Re: [rtcweb] Security architecture: Making ECDSA mandatory
Eric Rescorla <ekr@rtfm.com> Sun, 12 June 2016 11:53 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 024F912D647 for <rtcweb@ietfa.amsl.com>; Sun, 12 Jun 2016 04:53:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mxQenpka1HkU for <rtcweb@ietfa.amsl.com>; Sun, 12 Jun 2016 04:53:56 -0700 (PDT)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D31F012D190 for <rtcweb@ietf.org>; Sun, 12 Jun 2016 04:53:55 -0700 (PDT)
Received: by mail-yw0-x231.google.com with SMTP id v137so2462628ywa.3 for <rtcweb@ietf.org>; Sun, 12 Jun 2016 04:53:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vSljsB6NVXQ6TDLASdun2WXeLwPLd9rFP5mJWYBflko=; b=X7NnadJ1aMcAlL6Y1oVisdiiW0QEz97h1im3K9Az4tYRzxyhqrGp2ALV16JdnA2dtm 8GaFU3ud3HPqj53m2wMaTrlmyTHpVPPcCiCx1mEgE2ueTyxq8X7JXIzjbK5tIC6HPWl9 1sW8pI6YQ1DNhU6uT4RslnK8NwypAYz8KURIbMLOHN+xfqbW4jyE2eQm8zL8hRQzg7ki ukhN4ot4nXLhTEqpQc9sggbRgtqGmV1g3nVmNq8Or33VS9/ZdAMaOLW1UVPqxfFok6ms c/m1qNKoXLqgdvEJ53Oq9hpCy0Vv9QVAVcq3P7iVETSBv3LzmfDpItWoHA8MxZhcIl+E b6kw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vSljsB6NVXQ6TDLASdun2WXeLwPLd9rFP5mJWYBflko=; b=IY5i8dALy+TgKTa/9vtf6oHzG3eLIjgfyePeWtnRSXPL28h1I0uGqipbHuMdHW2/wq PSwfqMzlL1Q+eo4W9U84aABB9EllkhRsKNUUJ2EvGdATgkK031tfD/Teden8nAYUkkKB kH1CiqDonDQkNgaxzNAL/rX8pK6Hnn9aroA6wrpyTsNb8b972q/mYzkbVgXaRVXmV/80 fBFNRKsRLzvtfs6r8YayGAUOEhgcFUXDlA0G5w09GU65bpG/Qv2jgdJMYY5Yi3ZnxlcD rIDTMam8b4JrzXH4KtOfzk1VpyzSNQUyzmwzwtqNAP9G4fXGY6nDDBkXkuQjDYKb0tRm bGfA==
X-Gm-Message-State: ALyK8tKBRcUsWhNWUuOHZKFKIEoF4fq8ndPypOhRUhP6YKZ4Unl/ubx6dqYDNzJhVauTMG834wIfmYH4TVzuLw==
X-Received: by 10.129.4.8 with SMTP id 8mr6047576ywe.44.1465732435058; Sun, 12 Jun 2016 04:53:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.213.206 with HTTP; Sun, 12 Jun 2016 04:53:15 -0700 (PDT)
In-Reply-To: <CAN3y0xb7Vu-nWaC2mo2N=mUW=maVV8ZUJHdnkD9D1Zuvw=zE3Q@mail.gmail.com>
References: <CABkgnnWjaBqVdNurt+sd3w9U_rpTi0WJKFce12KfA2W1mrnsTA@mail.gmail.com> <57457874.1010708@alvestrand.no> <3A4427FF-A0F1-4B1A-B30C-7FE4319515A2@gmail.com> <3B7A187E-D85C-4EB7-A4A8-221E1FD5E059@sn3rd.com> <CAN3y0xb7Vu-nWaC2mo2N=mUW=maVV8ZUJHdnkD9D1Zuvw=zE3Q@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 12 Jun 2016 04:53:15 -0700
Message-ID: <CABcZeBN7mM8+r151YHYqFfeVCVgwQRLdQBFg5JdVV2iveNW38g@mail.gmail.com>
To: md84419@gmail.com
Content-Type: multipart/alternative; boundary="001a113f575c20e6d10535136d31"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/X5h82shc2A1vC00cyNzKbWXO2yU>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security architecture: Making ECDSA mandatory
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Jun 2016 11:53:58 -0000
If there's something in particular you'd like to see, a pull request would be a great way to indicate that. -Ekr On Sun, Jun 12, 2016 at 2:19 AM, Michael Davey <md84419@gmail.com> wrote: > > On 25 May 2016 at 16:10, Michael Davey <md84419@gmail.com> wrote: > >> > I would recommend referencing IETF BCP 195. The comments about ECDHE > in that document (and of course the wider issues with weak DH key exchange) > may also be noteworthy. > > There is still no mention of BCP 195 in the -12 document. The > recommendations of BCP 195 with regards to ECDHE aren't reflected in the > -12 document. > > -- > Michael > > > On 9 June 2016 at 18:29, Sean Turner <sean@sn3rd.com> wrote: > >> I believe it’s in