Re: [rtcweb] Security architecture: Making ECDSA mandatory
Harald Alvestrand <harald@alvestrand.no> Wed, 25 May 2016 10:04 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E190F12D9E3 for <rtcweb@ietfa.amsl.com>; Wed, 25 May 2016 03:04:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.325
X-Spam-Level:
X-Spam-Status: No, score=-3.325 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NGufgvhDCXi5 for <rtcweb@ietfa.amsl.com>; Wed, 25 May 2016 03:04:45 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [IPv6:2001:700:1:2::117]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFA3612DA80 for <rtcweb@ietf.org>; Wed, 25 May 2016 03:03:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id F3B5D7C7E6A for <rtcweb@ietf.org>; Wed, 25 May 2016 12:03:35 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at alvestrand.no
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6monsHiXBN1 for <rtcweb@ietf.org>; Wed, 25 May 2016 12:03:34 +0200 (CEST)
Received: from hta-hippo.lul.corp.google.com (unknown [IPv6:2620:0:1043:12:c86f:6f80:194b:9465]) by mork.alvestrand.no (Postfix) with ESMTPSA id 4B9857C7E64 for <rtcweb@ietf.org>; Wed, 25 May 2016 12:03:34 +0200 (CEST)
To: rtcweb@ietf.org
References: <CABkgnnWjaBqVdNurt+sd3w9U_rpTi0WJKFce12KfA2W1mrnsTA@mail.gmail.com>
From: Harald Alvestrand <harald@alvestrand.no>
Message-ID: <57457874.1010708@alvestrand.no>
Date: Wed, 25 May 2016 12:03:32 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <CABkgnnWjaBqVdNurt+sd3w9U_rpTi0WJKFce12KfA2W1mrnsTA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------040204050708010808010908"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/jFazHA4NiWFC-caKO3HOKpLNQ1Q>
Subject: Re: [rtcweb] Security architecture: Making ECDSA mandatory
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2016 10:04:48 -0000
In my search for status on ECDSA (we're in the process of switching the Chrome default), I came across this in the current draft: All implementations MUST implement DTLS 1.0, with the cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA and the DTLS-SRTP protection profile SRTP_AES128_CM_HMAC_SHA1_80. Implementations SHOULD implement DTLS 1.2 with the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite. Implementations SHOULD favor cipher suites which support PFS over non-PFS cipher suites and GCM over CBC cipher suites. [[OPEN ISSUE: Should we require ECDSA? Waiting for WG Consensus.]] I also found Martin's PR. It's 11 months old, still open. Can we merge this now? On 06/13/2015 12:06 AM, Martin Thomson wrote: > I've opened https://github.com/rtcweb-wg/security-arch/pull/33 > > This changes the MTI cipher suites to ECDSA and does a little cleanup > on the corresponding API requirements to more closely match what has > just landed in the W3C specification. > > We discussed ECDSA and the only concerns raised were with > compatibility. I've done some testing with other implementations with > no issues, and ECDSA seems to be well supported on all those > hard-to-upgrade PSTN gateways (thanks to Cullen and Ethan for helping > out with checks there and to NIST for creating certification pressure > with FIPS-2). > > I have an implementation that switches Firefox to ECDSA with P-256 by > default. It's much, much faster. http://bench.cr.yp.to/ claims that > it's 150 times faster on mobile devices for keygen. > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] Security architecture: Making ECDSA mand… Martin Thomson
- Re: [rtcweb] Security architecture: Making ECDSA … Harald Alvestrand
- Re: [rtcweb] Security architecture: Making ECDSA … Alfred E. Heggestad
- Re: [rtcweb] Security architecture: Making ECDSA … Michael Davey
- Re: [rtcweb] Security architecture: Making ECDSA … Randell Jesup
- Re: [rtcweb] Security architecture: Making ECDSA … Bernard Aboba
- Re: [rtcweb] Security architecture: Making ECDSA … Sean Turner
- Re: [rtcweb] Security architecture: Making ECDSA … Michael Davey
- Re: [rtcweb] Security architecture: Making ECDSA … Eric Rescorla