Hi David, Thanks for sharing this, although the strong preference is to use standard TLS for securing the communications.
Thanks, --Jack -----Original Message----- From: TLS <tls-boun...@ietf.org> On Behalf Of David Wong Sent: Tuesday, February 26, 2019 5:54 PM To: Hanno Böck <ha...@hboeck.de> Cc: <tls@ietf.org> <tls@ietf.org> Subject: EXTERNAL: Re: [TLS] Authentication Only Ciphersuites RFC [Use caution with links & attachments] Shameless plug, but have you looked at constructions like Disco (https://eprint.iacr.org/2019/180) that target specifically this issue? David On Tue, Feb 26, 2019 at 10:04 PM Hanno Böck <ha...@hboeck.de> wrote: > > I think I have raised my concerns before, but I have serious doubts > there's real need for such ciphersuites. > > The reasoning seems to be that performance constrained devices are > unable to do "normal" TLS. I don't have benchmarks, but it's my > experience that people vastly overestimate the costs of symmetric > encryption operations (by far the largest computational cost of TLS is > the asymmetric handshake). I wonder if the people who believe they > need an authentication only ciphersuite ever ran tests. > > I also see a non-neglegible risk in standardizing such ciphersuites. > Some implementations will end up adding them and coupled with > implementation flaws we may end up in a situation where inadvertently > insecure ciphersuites are chosen. > > -- > Hanno Böck > https://hboeck.de/ > > mail/jabber: ha...@hboeck.de > GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
