embrace the improvements made to TLS 1.3 and as they define their new security constructs would like to adopt the latest protocols, in this case TLS 1.3.   To that extent, they have a strong need for mutual authentication, but integrity only (no confidentiality) requirements.

In following the new IANA rules, we have posted the draft https://tools.ietf.org/html/draft-camwinget-tls-ts13-macciphersuites-00 to document request for registrations of HMAC based cipher selections with TLS 1.3…..and are soliciting feedback from the WG on the draft and its path forward.

Warm regards, Nancy (and Jack)

v2.23.0 | Report a Bug | By Email