IETF Logo Mail Archive

Re: [Curdle] comments on draft-ietf-curdle-rsa-sha2-03.txt

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 27 March 2017 00:52 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F6E2128D2E for <curdle@ietfa.amsl.com>; Sun, 26 Mar 2017 17:52:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CeA3ZjD0XMzv for <curdle@ietfa.amsl.com>; Sun, 26 Mar 2017 17:51:59 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F413128B44 for <curdle@ietf.org>; Sun, 26 Mar 2017 17:51:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1490575919; x=1522111919; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=PTW1tVs/QfkLA4n8g5nktZ5oshvcaXszg2XKV4YhM+0=; b=fdtBDZJMC6RXT4w9kWnWx97hiUJ/uggStzzELud+NQYXa5Ozn9wEJw8J tzt6A47c+DbWHqdkH4UGFmy2l91VOUyJ4KdEnx2WFFe1rGU1Cfwv1YEmM /7kU7f4+rsoU68UCrEnKG90j3CGdxKSLHaEgc2n6fLmmPDLktPubIQdi/ s7RLqeJ1Gfhd1FyQK3903RhIvNqeC4sd/6WrPLlJzFzdMOIXdM6LptEoW ZfPcsMWiDT8qlC5wcMeA2JaTi9UyRosjedC0o8FpeH7VaR6/nyXB08jd4 R6UsqrfH75zSOoYmVbiEwTlCLgU9aOGr8f4WCsfW3AfcgX1AtlnsVQw5w w==;
X-IronPort-AV: E=Sophos;i="5.36,229,1486378800"; d="scan'208";a="145819289"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.9 - Outgoing - Outgoing
Received: from uxcn13-tdc-e.uoa.auckland.ac.nz ([10.6.3.9]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 27 Mar 2017 13:51:57 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-e.UoA.auckland.ac.nz (10.6.3.9) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 27 Mar 2017 13:51:56 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Mon, 27 Mar 2017 13:51:57 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: denis bider <denisbider.ietf@gmail.com>, "daniel.migault@ericsson.com" <daniel.migault@ericsson.com>, "curdle@ietf.org" <curdle@ietf.org>
Thread-Topic: [Curdle] comments on draft-ietf-curdle-rsa-sha2-03.txt
Thread-Index: AQHSppDoJRcP16zDJU+R0iPNB50hdaGn22mQ
Date: Mon, 27 Mar 2017 00:51:56 +0000
Message-ID: <1490575901696.39454@cs.auckland.ac.nz>
References: <CADPMZDByTiWov0vp2Tk1n9dnnkfwepO+UsAnh3rdsrbem2H=VQ@mail.gmail.com>
In-Reply-To: <CADPMZDByTiWov0vp2Tk1n9dnnkfwepO+UsAnh3rdsrbem2H=VQ@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/Lj0n9IQlkoEU50zpliGeKCc8MBk>
Subject: Re: [Curdle] comments on draft-ietf-curdle-rsa-sha2-03.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 00:52:00 -0000

denis bider <denisbider.ietf@gmail.com> writes:

>The objection with additional variants is that if a fraction of deployments
>are set up to require them, this puts pressure on others to implement them as
>well. For Peter, this is a cost because his usage cases are extremely
>constrained.

It's also because I'm inherently lazy :-).  The smaller the number of
combinations of algorithms and mechanisms I need to implement, debug, and
test, the better.  SSL is an extreme example of this, there are such a vast
number of combinations of cipher suites, parameters, and message flows that
(a) no-one has ever tested them all and (b) when someone does come along and
test just one small corner of the whole mess, e.g. message flows, they
inevitably find vulns all over the place because composing all the different
bits and pieces is unsafe (there are now at least four, probably more,
conference papers published just on messing with SSL message flows, leading to
things like all-zero keys used and other issues).

Adding redundant ways of doing more or less the same thing isn't a good idea.
So my general objection is a combination of { code size minimisation, attack
surface reduction, work/effort reduction }.

Peter.

v2.23.0 | Report a Bug | By Email