CCM_8 is used in the IoT space because some SDOs believed that they need to optimize the transmission overhead. Clearly, this is not meant for general purpose use but rather for IoT only.
Is it a good idea to truncate the authentication tag? I don't have an opinion about that but that's what the specifications make you use and that's also what is now in hardware. On 10/10/2017 01:05 AM, Sean Turner wrote: > Anybody else has thoughts on this? > > spt > >> On Oct 3, 2017, at 18:53, Sean Turner <s...@sn3rd.com> wrote: >> >> In the IANA registries draft >> (https://github.com/tlswg/draft-ietf-tls-iana-registry-updates), we’ve added >> a recommended column to the Cipher Suites (CSs) registry (and some others). >> Right now, the criteria for getting a recommended mark is AEAD ciphers with >> strong authentication standards track ciphers. While that’s great >> generally, the list we’ve got five CSs that gave Joe and I pause: >> >> TLS_DHE_RSA_WITH_AES_128_CCM_8 >> TLS_DHE_RSA_WITH_AES_256_CCM_8 >> TLS_PSK_DHE_WITH_AES_128_CCM_8 >> TLS_PSK_DHE_WITH_AES_256_CCM_8 >> TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 >> >> The CCM_8 CSs have a significantly truncated authentication tag that >> represents a security trade-off that may not be appropriate for general >> environment. In other words, this might be great for some IoT device but we >> should not generally be recommending these. >> >> We’re recommending that these five suites be dropped from the recommended >> list. Please let us know what you think. >> >> J&S >> (editor hats on) > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
