Re: [rtcweb] Security architecture: Making ECDSA mandatory

Bernard Aboba <bernard.aboba@gmail.com> Thu, 09 June 2016 15:08 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 824EB12D63C for <rtcweb@ietfa.amsl.com>; Thu, 9 Jun 2016 08:08:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j4kN1-Bbi_NE for <rtcweb@ietfa.amsl.com>; Thu, 9 Jun 2016 08:08:11 -0700 (PDT)
Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ECF812D5CD for <rtcweb@ietf.org>; Thu, 9 Jun 2016 08:08:11 -0700 (PDT)
Received: by mail-pf0-x235.google.com with SMTP id c2so14281899pfa.2 for <rtcweb@ietf.org>; Thu, 09 Jun 2016 08:08:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mu9WEqHW+q3FidDCRrqmeGUypOz8PnK91wvvb81we7w=; b=lDo5yThLQX3KM6D1Icyp3s3ufn2jxHueSvVGYYgOAx8vl8ylaOYV9yM630zVf4vQk4 vccQ5YDXaHCdU4FCkmq8rAKDLWsS0QKsWT9U3cW767QOiqA74NKupN+JKV3c8To2gPV0 gLqTGuRu0gkrZY++pBAYtc/woifP4u/4/WDs7Nb6+wPvMHaN4TR/QiIYA5HLBN/xDYRf DePJRNmsed+OZPYVNqKZ3Y08V0XMCSDpv6gHw794R1byOTsviOO0zr0wyNeTSm+caf2U E6LcLMN+MmQnGrpjJlFAwq3BFu0r/mtHl21DxIcQ/wuTndNkMDhRoSg5TtP4WFasWSRM c+dg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mu9WEqHW+q3FidDCRrqmeGUypOz8PnK91wvvb81we7w=; b=nGAfDYL/e1btddk2bsdgzKANWOv13RwOvkhGW5x0Qx0zLMN0Eef+VO2oNRNNxrIOCY L61kNwwxiad+vUg2VA8DOgj3D33S6Z5qTvLn83Z9RGaK+ArUgz0yUVtPSQ0F5nhM76+9 n87kHC4K9KTbsstOAS0B029v4iq7VpqiBDxDlP7tuH9zcd0/dnLYfJma5+7MZ0cQrgtR 7OFUG6Lh+xPjinzcFVwzkAzO/SKQoXcSZKVpmee0TS6ka9USvO751PXg/3pByoL7DI8q xfKtkiW2C/tkmZpgL0fMheGOQcpQbLONVYMSJFg4Sd9NcVrCxwu9AqkU118s5hlgmLBc uFRQ==
X-Gm-Message-State: ALyK8tKosueA5W+A+V82sMMjchjE5Ynmf8KOznHJ9vjiHsPBjs5rPJTOoTMn0QRAnIfHHw==
X-Received: by 10.98.99.132 with SMTP id x126mr5188779pfb.48.1465484891018; Thu, 09 Jun 2016 08:08:11 -0700 (PDT)
Received: from [10.0.1.6] (c-24-19-245-25.hsd1.wa.comcast.net. [24.19.245.25]) by smtp.gmail.com with ESMTPSA id d8sm10786192pfg.72.2016.06.09.08.08.09 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 09 Jun 2016 08:08:09 -0700 (PDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-8EB685EF-1B75-480D-97CC-9900253EFBEA
Mime-Version: 1.0 (1.0)
From: Bernard Aboba <bernard.aboba@gmail.com>
X-Mailer: iPad Mail (13F69)
In-Reply-To: <57457874.1010708@alvestrand.no>
Date: Thu, 9 Jun 2016 08:08:09 -0700
Content-Transfer-Encoding: 7bit
Message-Id: <3A4427FF-A0F1-4B1A-B30C-7FE4319515A2@gmail.com>
References: <CABkgnnWjaBqVdNurt+sd3w9U_rpTi0WJKFce12KfA2W1mrnsTA@mail.gmail.com> <57457874.1010708@alvestrand.no>
To: Harald Alvestrand <harald@alvestrand.no>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/RF0Jfhd3ptZGsXIrobpYD0wYiWM>
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Security architecture: Making ECDSA mandatory
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2016 15:08:14 -0000

It should be merged. 

> On May 25, 2016, at 03:03, Harald Alvestrand <harald@alvestrand.no> wrote:
> 
> In my search for status on ECDSA (we're in the process of switching the Chrome default), I came across this in the current draft:
> 
>    All implementations MUST implement DTLS 1.0, with the cipher suite
>    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA and the DTLS-SRTP protection
>    profile SRTP_AES128_CM_HMAC_SHA1_80.  Implementations SHOULD
>    implement DTLS 1.2 with the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>    cipher suite.  Implementations SHOULD favor cipher suites which
>    support PFS over non-PFS cipher suites and GCM over CBC cipher
>    suites.  [[OPEN ISSUE: Should we require ECDSA?  Waiting for WG
>    Consensus.]]
> 
> I also found Martin's PR. It's 11 months old, still open.
> 
> Can we merge this now?
> 
> 
>> On 06/13/2015 12:06 AM, Martin Thomson wrote:
>> I've opened https://github.com/rtcweb-wg/security-arch/pull/33
>> 
>> This changes the MTI cipher suites to ECDSA and does a little cleanup
>> on the corresponding API requirements to more closely match what has
>> just landed in the W3C specification.
>> 
>> We discussed ECDSA and the only concerns raised were with
>> compatibility.  I've done some testing with other implementations with
>> no issues, and ECDSA seems to be well supported on all those
>> hard-to-upgrade PSTN gateways (thanks to Cullen and Ethan for helping
>> out with checks there and to NIST for creating certification pressure
>> with FIPS-2).
>> 
>> I have an implementation that switches Firefox to ECDSA with P-256 by
>> default.  It's much, much faster.  http://bench.cr.yp.to/ claims that
>> it's 150 times faster on mobile devices for keygen.
>> 
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb