[rtcweb] Security architecture: Making ECDSA mandatory

Martin Thomson <martin.thomson@gmail.com> Fri, 12 June 2015 22:06 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 185CB1B2B7B for <rtcweb@ietfa.amsl.com>; Fri, 12 Jun 2015 15:06:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 9yDH84x2CPJo for <rtcweb@ietfa.amsl.com>; Fri, 12 Jun 2015 15:06:44 -0700 (PDT)
Received: from mail-yh0-x22b.google.com (mail-yh0-x22b.google.com [IPv6:2607:f8b0:4002:c01::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 804051B2B78 for <rtcweb@ietf.org>; Fri, 12 Jun 2015 15:06:44 -0700 (PDT)
Received: by yhid80 with SMTP id d80so18872163yhi.1 for <rtcweb@ietf.org>; Fri, 12 Jun 2015 15:06:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=WDmqO/+Q7GJkoRfmi9Pufg3H2r9QQrzb9cZEtXOrIGM=; b=a99bIXu/hS8UqqqAoy+rZCu69cbxM0AAFRl7IAYlKdeVoqnYOSgiI62o+uM6zQ6Czf w/2BO3KkAQCRsay4pG/h/hMVHMLBjhSK5P6RvY8VDPME7s3kSmnWH0tEhYGeyW1jlgkc 1/wNZcandnaZQV7wI4bpeDst97Dg3e0P6eZ/42eHkH1Ao5NdozB0kaOta2scExH+zszJ gAMRdfWaSsZFg2GHjzs8x1XI+klli/5XeRqo5P9FpIPFZbSBngdoXwHP0/Cw41zdzcv+ hqm7o23He1oJvTxB/GbajT0/P/2AEPRK6Bewb2uqWBEvyS6hZX0ze7n2g4L5GmlBMgJ5 O13A==
MIME-Version: 1.0
X-Received: by with SMTP id g126mr21197159ykc.98.1434146803917; Fri, 12 Jun 2015 15:06:43 -0700 (PDT)
Received: by with HTTP; Fri, 12 Jun 2015 15:06:43 -0700 (PDT)
Date: Fri, 12 Jun 2015 15:06:43 -0700
Message-ID: <CABkgnnWjaBqVdNurt+sd3w9U_rpTi0WJKFce12KfA2W1mrnsTA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/PVyLvJ3jWX4KfeGm_17d1D1EMPk>
Subject: [rtcweb] Security architecture: Making ECDSA mandatory
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2015 22:06:46 -0000

I've opened https://github.com/rtcweb-wg/security-arch/pull/33

This changes the MTI cipher suites to ECDSA and does a little cleanup
on the corresponding API requirements to more closely match what has
just landed in the W3C specification.

We discussed ECDSA and the only concerns raised were with
compatibility.  I've done some testing with other implementations with
no issues, and ECDSA seems to be well supported on all those
hard-to-upgrade PSTN gateways (thanks to Cullen and Ethan for helping
out with checks there and to NIST for creating certification pressure
with FIPS-2).

I have an implementation that switches Firefox to ECDSA with P-256 by
default.  It's much, much faster.  http://bench.cr.yp.to/ claims that
it's 150 times faster on mobile devices for keygen.