I take no position on whether this is a good idea or not. Regarding the draft
itself, I was expecting to see a clear definition of the integrity check
computation in terms of an AEAD-Encrypt computation. Something along the lines
of:
AEAD-Encrypt-HMAC(write_key, nonce, additional_data, plaintext) =
plaintext || HMAC(write_key, nonce || additional_data || plaintext)
In particular, AIUI, nonce must be included to prevent replay attacks. Also
include N_MIN = N_MAX = 8 bytes.
-- Tony
From: TLS [mailto:[email protected]] On Behalf Of Jack Visoky
Sent: 26 February 2019 20:54
To: [email protected]
Subject: [External Mail] [TLS] Authentication Only Ciphersuites RFC
TLS Colleagues,
If you recall we discussed a draft for authentication only ciphersuites over
email back in August of 2018. We've since made some updates to that draft. We
also have gotten IANA assignments to the authentication only ciphersuites for
TLS 1.3 and have updated the draft to reflect the new assignments.
To that extent, as the IoT community is looking to adopt these ciphersuites, we
would like to solicit review of the draft:
https://tools.ietf.org/html/draft-camwinget-tls-ts13-macciphersuites-02
and request that it be published as informational draft given that the IoT
forums are looking to adopt its use and the draft can serve as the guide for
use and interoperability.
Thanks and Best Regards,
--Jack (and Nancy)
Dyson Technology Limited, company number 01959090, Tetbury Hill, Malmesbury,
SN16 0RP, UK.
This message is intended solely for the addressee and may contain confidential
information. If you have received this message in error, please immediately and
permanently delete it, and do not use, copy or disclose the information
contained in this message or in any attachment.
Dyson may monitor email traffic data and content for security & training.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
