Hi Hanno, We have done tests on this and it there is a difference. For some industries (industrial automation) throughput is very sensitive so what might appear as a small difference can actually be quite significant. On that same note, yes you are absolutely correct that the asymmetric handshake is far more computationally expensive. However, this generally happens at the start of a connection where timing is less sensitive. Once the application I/O is actually being sent/received is when the performance really becomes sensitive.
Point taken that the ciphersuites could be used within an application where it isn't appropriate, however this would have to be weighed against the benefit of industries adopting TLS 1.3 and securing the many IoT applications that desire this. This probably goes without saying but of course the best line of defense is to properly design, build, and configure the implementation. I recognize that doesn't completely obviate your point but it does seem relevant. Thanks, --Jack -----Original Message----- From: TLS <tls-boun...@ietf.org> On Behalf Of Hanno Böck Sent: Tuesday, February 26, 2019 4:04 PM To: tls@ietf.org Subject: EXTERNAL: Re: [TLS] Authentication Only Ciphersuites RFC [Use caution with links & attachments] I think I have raised my concerns before, but I have serious doubts there's real need for such ciphersuites. The reasoning seems to be that performance constrained devices are unable to do "normal" TLS. I don't have benchmarks, but it's my experience that people vastly overestimate the costs of symmetric encryption operations (by far the largest computational cost of TLS is the asymmetric handshake). I wonder if the people who believe they need an authentication only ciphersuite ever ran tests. I also see a non-neglegible risk in standardizing such ciphersuites. Some implementations will end up adding them and coupled with implementation flaws we may end up in a situation where inadvertently insecure ciphersuites are chosen. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
