Hi all, by reviewing the current TLS 1.3 draft I saw that already in version -02 the support for integrity only cipher suites has been removed in favor of AEAD cipher suites. Was there a specific reason to only support the encrypted cipher suites?
The reason I'm asking is that in industrial communication it is often sufficient to have source authentication and message integrity while probes on the network are still able to monitor the traffic for certain properties or verify allowed exchanges. An example is ICCP for inter control center communication. The two control center are connected via an IPSec tunnel terminated in the DMZ. The desire is to have the TLS tunnel end-to-end to allow for source authentication and also for message integrity, while doing traffic inspection in the DMZ. There exist other scenarios, with a similar requirement. If I interpret the TLS 1.3 draft right, these scenarios will not be possible in the future without a trusted intermediate host terminating the TLS link to both peers. Hence the question if the decision to use encryption only is only bound to the base specification of TLS 1.3 and that additional cipher suites (allowing integrity only) can be defined later on. Best regards Steffen -- Steffen Fries Siemens AG Corporate Technology CT RDA ITS Otto-Hahn-Ring 6 81739 Muenchen, Germany Tel.: +49 89 636-633604 Fax: +49 89 636-48000 mailto:steffen.fr...@siemens.com Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls