Re: [rtcweb] Open Security issue: Crypto algorithms

Martin Thomson <martin.thomson@gmail.com> Wed, 06 May 2015 15:58 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B92051A0AFE for <rtcweb@ietfa.amsl.com>; Wed, 6 May 2015 08:58:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A4Y3vY1Vq2cx for <rtcweb@ietfa.amsl.com>; Wed, 6 May 2015 08:58:45 -0700 (PDT)
Received: from mail-yh0-x231.google.com (mail-yh0-x231.google.com [IPv6:2607:f8b0:4002:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D21751B2BB2 for <rtcweb@ietf.org>; Wed, 6 May 2015 08:58:33 -0700 (PDT)
Received: by yhrr66 with SMTP id r66so3535259yhr.3 for <rtcweb@ietf.org>; Wed, 06 May 2015 08:58:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dfBbAKZ3M8/Pnmhv0uBRMFYue2WvHxviSB/bQV+gVJc=; b=aEqiloN2uGh+g3mb8nDehyVNnCa8od7ECtYmPYWQ0666ka7sQmtSW8ptLNlNvN+NCZ PaOe3CPIxWvr2+5oYJl2hE06ftVqf+Jlgfdd1ytmgdjYDyFTTIt/6UGddZ5JQqo0N9xb UcwauIAVKjIIwTtux1HKoWb0Z5DSmcC3Oncxgky5s1UGpaD1IrLVhN975qbN+7MHQQw4 0/ohrVdZZk36E+NjndRGJI/O6HUEsrLmYvkC0zI+89baYEJWMpwKbv9C42Lffv/Hkzy9 YCRmy/G8kz54wsntIiYxM57wsLFkDoRCl7GWZJscL7yCdD8GVCbF5/CgCJa9gjsBTsYz MC7w==
MIME-Version: 1.0
X-Received: by 10.236.16.138 with SMTP id h10mr22706190yhh.93.1430927913254; Wed, 06 May 2015 08:58:33 -0700 (PDT)
Received: by 10.13.247.71 with HTTP; Wed, 6 May 2015 08:58:33 -0700 (PDT)
In-Reply-To: <5549E480.4030806@alvestrand.no>
References: <5549E480.4030806@alvestrand.no>
Date: Wed, 06 May 2015 08:58:33 -0700
Message-ID: <CABkgnnUquwQVo+RO=96UVBVuJ-EhZQzsCA6vV7LBbEpCiGS=bQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/9qDF5ippWjGs6k1dVR1nxUSX8h8>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Open Security issue: Crypto algorithms
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2015 15:58:46 -0000

On 6 May 2015 at 02:53, Harald Alvestrand <harald@alvestrand.no> wrote:
> Do we have an idea on how to move forward with resolving the outstanding
> question?

I would like to make ECDSA mandatory.  There seems to be no question
regarding ECDHE.  We intend to implement ECDSA, but need the
certificate management API additions so that we can avoid
compatibility issues (I'll note that chrome and firefox are perfectly
happy to negotiate ECDSA with anyone who chooses to use it today, but
there might be some gateway/server code out there that might not
tolerate it as readily).

We can ask TLS, but I will defer to the chairs on how they want to
collect feedback (one of the chairs is in a particularly good position
in this respect, I note).