I think I have raised my concerns before, but I have serious doubts there's real need for such ciphersuites.
The reasoning seems to be that performance constrained devices are unable to do "normal" TLS. I don't have benchmarks, but it's my experience that people vastly overestimate the costs of symmetric encryption operations (by far the largest computational cost of TLS is the asymmetric handshake). I wonder if the people who believe they need an authentication only ciphersuite ever ran tests. I also see a non-neglegible risk in standardizing such ciphersuites. Some implementations will end up adding them and coupled with implementation flaws we may end up in a situation where inadvertently insecure ciphersuites are chosen. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
