Re: The HTTP/2 RFC should not mandate RSA certificates
Martin Thomson <martin.thomson@gmail.com> Tue, 31 October 2017 01:33 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FB4F13EDE3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Oct 2017 18:33:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.5
X-Spam-Level:
X-Spam-Status: No, score=-6.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQKa52o3rftp for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Oct 2017 18:33:01 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6906013F5FF for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 30 Oct 2017 18:33:01 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1e9LKe-0005fQ-Iq for ietf-http-wg-dist@listhub.w3.org; Tue, 31 Oct 2017 01:27:08 +0000
Resent-Date: Tue, 31 Oct 2017 01:27:08 +0000
Resent-Message-Id: <E1e9LKe-0005fQ-Iq@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <martin.thomson@gmail.com>) id 1e9LKb-0005ek-3H for ietf-http-wg@listhub.w3.org; Tue, 31 Oct 2017 01:27:05 +0000
Received: from mail-io0-f171.google.com ([209.85.223.171]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <martin.thomson@gmail.com>) id 1e9LKZ-0004HE-K3 for ietf-http-wg@w3.org; Tue, 31 Oct 2017 01:27:04 +0000
Received: by mail-io0-f171.google.com with SMTP id m81so31506938ioi.13 for <ietf-http-wg@w3.org>; Mon, 30 Oct 2017 18:26:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=cVN5umRLCNX7uXaD+Ga9fjYzWCCtwbnjWiA2UaYFge4=; b=fke693ktvMtDE5rfFPe6d0ZJps1WKwH4GfKkEwAZYMyr+VmMDVmw0rSuhOrl/bvVBU +mDyz1RxoV4cl9wHI3Zo2QS8kkVjaF1bvLs5ElEiBYE8Ir1GCmpTtdeqB0xYLhhKBK8X aiaWzpFobnJLqaYLVYIkA7WtDwvTegkDZoal/l0DgEfElKbNKJdIShDYpa42BfSQE7nM wH/6NyMlYal9w6Y+TAQXvcBoQgayLrp5yR9E/+WfFF0yfU9dXcQL/1twTK6iGgfHrrN1 GTAHSRf2RxRYCtcZdjo6tf0Ff3xLUSGiUEb2n23Q3Ebk2pKsBD+ds+qq6+3OxqDE/JXg 30pQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=cVN5umRLCNX7uXaD+Ga9fjYzWCCtwbnjWiA2UaYFge4=; b=Ddvt7q54b+W1KncDwqPrLgPeNKHD++9PDLdmrdCB44P4OXYl0OsvgjjFn3W5Khemp4 iswip/DO3Xj3W+OLZhWBYzCbV5veSdlXH6WWZcDimnBEwFluon76tTpUcLCM9UJBqRUQ QEyRvjDrpnvfc5/zB47ICfbNIrdesOQINScHsl6OWYWB05r0DksxGIfuUiYloQOqI99K M2/WfMUTCbluASuh18slLRGiS8dZIw0vT6P9xQJtIwxdTT7niEdJspHvWpTPbGThSN4S GrIM865o+HSQRMJIuId+/tCFXjhYwZyQo65Qd/HJmTZnRLQPnxT3HvjuIgXu4GHOFaR3 NoWg==
X-Gm-Message-State: AMCzsaXj/BGXesXN/UKNXw/WhWzyUqBD+lalpH86HBFVooqdStyeqaBY vK1twSVSwgHg/HCp5bdySE+biT/GEITbupdKZkvY8CBG
X-Google-Smtp-Source: ABhQp+SwvkbdgCkqKWYQUL21nUTJjXpV0Gohik6qnom53Bhwk3SXLmvahbpXCp68cxBMpmTS6qL9iC+4omXItXNA0Uo=
X-Received: by 10.107.104.9 with SMTP id d9mr330733ioc.303.1509413202647; Mon, 30 Oct 2017 18:26:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.33.147 with HTTP; Mon, 30 Oct 2017 18:26:42 -0700 (PDT)
In-Reply-To: <4D763F46-6D5E-4E22-88D6-EA157BBD6640@anmol.io>
References: <4D763F46-6D5E-4E22-88D6-EA157BBD6640@anmol.io>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 31 Oct 2017 12:26:42 +1100
Message-ID: <CABkgnnX1VvjYwbB=C4c8Bj13TK4dj=Bg2qcxymHyscyp4UvkSw@mail.gmail.com>
To: Anmol Sethi <me@anmol.io>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=209.85.223.171; envelope-from=martin.thomson@gmail.com; helo=mail-io0-f171.google.com
X-W3C-Hub-Spam-Status: No, score=-7.1
X-W3C-Hub-Spam-Report: AWL=1.208, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1e9LKZ-0004HE-K3 73896a2f0221e3ff6f9ebcf60da7c910
X-Original-To: ietf-http-wg@w3.org
Subject: Re: The HTTP/2 RFC should not mandate RSA certificates
Archived-At: <http://www.w3.org/mid/CABkgnnX1VvjYwbB=C4c8Bj13TK4dj=Bg2qcxymHyscyp4UvkSw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34646
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
It's not a spec bug. Though you may use this cipher suite (it's not prohibited), it's not mandatory to implement or use. Note that HTTP/2 mandates *availability* of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, not just implementation. It's admirable that Go wants to police this, but I would have said that it would be better (and easier) to remove the check and leave the problem of compliance to deployments. Having a check that is also wrong sends the wrong message to users of the stack. It says that my configuration is OK because Go said so, when it won't necessarily interoperate because Go used a check that is inconsistent with the published RFC. Now, if we had a process to easily change the spec, I would say that a change like this would be fine, but even then we might be getting ahead of ourselves. See <https://mzl.la/2gOeX7h>, which shows a ratio of approximately 1:3 of ECDSA vs RSA. Note that 1 = ssl_auth_rsa_decrypt (i.e., static RSA) and 7 = ssl_auth_rsa_sign (i.e., ECDHE_RSA). On Tue, Oct 31, 2017 at 9:58 AM, Anmol Sethi <me@anmol.io> wrote: > Hello, > > Late last year, I submitted a patch to Go’s HTTP/2 library to allow the > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher as an alternative MTI cipher > to the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher that the HTTP/2 RFC > mandates. > > My reasoning for this patch is that many servers only use ECDSA certificates > and so the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher will never be used > in those situations and thus we should allow > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as an alternative MTI cipher. > > See https://go-review.googlesource.com/c/net/+/30721 for further information > and discussion. > > After some discussion and feedback on my patch, it seems this may be a spec > bug. > > So is this a spec bug? Is it alright to allow > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as an alternative MTI cipher? > > Regards, > Anmol
- The HTTP/2 RFC should not mandate RSA certificates Anmol Sethi
- Re: The HTTP/2 RFC should not mandate RSA certifi… Martin Thomson
- RE: The HTTP/2 RFC should not mandate RSA certifi… Mike Bishop
- Re: The HTTP/2 RFC should not mandate RSA certifi… Martin Thomson
- Re: The HTTP/2 RFC should not mandate RSA certifi… Tom Bergan
- RE: The HTTP/2 RFC should not mandate RSA certifi… Mike Bishop
- Re: The HTTP/2 RFC should not mandate RSA certifi… Martin Thomson