Re: [rtcweb] Security architecture: Making ECDSA mandatory

Michael Davey <md84419@gmail.com> Wed, 25 May 2016 15:12 UTC

Return-Path: <md84419@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5F3B12D7BF for <rtcweb@ietfa.amsl.com>; Wed, 25 May 2016 08:12:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.199
X-Spam-Level:
X-Spam-Status: No, score=-2.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HYVn_4Qi4Ss0 for <rtcweb@ietfa.amsl.com>; Wed, 25 May 2016 08:12:55 -0700 (PDT)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5682412D837 for <rtcweb@ietf.org>; Wed, 25 May 2016 08:11:13 -0700 (PDT)
Received: by mail-yw0-x22a.google.com with SMTP id c127so50308609ywb.1 for <rtcweb@ietf.org>; Wed, 25 May 2016 08:11:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=EtwTzOO0+8dB718DECa8jEept0CZIxgmfOhOXGG3tx8=; b=NvcN0CcSk8yjFzPxwZ2YmrivgpCUwNm+x5Y73xfE4XEIAT19yNKmJo6+PMOs4x9Ff+ Rnvl0VM1tG66XOxPKAAGL6/WAj3xlF/v+7/M2lLAdgpbW4tre7jx+lJJC6oZPmwMeaTK x4dpS3k1ifPdrA+RG+WWB0JgUTI7et83IBxLDcimclJY8XlFS49+A197FOrC/AWO7vr1 GZdNKixKdPiraq97y2aFwwL1sU4+I4v6auXKNtBlOwSn+93XlLthDs4Li/NgFg6f6t4C I4xHkm09qcpKUrsAZLiMJ4jJ9p8X/FglTK9/by9JpFWdPgjW0Lv+z/MDmgfOqKcm8yM0 FNbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=EtwTzOO0+8dB718DECa8jEept0CZIxgmfOhOXGG3tx8=; b=B4VWnw8ViswP7/bEIB6iVpNE4l1+I+YNm4NAJTyKyKNZFJ8RI1CJIX6KnedmIarP9E i51eXjgIdPcYnb/0r9YN9oXCNVIZfcAsWy2uCoc9paIAelJ/KKQjRTp2JnCGhFGRU8O0 jirNwDLLttX/SNPx1UwE8E29IVQllIfsQOx42VvqZUX8ObIX9QU9q9hGpgIscIefEV8v 4bmZStiHfzUWJLOMnrFXHGV6RKnvsGuRiXJ9+2krK5GxwAyazSm+ODKExwaVMAEmGYfE tHzaSFJ7WpU7FFGbjhoO4BVNJtdzZ/rc8NRh+5mfzrG5XC5LESGebQliL+mTc5rTDhuz D/SQ==
X-Gm-Message-State: ALyK8tJy9pVk5uyjDQCwTAs1YqV6pSZ0R2EihZGFHFEB/wp5dqj8CzMZlQpLz+xq0MAzhQgthoyQoTHAZwXaww==
X-Received: by 10.13.212.142 with SMTP id w136mr2680342ywd.226.1464189072549; Wed, 25 May 2016 08:11:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.240.194 with HTTP; Wed, 25 May 2016 08:10:53 -0700 (PDT)
In-Reply-To: <57457B9F.7060709@db.org>
References: <CABkgnnWjaBqVdNurt+sd3w9U_rpTi0WJKFce12KfA2W1mrnsTA@mail.gmail.com> <57457B9F.7060709@db.org>
From: Michael Davey <md84419@gmail.com>
Date: Wed, 25 May 2016 16:10:53 +0100
Message-ID: <CAN3y0xZY+hcsfiXiKPbwAXqkbC89pvfVPm+oOJ-+qQ071z+iqA@mail.gmail.com>
To: "Alfred E. Heggestad" <aeh@db.org>
Content-Type: multipart/alternative; boundary=001a114fb5a28dafb10533ac158c
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/c6tUonORYe9yzqUAdpuUXOjiPDA>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security architecture: Making ECDSA mandatory
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: md84419@gmail.com
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2016 15:12:58 -0000

I would recommend referencing IETF BCP 195.  The comments about ECDHE in
that document (and of course the wider issues with weak DH key exchange)
may also be noteworthy.

-- 
Michael


On 25 May 2016 at 11:17, Alfred E. Heggestad <aeh@db.org> wrote:

>
>
> On 13/06/15 00:06, Martin Thomson wrote:
>
>> I've opened https://github.com/rtcweb-wg/security-arch/pull/33
>>
>> This changes the MTI cipher suites to ECDSA and does a little cleanup
>> on the corresponding API requirements to more closely match what has
>> just landed in the W3C specification.
>>
>> We discussed ECDSA and the only concerns raised were with
>> compatibility.  I've done some testing with other implementations with
>> no issues, and ECDSA seems to be well supported on all those
>> hard-to-upgrade PSTN gateways (thanks to Cullen and Ethan for helping
>> out with checks there and to NIST for creating certification pressure
>> with FIPS-2).
>>
>> I have an implementation that switches Firefox to ECDSA with P-256 by
>> default.  It's much, much faster.  http://bench.cr.yp.to/ claims that
>> it's 150 times faster on mobile devices for keygen.
>>
>>
> I can confirm this. Here at Wire.com we are using ECDSA certs for the
> DTLS connections. Generating self-signed certs takes around 1 millisecond.
>
>
>
> /alfred
>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>