> On Aug 20, 2018, at 4:57 PM, Eric Rescorla <e...@rtfm.com> wrote: > > With that said, I don't think this document makes a very strong case for > these cipher suites. Essentially you say: > > 1. We don't need confidentiality > 2. Code footprint is important
There is also a use-case for communication between processes on the same machine, e.g. over unix-domain sockets and the like. Encryption in this context is pointless. TLS can be used with client certificates as a means of client authentication. Postfix supports eNULL ciphers for unix-domain socket LMTP communication. This works with TLS <= 1.2, but would require enabling unnecessary encryption with TLS 1.3. http://www.postfix.org/TLS_README.html#client_tls_levels NOTE: Opportunistic encryption of LMTP traffic over UNIX-domain sockets or loopback TCP connections is futile. TLS is only useful in this context when it is mandatory, typically to allow at least one of the server or the client to authenticate the other. The "null" cipher grade may be appropriate in this context, when available on both client and server. The "null" ciphers provide authentication without encryption. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls