Re: [Cfrg] Curve manipulation, revisited

Rob Stradling <rob.stradling@comodo.com> Tue, 30 December 2014 11:52 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A2711A007B for <cfrg@ietfa.amsl.com>; Tue, 30 Dec 2014 03:52:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wDPhdr2V-dMi for <cfrg@ietfa.amsl.com>; Tue, 30 Dec 2014 03:52:23 -0800 (PST)
Received: from mmextmx1.mcr.colo.comodoca.net (mmextmx1.mcr.colo.comodoca.net [IPv6:2a02:1788:402:c00::c0a8:9cd5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7C531A0079 for <cfrg@irtf.org>; Tue, 30 Dec 2014 03:52:22 -0800 (PST)
Received: (qmail 1830 invoked by uid 1004); 30 Dec 2014 11:52:20 -0000
Received: from ian.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.202) by mmextmx1.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Tue, 30 Dec 2014 11:52:20 +0000
Received: (qmail 19186 invoked by uid 1000); 30 Dec 2014 11:52:20 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Tue, 30 Dec 2014 11:52:20 +0000
Message-ID: <54A291F4.6060601@comodo.com>
Date: Tue, 30 Dec 2014 11:52:20 +0000
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: "Salz, Rich" <rsalz@akamai.com>
References: <CAMfhd9W684XMmXn3ueDmwrsQ_ZdiFG+VqYLxkvs7qDwiJdpk6w@mail.gmail.com><1725646678.805875.1419539885135.JavaMail.yahoo@jws100115.mail.ne1.yahoo.com><CAMfhd9Ua5fFZk46Xx1AN2VgyJ=Yng6fnO8aN-_ZfzXQn0Xbxhg@mail.gmail.com><CA+Vbu7zqFcu8d1053mZ_eEm0q=np6T3snSQ4rfY0k1-4hBVDsA@mail.gmail.com><2A0EFB9C05D0164E98F19BB0AF3708C71D55236DA1@USMBX1.msg.corp.akamai.com><68DF78C2-9F4D-457C-A32E-88A58E74A371@gmail.com><2A0EFB9C05D0164E98F19BB0AF3708C71D55236ECC@USMBX1.msg.corp.akamai.com><A7D3783D-0159-486E-8136-63E90E20AC0B@gmail.com><2A0EFB9C05D0164E98F19BB0AF3708C71D55236EE7@USMBX1.msg.corp.akamai.com><CA+Vbu7yaJNgi0JkhyBG6YEoKy+r5BFm_HwjL94sgHHOM7i3zOw@mail.gmail.com><2A0EFB9C05D0164E98F19BB0AF3708C71D55236F10@USMBX1.msg.corp.akamai.com><A09FEC84-6EF1-4886-9D88-E737A0895738@gmail.com><54A1C390.1010803@comodo.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D55236F3D@USMBX1.msg.corp.akamai.com>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C71D55236F3D@USMBX1.msg.corp.akamai.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/g5KdgKz_aj6d7CQrFC3-ISP9x6w
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Curve manipulation, revisited
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Dec 2014 11:52:27 -0000

On 29/12/14 21:15, Salz, Rich wrote:
>> Some TLS server software (notably Apache httpd) can already use several
>> certs for the same hostname, where each cert has a different public key
>> algorithm (RSA, DSA, ECC).  This means that certs with P-256 and P-384 public
>> keys can be used where there is browser support, with fallback to certs with
>> RSA public keys for the long tail of non-ECC-capable browsers.
>
> Any server that uses OpenSSL can do this, provided they make the calls to register the keypairs.  (And only the NIST curves are currently supported.)

Indeed.

BTW Rich, are the OpenSSL team planning to add support for whatever new 
curve(s) and associated signature algorithm(s) CFRG blesses?

Assuming yes, please will you aim to make it possible for a server to 
register 4 certs/keypairs - RSA, DSA, NIST ECC and CFRG ECC - for the 
same hostname (rather than only permit RSA + DSA + 1 ECC option)?

> So that probably includes, nginx, Node.js, anything built on Ruby or Python, etc.  Some minor code work (config and making an additional API call) could be required, but that's pretty easy.

Nginx can't do this yet, sadly.  I wrote a patch [1], but it's rather 
bitrotten now [2].  Registering the certs/keypairs with OpenSSL was 
indeed "minor code work", but the required updates to the Nginx OCSP 
Stapling code were rather more extensive.  One day I'll find time to 
address the preliminary review comments and finish the job.  :-)


[1] http://osdir.com/ml/nginx-development/2013-10/msg00159.html
[2] http://forum.nginx.org/read.php?2,253440

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online