FWIW I tend to agree with Hanno. Sending this to the ISE is likely better if an RFC is even needed. We already opened up the ciphersuite registration process to allow this kind of thing without the WG having to try (and sometimes fail to) reach rough consensus on things like this.
On 26/02/2019 21:26, Jack Visoky wrote: > Hi Hanno, > > We have done tests on this and it there is a difference. For some > industries (industrial automation) throughput is very sensitive so > what might appear as a small difference can actually be quite > significant. On that same note, yes you are absolutely correct that > the asymmetric handshake is far more computationally expensive. > However, this generally happens at the start of a connection where > timing is less sensitive. Once the application I/O is actually > being sent/received is when the performance really becomes > sensitive. > > Point taken that the ciphersuites could be used within an > application where it isn't appropriate, however this would have to be > weighed against the benefit of industries adopting TLS 1.3 and > securing the many IoT applications that desire this. That last appears to contradict the text in the draft itself that says that these ciphersuites are for niche use cases. For non-niche cases we really don't want to see use of these ciphersuites. Cheers, S. > This probably goes without saying but of course the best line of > defense is to properly design, build, and configure the > implementation. I recognize that doesn't completely obviate your > point but it does seem relevant. > > Thanks, > > --Jack > > -----Original Message----- From: TLS <tls-boun...@ietf.org> On > Behalf Of Hanno Böck Sent: Tuesday, February 26, 2019 4:04 PM To: > tls@ietf.org Subject: EXTERNAL: Re: [TLS] Authentication Only > Ciphersuites RFC > > [Use caution with links & attachments] > > > > I think I have raised my concerns before, but I have serious doubts > there's real need for such ciphersuites. > > The reasoning seems to be that performance constrained devices are > unable to do "normal" TLS. I don't have benchmarks, but it's my > experience that people vastly overestimate the costs of symmetric > encryption operations (by far the largest computational cost of TLS > is the asymmetric handshake). I wonder if the people who believe > they need an authentication only ciphersuite ever ran tests. > > I also see a non-neglegible risk in standardizing such ciphersuites. > Some implementations will end up adding them and coupled with > implementation flaws we may end up in a situation where > inadvertently insecure ciphersuites are chosen. > > -- Hanno Böck https://hboeck.de/ > > mail/jabber: ha...@hboeck.de GPG: > FE73757FA60E4E21B937579FA5880072BBB51E42 > > _______________________________________________ TLS mailing list > TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list > TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls >
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