the newly posted -12 version: >> https://datatracker.ietf.org/doc/draft-ietf-rtcweb-security-arch >> >> spt >> >> > On Jun 09, 2016, at 10:08, Bernard Aboba <bernard.aboba@gmail.com> >> wrote: >> > >> > It should be merged. >> > >> > On May 25, 2016, at 03:03, Harald Alvestrand <harald@alvestrand.no> >> wrote: >> > >> >> In my search for status on ECDSA (we're in the process of switching >> the Chrome default), I came across this in the current draft: >> >> >> >> All implementations MUST implement DTLS 1.0, with the cipher suite >> >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA and the DTLS-SRTP protection >> >> profile SRTP_AES128_CM_HMAC_SHA1_80. Implementations SHOULD >> >> implement DTLS 1.2 with the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 >> >> cipher suite. Implementations SHOULD favor cipher suites which >> >> support PFS over non-PFS cipher suites and GCM over CBC cipher >> >> suites. [[OPEN ISSUE: Should we require ECDSA? Waiting for WG >> >> Consensus.]] >> >> >> >> >> >> I also found Martin's PR. It's 11 months old, still open. >> >> >> >> Can we merge this now? >> >> >> >> >> >> On 06/13/2015 12:06 AM, Martin Thomson wrote: >> >>> I've opened https://github.com/rtcweb-wg/security-arch/pull/33 >> >>> >> >>> >> >>> This changes the MTI cipher suites to ECDSA and does a little cleanup >> >>> on the corresponding API requirements to more closely match what has >> >>> just landed in the W3C specification. >> >>> >> >>> We discussed ECDSA and the only concerns raised were with >> >>> compatibility. I've done some testing with other implementations with >> >>> no issues, and ECDSA seems to be well supported on all those >> >>> hard-to-upgrade PSTN gateways (thanks to Cullen and Ethan for helping >> >>> out with checks there and to NIST for creating certification pressure >> >>> with FIPS-2). >> >>> >> >>> I have an implementation that switches Firefox to ECDSA with P-256 by >> >>> default. It's much, much faster. >> >>> http://bench.cr.yp.to/ >> >>> claims that >> >>> it's 150 times faster on mobile devices for keygen. >> >>> >> >>> _______________________________________________ >> >>> rtcweb mailing list >> >>> >> >>> rtcweb@ietf.org >> >>> https://www.ietf.org/mailman/listinfo/rtcweb >> >> >> >> _______________________________________________ >> >> rtcweb mailing list >> >> rtcweb@ietf.org >> >> https://www.ietf.org/mailman/listinfo/rtcweb >> > _______________________________________________ >> > rtcweb mailing list >> > rtcweb@ietf.org >> > https://www.ietf.org/mailman/listinfo/rtcweb >> >> _______________________________________________ >> rtcweb mailing list >> rtcweb@ietf.org >> https://www.ietf.org/mailman/listinfo/rtcweb >> > > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb > >
- [rtcweb] Security architecture: Making ECDSA mand… Martin Thomson
- Re: [rtcweb] Security architecture: Making ECDSA … Harald Alvestrand
- Re: [rtcweb] Security architecture: Making ECDSA … Alfred E. Heggestad
- Re: [rtcweb] Security architecture: Making ECDSA … Michael Davey
- Re: [rtcweb] Security architecture: Making ECDSA … Randell Jesup
- Re: [rtcweb] Security architecture: Making ECDSA … Bernard Aboba
- Re: [rtcweb] Security architecture: Making ECDSA … Sean Turner
- Re: [rtcweb] Security architecture: Making ECDSA … Michael Davey
- Re: [rtcweb] Security architecture: Making ECDSA … Eric Rescorla