draft-camwinget-tls-ts13-macciphersuites has been presented for
publication as an Informational RFC on the Independent Submission Stream
The motivation for the document is to allow IoT devices that require
authentication and integrity protection, but which do not require
confidentiality, to minimize the code/state machine stack they
This document was originally introduced to the TLS WG in August 2018
resulting in a good amount of feedback with a clear conclusion that it
should not be adopted by the WG.
The draft was first brought to the ISE at revision -06 and has been
updated considerably since then.
The Abstract and Introduction contain clear statements that the work
does not have IETF consensus and is not endorsed by the IETF.
Although this document uses RFC 2119 language, Section 2 contains a
clear statement that this does not imply Standards Track status.
It is important for readers to understand that implementing this
document does not provide a fully secure system (no confidentiality
through encryption is enabled). This point is laboured in:
- the Introduction where it is clearly stated that these ciphersuites
are not meant for general use as they do not meet the confidentiality
and privacy goals of TLS
- the Security Considerations section where it is explained that
- no confidentiality or privacy is provided for the data transported
via the TLS session, and that the information carried in the TLS
handshake, which includes both the Server and Client certificates,
is sent unencrypted
- any private PSK data MUST NOT be sent in the handshake while using
these cipher suites
- these cipher suites MUST NOT be enabled by default
- any IoT endpoint that uses these cipher suites be explicitly
configured with a policy of non-confidential communications.
The draft follows the RFC8447 process and has registered two integrity-
only ciphersuites for TLS 1.3 in the " TLS Cipher Suites" registry.
There is an open source implementation as well as an implementation in
WolfSSL. There has also been some interop testing for wireshark.
- Michael Richardson performed a review as part of the IoT Directorate
- The draft has been reviewed for the ISE by Steffen Fries
- David Smith provided a superficial review for the ISE
- Joe Salowey (TLS co-chair) also provided some comments to help
constrain the use cases
- Chris Wood (TLS co-chair) stated that he would have preferred no RFC
(just an I-D to explain the code points).
- The ISE performed two reviews.
The authors updated the draft to address all reviews
Details of the reviews are extensive, but can be retrieved on request.