Hello Harlan, thank you for the information. I will go back to the discussion and read it to get a better understanding about the reasoning. I had a peek into 3 or 4 emails and there were centered around the deprecation of RSA encrypted key exchange. This is different from what I had in mind. You mentioned null-cipher, which would be the choice I would see. Yes, maybe it is too late to bring this issue into the discussion. Nevertheless, as there is a need for network monitoring it would be easier to have the monitoring on an integrity protected connection, while the traffic is additionally encrypted when crossing public networks. This is the intended approach for the scenario I described for Inter Control Center communication. This would allow for non-intrusive monitoring instead of a distinct termination point, which breaks end-to-end integrity (if not provided on higher layers) also influences the end-to-end performance. I see that the integrity only is a problem for certain other scenarios, but having the flexibility in the protocol would allow to make a decision about the preferred cipher suites for a specific use case based on a security policy.
Best regards Steffen -----Original Message----- From: Harlan Lieberman-Berg [mailto:hlieber...@setec.io] Sent: Dienstag, 4. April 2017 07:10 To: Fries, Steffen (CT RDA ITS); TLS WG Subject: Re: [TLS] Support of integrity only cipher suites in TLS 1.3 "Fries, Steffen" <steffen.fr...@siemens.com> writes: > The reason I'm asking is that in industrial communication it is often > sufficient to have source authentication and message integrity while > probes on the network are still able to monitor the traffic for > certain properties or verify allowed exchanges. Hello Steffen, We've had a couple of discussions about this on the mailing list before. (See especially the "Industry Concerns about TLS 1.3" email thread starting with dm5pr11mb1419b782d2bef0e0a35e420df4...@dm5pr11mb1419.namprd11.prod.outlook.com). At this point, I don't think there's much of an appetite to be adding support for null-encryption cipher suites into TLS 1.3. In a quick summary of the 100+ message thread, the impression I got from the conversation was that the WG feels there's too much foot-gun potential from null cipher suites and that the risk was too high and the concerns brought up too late. Sincerely, -- Harlan Lieberman-Berg ~hlieberman _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
