Re: WG Review: CURves, Deprecating and a Little more Encryption (curdle)
Phillip Hallam-Baker <phill@hallambaker.com> Mon, 07 December 2015 16:44 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 695201A871F for <ietf@ietfa.amsl.com>; Mon, 7 Dec 2015 08:44:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h4cZk2couZ9z for <ietf@ietfa.amsl.com>; Mon, 7 Dec 2015 08:44:40 -0800 (PST)
Received: from mail-lb0-x22e.google.com (mail-lb0-x22e.google.com [IPv6:2a00:1450:4010:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E224A1A70FD for <ietf@ietf.org>; Mon, 7 Dec 2015 08:44:39 -0800 (PST)
Received: by lbbcs9 with SMTP id cs9so69260190lbb.1 for <ietf@ietf.org>; Mon, 07 Dec 2015 08:44:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=aKKxvUOEcuWOLLbrnS7iHMkYgkiO9LGnN5KivlB58uc=; b=GtqNcBIhU+rTL/b+WIeXw1f0p0/WWQGW7Mn+8Z/fPXfe7CPOTHMBLgOLlkcIRBaQ0p H4WN55pYi9T3jJRoDWCNNIxbvx6R/BULLjtAFRTjPtSWwbb3d41ncEWOFizHMcRiNf/N 8kSU0jU5xmd+A3FHOJHpteJ0mpC5wKR469DQQd3M18IzedlhfQL5SVCJNOa8KI9wWZG+ t67jMcg21bvrPMHzaJAnYMHeBqU9Py4waRQQAmIPnv9fhPvuYepF5XUaigMVD1igLnAR q5Yo+TfNYfxIPuut2UUu2nNMSSeTplAkfEjPURDo9t0L7JT7HM7wbdQUejwJqVCTum1l L+uw==
MIME-Version: 1.0
X-Received: by 10.112.129.233 with SMTP id nz9mr14286982lbb.112.1449506678022; Mon, 07 Dec 2015 08:44:38 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.1.227 with HTTP; Mon, 7 Dec 2015 08:44:37 -0800 (PST)
In-Reply-To: <56656DD2.9010609@cs.tcd.ie>
References: <20151204170507.5160.44472.idtracker@ietfa.amsl.com> <56656C43.5070501@alvestrand.no> <56656DD2.9010609@cs.tcd.ie>
Date: Mon, 07 Dec 2015 11:44:37 -0500
X-Google-Sender-Auth: 9DshIEQIK_8fhhFSOuj8dMmvcQc
Message-ID: <CAMm+LwhfJGvE-LvxJwRzRHjpcohQtSnhodF5a7rmbh_Foc5fBw@mail.gmail.com>
Subject: Re: WG Review: CURves, Deprecating and a Little more Encryption (curdle)
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="047d7b3a839ea4aa6b052651921b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/vEGvrRN-PV1jiYtkdpEaMGC1IcA>
Cc: Harald Alvestrand <harald@alvestrand.no>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2015 16:44:42 -0000
On Mon, Dec 7, 2015 at 6:30 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hiya, > > On 07/12/15 11:23, Harald Alvestrand wrote: > > I think there's a piece of backstory here I'm not getting.... > > > > Den 04. des. 2015 18:05, skrev The IESG: > >> The protocols in scope are Secure Shell (SSH), DNSSEC, PKIX, CMS, XML > >> Digital Signatures and potentially Kerberos and JSON. > > > > Why is TLS not included? > > > > It seems likely that the answer is one of: > > > > 1) TLS is already up-to-date in the space this group is limited to > > 2) TLS work is being done in the TLS working group > > The latter, and a bit of the former:-) > > > > > In both cases, it would be nice to say so in the charter. > > The charter text tries to do that generically but does mention > TLS specifically in this bit: > > "Where there is an IETF working group or area group with expertise in > a relevant topic the CURDLE working group will defer to the > consensus of the more specific working group as to where work will > be done. For example, the TLS, OpenPGP and IPSECME WGs are actively > considering some of these topics. " That being so, I suggest adding S/MIME to the scope: * S/MIME has approximately the same number of public certs issued as there are registered OpenPGP keys. * The number of government certs is probably the same again and they are more active. * The current state of S/MIME crypto is 3DES. Yes, S/MIME is built on CMS but there is a little bit more. In particular the only channel you have to advertise the algorithms supported is through the cert chain. There is mechanism described in RFC2633, RFC6277 and RFC6664 but how pervasive is deployment and do all the parts join up? I don't want us to be in a position where we find we need just a little bit of glue to make the system work and these are out of scope. A similar issue occurs in SSH. Right now, managing SSH keys is a real PITA because the configuration tools all use keys rather than fingerprints of keys. Even though they all present fingerprints to the user when connecting to a new server. A lot of these fingerprints are based on SHA-1 and while it might well be the case that collision attacks don't really matter, having to explain that repeatedly is an ongoing cost. And further, we can't rip SHA-1 or MD5 out of the crypto libraries as long as that type of vestigial application persists. I would like us to have a common format for presenting fingerprints of keys across applications and at minimum use that for both SSH and OpenPGP. In general we should attempt to converge on a single set of algorithm choices for all IETF protocols unless there are really good reasons to do something different. In particular we should really try to make sure that OpenPGP and S/MIME can both use the same set of algorithms. Right now we have a situation where S/MIME has the deployment advantage. If people want to get more OpenPGP deployment they should try to eliminate all unnecessary differences between the two systems. Having them use a common set of crypto algorithms is a good start, at that point the only difference between the systems is key infrastructure and message format. What is most frustrating about the current situation is that we have the same round of bikeshedding among the same set of people every time a new security WG starts. Introducing the new CFRG curves is a good opportunity to change that. It probably makes sense to write the charter in such a way that the group can consider recommendations for any IETF protocol that doesn't have an active WG and any active WG can delegate the issue to them. I can't see much chance CURDLE comes up with consensus for a set of algorithms that isn't acceptable to TLS. If that happened the WG has failed. So the TLS chairs might as well consider CURDLE to be a way to take default algorithm choices off their plate.
- Re: WG Review: CURves, Deprecating and a Little m… Harald Alvestrand
- Re: WG Review: CURves, Deprecating and a Little m… Stephen Farrell
- Re: WG Review: CURves, Deprecating and a Little m… Phillip Hallam-Baker
- Re: WG Review: CURves, Deprecating and a Little m… Stephen Farrell
- Re: WG Review: CURves, Deprecating and a Little m… Phillip Hallam-Baker
- Re: WG Review: CURves, Deprecating and a Little m… Donald Eastlake
- Re: WG Review: CURves, Deprecating and a Little m… Stephen Farrell
- Re: WG Review: CURves, Deprecating and a Little m… tom p.
- Re: WG Review: CURves, Deprecating and a Little m… Stephen Farrell
- Re: WG Review: CURves, Deprecating and a Little m… Phillip Hallam-Baker
- Re: WG Review: CURves, Deprecating and a Little m… tom p.
- Re: WG Review: CURves, Deprecating and a Little m… tom p.
- Re: WG Review: CURves, Deprecating and a Little m… Phillip Hallam-Baker
- Re: WG Review: CURves, Deprecating and a Little m… David Morris
- Re: WG Review: CURves, Deprecating and a Little m… Warren Kumari
- Re: WG Review: CURves, Deprecating and a Little m… Phillip Hallam-Baker