[TLS] I-D Action: draft-ietf-tls-md5-sha1-deprecate-07.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : Deprecating MD5 and SHA-1 signature hashes in TLS 1.2 Authors : Loganaden Velvindron

[TLS] Use-case for non-AEAD ciphers in network monitoring

Hey folks, we came across a novel use-case that highlights the need for non-AEAD ciphers in TLS and would like to start a discussion on that. Our use-case is passive TLS decryption on network monitors (NMs). Non-AEAD ciphers would allow to selectively forward the TLS write keys from clients to

Re: [TLS] Use-case for non-AEAD ciphers in network monitoring

Without commenting on the use-case itself, I am concerned that people will not appreciate "drop AEAD and its assurance of authenticity" would now also mean "can be passively monitored." I will point out that anyone can publish write a draft and request numbers to be assigned (e.g., look for

Re: [TLS] [EXTERNAL] Re: Use-case for non-AEAD ciphers in network monitoring

This NIST workshop is investigating the exact problem discussed on this thread. Several types of solutions have been proposed there. Cheers, Andrei From: TLS On Behalf Of Darin Pettis

Re: [TLS] Use-case for non-AEAD ciphers in network monitoring

…use case* Thanks in advance, Darin Pettis On Mon, May 17, 2021 at 3:33 PM Darin Pettis wrote: > Thanks to Eric and Rich for your technical responses and cautionary > statements. > > I do see that Florian’s use-case below points to the continued need for > enterprise inspection as once the

[TLS] tls - New Meeting Session Request for IETF 111

A new meeting session request has just been submitted by Christopher A. Wood, a Chair of the tls working group. - Working Group Name: Transport Layer Security Area Name: Security Area Session Requester: Christopher Wood Number of

Re: [TLS] Use-case for non-AEAD ciphers in network monitoring

Hi Florian, This suggestion comes up occasionally, and as Rich Salz says, you could just register your own cipher suite. With that said, I would make three comments: 1. I think it's a bit of a category error to talk about AEAD versus non-AEAD in this context. AEAD is just an interface, so it's

Re: [TLS] Use-case for non-AEAD ciphers in network monitoring

Thanks to Eric and Rich for your technical responses and cautionary statements. I do see that Florian’s use-case below points to the continued need for enterprise inspection as once the data lands inside the data center they become the custodians of it and are responsible for the security and

Re: [TLS] Use-case for non-AEAD ciphers in network monitoring

Hiya, On 17/05/2021 21:33, Darin Pettis wrote: TLS 1.3 did a great job regarding safety of data on the Internet. For the next version, let’s focus on how to best meet this used case I think we had this discussion a few years ago. There is no sensible boundary at which TLS can apply different

Re: [TLS] Use-case for non-AEAD ciphers in network monitoring

Hi Stephen, Thanks for the quick reply as I know it is getting late in Ireland. I’m sure you do remember the conversation as you spent a lot of time at the microphone around it. :-) It is certainly not an easy question to answer but this group comprises the smartest people that I know!! Surely

Re: [TLS] Constant-time Algorithms

Also, is it necessary for a TLS client to care about implementing algorithms in constant time, or is this only of concern to servers? Thanks, Mike On 5/14/21 14:56, Michael D'Errico wrote: Hi, Is there a list somewhere stating which parts of TLS require constant-time algorithms? Mike

[TLS] TLS@IETF111: Agenda Topics

The TLS WG will meet at IETF 111. The chairs have requested a 2 hour slot [0] and would like to solicit input from the WG for agenda topics. Please send your agenda topics request and an estimate for how much time you will need to tls-cha...@ietf.org. Please note that we will prioritize