Re: [rtcweb] Security architecture: Making ECDSA mandatory

Michael Davey <md84419@gmail.com> Sun, 12 June 2016 09:19 UTC

Return-Path: <md84419@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C787412D1B1 for <rtcweb@ietfa.amsl.com>; Sun, 12 Jun 2016 02:19:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.199
X-Spam-Level:
X-Spam-Status: No, score=-2.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ombGZE5Wp_en for <rtcweb@ietfa.amsl.com>; Sun, 12 Jun 2016 02:19:24 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FAC412D10B for <rtcweb@ietf.org>; Sun, 12 Jun 2016 02:19:24 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id z186so84904086ywd.2 for <rtcweb@ietf.org>; Sun, 12 Jun 2016 02:19:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=K3k2ZUTI3HQCt4UT0jIFy+jwbaU3JvJx+DZQnzbND34=; b=LwonjjLEBYjUI0KU0tZQcwFAr2re/ifvAXFp5dt0QcONN8KdFa8pYeMnRvosamQSkB 3mNDu9f8PjzlIBy7vNQOP9z+/cVYIGMmuu5FAcYMylKrtMf+tNhg94XhcQC+qCz5i3ad eRLJ/Rm60mYC45qr4Dt55nZwAL9EDomWNZvJMB3ZNb2qj9sitFPQydUsZ8AeSdLaV7+9 8QVmiqPwQGZ+bdV7B5r+if5FiIJrHOhn6EimH9rTFfu4q/kqRHFZ8vAGFZroOi72z8gz d1u9G6eF53FvVkpOqHkbzfExGUAJHbJsJlNSlj6/WnRB3sgG0Oa8gI9Bp/OKZfEsJSwk lceQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=K3k2ZUTI3HQCt4UT0jIFy+jwbaU3JvJx+DZQnzbND34=; b=F9kYYtaSpfSNvS72GGFD0j2l/OkM1AWQn0TPbIz6I1/bFsOk9N8cbSz9zwEWYWxNNt vTCfxHXcL1O3ujiPH1auPDA1k1rRkCV/LaXWtdYxmOGjes3ENG7jVJmQe2kGRxxms/8/ 6cJybp85Ahx5shuq1YSaZFJ3JshUIsFvg3iG7Ad5Kz+8P9ae8MD8OpD7aLSHPHSvU7Oy 6AHlz0svaGZ1ihVHsW9jF6glouIuStXf29JbJEYqlh8jK9RWSbNgI7IwfWJz+RtMZb+s VZyhO5ZLns3GoxF8mVr5ok+xL0cmU/erqQ9jMKOBD+SNUPex2CsmVUa01ti4Dq3aZ93T PnFA==
X-Gm-Message-State: ALyK8tJfF5x8FxwKXuZmGoj0mHCJ/Lvj8+eyOlN1rY3zS9UZg7XpMyfkXyvSITA/T05JtoGVDBLq/kSMdC+85g==
X-Received: by 10.129.27.9 with SMTP id b9mr5359692ywb.173.1465723163871; Sun, 12 Jun 2016 02:19:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.240.194 with HTTP; Sun, 12 Jun 2016 02:19:04 -0700 (PDT)
In-Reply-To: <3B7A187E-D85C-4EB7-A4A8-221E1FD5E059@sn3rd.com>
References: <CABkgnnWjaBqVdNurt+sd3w9U_rpTi0WJKFce12KfA2W1mrnsTA@mail.gmail.com> <57457874.1010708@alvestrand.no> <3A4427FF-A0F1-4B1A-B30C-7FE4319515A2@gmail.com> <3B7A187E-D85C-4EB7-A4A8-221E1FD5E059@sn3rd.com>
From: Michael Davey <md84419@gmail.com>
Date: Sun, 12 Jun 2016 10:19:04 +0100
Message-ID: <CAN3y0xb7Vu-nWaC2mo2N=mUW=maVV8ZUJHdnkD9D1Zuvw=zE3Q@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Content-Type: multipart/alternative; boundary=001a1142a41a85913b0535114481
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/FzpDU_fc76C5FuAFGhB2WWgTT14>
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Security architecture: Making ECDSA mandatory
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: md84419@gmail.com
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Jun 2016 09:19:27 -0000

On 25 May 2016 at 16:10, Michael Davey <md84419@gmail.com> wrote:

> > I would recommend referencing IETF BCP 195.  The comments about ECDHE
in that document (and of course the wider issues with weak DH key exchange)
may also be noteworthy.

There is still no mention of BCP 195 in the -12 document.  The
recommendations of BCP 195 with regards to ECDHE aren't reflected in the
-12 document.

-- 
Michael


On 9 June 2016 at 18:29, Sean Turner <sean@sn3rd.com> wrote:

> I believe it’s in the newly posted -12 version:
> https://datatracker.ietf.org/doc/draft-ietf-rtcweb-security-arch
>
> spt
>
> > On Jun 09, 2016, at 10:08, Bernard Aboba <bernard.aboba@gmail.com>
> wrote:
> >
> > It should be merged.
> >
> > On May 25, 2016, at 03:03, Harald Alvestrand <harald@alvestrand.no>
> wrote:
> >
> >> In my search for status on ECDSA (we're in the process of switching the
> Chrome default), I came across this in the current draft:
> >>
> >>    All implementations MUST implement DTLS 1.0, with the cipher suite
> >>    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA and the DTLS-SRTP protection
> >>    profile SRTP_AES128_CM_HMAC_SHA1_80.  Implementations SHOULD
> >>    implement DTLS 1.2 with the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> >>    cipher suite.  Implementations SHOULD favor cipher suites which
> >>    support PFS over non-PFS cipher suites and GCM over CBC cipher
> >>    suites.  [[OPEN ISSUE: Should we require ECDSA?  Waiting for WG
> >>    Consensus.]]
> >>
> >>
> >> I also found Martin's PR. It's 11 months old, still open.
> >>
> >> Can we merge this now?
> >>
> >>
> >> On 06/13/2015 12:06 AM, Martin Thomson wrote:
> >>> I've opened https://github.com/rtcweb-wg/security-arch/pull/33
> >>>
> >>>
> >>> This changes the MTI cipher suites to ECDSA and does a little cleanup
> >>> on the corresponding API requirements to more closely match what has
> >>> just landed in the W3C specification.
> >>>
> >>> We discussed ECDSA and the only concerns raised were with
> >>> compatibility.  I've done some testing with other implementations with
> >>> no issues, and ECDSA seems to be well supported on all those
> >>> hard-to-upgrade PSTN gateways (thanks to Cullen and Ethan for helping
> >>> out with checks there and to NIST for creating certification pressure
> >>> with FIPS-2).
> >>>
> >>> I have an implementation that switches Firefox to ECDSA with P-256 by
> >>> default.  It's much, much faster.
> >>> http://bench.cr.yp.to/
> >>>  claims that
> >>> it's 150 times faster on mobile devices for keygen.
> >>>
> >>> _______________________________________________
> >>> rtcweb mailing list
> >>>
> >>> rtcweb@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/rtcweb
> >>
> >> _______________________________________________
> >> rtcweb mailing list
> >> rtcweb@ietf.org
> >> https://www.ietf.org/mailman/listinfo/rtcweb
> > _______________________________________________
> > rtcweb mailing list
> > rtcweb@ietf.org
> > https://www.ietf.org/mailman/listinfo/rtcweb
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>