IETF Logo Mail Archive

Re: [Lurk] New documented submitted

Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 21 March 2016 12:36 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90B9812D65E for <lurk@ietfa.amsl.com>; Mon, 21 Mar 2016 05:36:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IKtreH1_QXmb for <lurk@ietfa.amsl.com>; Mon, 21 Mar 2016 05:36:41 -0700 (PDT)
Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com [IPv6:2607:f8b0:4003:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECD1312D5CD for <lurk@ietf.org>; Mon, 21 Mar 2016 05:36:40 -0700 (PDT)
Received: by mail-ob0-x22c.google.com with SMTP id fp4so173548454obb.2 for <lurk@ietf.org>; Mon, 21 Mar 2016 05:36:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=MJPh0LrJUptUxGEi3zGMyRUWEpQM/ton5xNkZKyVyos=; b=TFgTLoBz7B7g5U5IudwhX3q/ESCB2m3MTURPAN0GL1bjaisyTuMXymbSh+oFWFhdhh UMlE7PtMbMt74zNve0aXcrRrPQLgqQIfVyTehPt2ASDPvSWgWo0Io2+NJZO1hzNLYOra 2+RmXoohVCg9TR4lrh+R6U9vbl3jf4yg0yf/NSiNoMit4772zGRLCn5DtzG/WGcycUBR YUGBA24DlUl4N4WpQx/9RLrSsqSj4b1Hbd1u65OrbGKonlyB2z4+JpI79TVEPx/fODuo /oe4E9zvfWS2UJAMCz008lNdnfzas5x7zfCzaIdRX1V0sOTPA2OkCCqQOZStmaN8I2DL mpQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=MJPh0LrJUptUxGEi3zGMyRUWEpQM/ton5xNkZKyVyos=; b=h9fP7+KJHJcTbZWghcGnHS/fnml/B6kbQJ3UHreQvPI+LOJ9IaUSfMr3wWKG88dctI A33YGHbE1/bMVfmsrAYpZYUm0C/rFxgKJaONsNsVHEzEfAyf7r70CTo3FntiJG+vvFCC cLaEfbTZkPkVKnhu1+LxHvQ/cJf15zVZHbAOAU5t+5zT0Cmt4PAJ49PEzs80b8gM/7+I PC21WnE+n2DHQyhidzziJiFc1txXgz6jLPJARmaQ9rqhIJ3FmjfrFVl0IKCpP71ozWiY 4F4kHQ4GmYDtPW9Zetwix4X+TviVlPi4Jf/MFznnmCUZYtOiuMGPJzMpCJbkgCzCSEUd yBdg==
X-Gm-Message-State: AD7BkJIld/DahuY7Lj+nJBy8P1P/91hmhNLueus1r9MpOtdL5uxzvfBwrpVYTimQFwtojQ==
X-Received: by 10.182.250.169 with SMTP id zd9mr17246748obc.59.1458563800387; Mon, 21 Mar 2016 05:36:40 -0700 (PDT)
Received: from [172.18.133.40] (cowboy.intuit.com. [65.204.229.11]) by smtp.gmail.com with ESMTPSA id tx1sm4630499oec.13.2016.03.21.05.36.37 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 21 Mar 2016 05:36:39 -0700 (PDT)
To: Martin Thomson <martin.thomson@gmail.com>, "Salz, Rich" <rsalz@akamai.com>
References: <63a7eae4bab448a08d000f8168836a9a@usma1ex-dag1mb1.msg.corp.akamai.com> <CABkgnnXK_+s6G6z2-Gy2J+cXh8KVb0twH1nj_wuvgf0-xV-6bA@mail.gmail.com> <98c0ce406ef84742bc17a3950e61caf3@usma1ex-dag1mb1.msg.corp.akamai.com> <CABkgnnXsMJVArLBCa8kh5i-O+25wLKWXb7DvQ15-Qf=GY2zFYg@mail.gmail.com> <ab6ff7097f444cd4ae99a32daccc2f46@usma1ex-dag1mb1.msg.corp.akamai.com> <CABkgnnXGV1NZ25uyii7g4HdpT1hDFZSzsrfHxr8-R3q1mNbngw@mail.gmail.com>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <56EFEAD3.3020308@gmail.com>
Date: Mon, 21 Mar 2016 14:36:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <CABkgnnXGV1NZ25uyii7g4HdpT1hDFZSzsrfHxr8-R3q1mNbngw@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/lurk/xPUYoLy_2NAT1BnJ6C9em7G0G0A>
Cc: "lurk@ietf.org" <lurk@ietf.org>
Subject: Re: [Lurk] New documented submitted
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 12:36:42 -0000

On 21 March 2016 at 13:03, Salz, Rich <rsalz@akamai.com> wrote:
>> You mean, why didn't we define something like "ecclg" analogous to rsalg?  We will if there's interest.
>>
>> If you mean something else, sorry, I don't understand.
> Sorry, I'm being obtuse.
>
> I don't think that it is worth the time of this working group if we
> only define solutions for non-PFS cipher suites.  And, to go further,
> we should ONLY work on solutions for PFS suites.
>
> I don't really care about the ECC/RSA choice.  I'd prefer something
> that allows for either, of course.
>
My reading of draft-erb-lurk-rsalg is that it supports all commonly used 
ciphersuites (DHE, ECDHE as well as plain RSA), while also adding a nice 
feature than only pertains to the non-PFS ciphersuites.

 From a requirements perspective, given that many clients still use RSA, 
CDNs must support them and therefore any solution we come up with must 
also support these ciphersuites, as much as we may dislike them.

Thanks,
     Yaron

v2.23.0 | Report a Bug | By Email