6.2.9 and CCM-8 #2485
Comments
elarlang
added
1) Discussion ongoing
|
Seems like getting rid of it is the right way to go. |
|
@randomstuff can you prepare a PR that captures the feedback from this issue and also #2143. Does using the disclaimer from here help with this issue? It sounds like they did have a reason for including it so I would be cautious about reversing it. |
|
Ping @randomstuff :) |
|
Woops sorry, I'll do that! By the way, I think you linked to the wrong issue in your previous comment :) |
tghosth
added
5) awaiting PR
|
@unprovable, any opinion on this? |
|
I searched https://clienttest.ssllabs.com:8443 and did not find a client with support for this (is it supported by the TLS client test?). I made a PR to disapprove it. I believe it won't be missed. If anyone thinks it should be approved, please comment here. |
|
I don't think I did link to the wrong comment. In the comment I linked, @unprovable gives a reason why they included CCM-8. I don't really want to just straight out delete it and not take that into account. |
|
Woops sorry, indeed the link was correct :) I tried to find any actual usage of CCM-8. This only thing I found is a draft “Comparison of CoAP Security Protocols”. I think CCM-8 is expected to be useful for very constrained environments (IoT with CoAP, 6LoWPAN?) but is not used for general (web) traffic. Now we have several options:
I would suggest solution (3) for consistency. If someone raises any issue with this, (2) would be an option. @unprovable, any recommendation on that? |
|
Hello! Apologies for delayed response time! So, as much as I'd like to go with 4 (no mention) it is a NIST standard (NIST SP800-38) and so it really should be covered. They're updating that standard - public consultation ended last Sept (see the consultation page so likely this is all about to change anyway. In light of this, and in light of the fact that "CCM-8 and co. come from 2007 and that was a long time ago" perhaps (3) (disallow CCM-8) is the best option. Hope this is helpful! M. |
|
@randomstuff can you update the PR? |
|
I think that might have to be a @danielcuthbert activity (I didn't make the original PR's, just heavily involved in the drafting our side). Apologies! |
We've had a few instances where @randomstuff has prepared PRs for @danielcuthbert to review so I think it is ok |
|
I have updated the PR to include this note:
Is that OK for you? @unprovable @danielcuthbert |
|
CCM-8 should only be used in legacy enviornments where performance in low resource devices is more important than security. If security is your priority, you should never touch this weak algorithm. Especially when you are doing server-side development.
I only see CCM-8 recently used in low power handheld legacy devices, but new web server development should never even think of using this.
|
|
@tghosth I couldn't, but all the folk you mention have 'contributor'. @randomstuff I think this is a good thing to note on the PR. |
|
Merged in #2534 |
Since #2482, 6.2.9 is:
CCM-8 is still listed in the approved algorithms. However, its authentication tag only has 64 bits of security and does not respect this minimum of 128-bits of security.
There seems to be a conflict between these. How should be fix this?
Possible options:
I don't have a strong opinion on this and I don't know if CCM-8 is really used/useful nowadays. The safest choice seems to disapprove CCM-8. Unless/until someone come forwards with further input, I would suggest taking this approach.
See as well discussion in #2413 for more info about CCM-8.
The text was updated successfully, but these errors were encountered: