Re: [rtcweb] Open Security issue: Crypto algorithms

Justin Uberti <juberti@google.com> Thu, 21 May 2015 16:39 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A08B1A001C for <rtcweb@ietfa.amsl.com>; Thu, 21 May 2015 09:39:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5f_HIJS6SbRU for <rtcweb@ietfa.amsl.com>; Thu, 21 May 2015 09:39:52 -0700 (PDT)
Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A1721A6FFB for <rtcweb@ietf.org>; Thu, 21 May 2015 09:39:52 -0700 (PDT)
Received: by igbpi8 with SMTP id pi8so14592940igb.1 for <rtcweb@ietf.org>; Thu, 21 May 2015 09:39:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=ZeqpkYKg8EJcMHvblukLYI5aoklkeeKYezDSMIkYwko=; b=BaeoTF/lUiPnN9wftckPm1rp5ufxbJSnyaML4TUGpt02SR53+ieWKZnTolHHpaPi3l nDwPXihm88mLSdvrLdJxs2wysdbAveTJ4gOM7wLsJkIkEpDP6mkLwNHfgOay42dW657R +kwrb7zz/3eCwYLJVh3bKO8F5bDJIvTzcntbZPUqrgmnngTV6J8gHrrRggGwNxZdcvn6 TlwIZrf65IxFzmg7ygKVvkSWWIt1BI/+knOlimtzFQMgi0hro/29OPMEvPcDhFyriNrH 3jAxy4lJFbGXGyks0qw7fK5pUCRpRspq+xd+scu8WVNX8Q5hWybnvbPmAiIlBr0UQjJU xFwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ZeqpkYKg8EJcMHvblukLYI5aoklkeeKYezDSMIkYwko=; b=IArhgA8C0E3tCo5v8k0VkjvkmEkdPWt58YW9Y/1ei7zpPpxDVBv3fuEWC2zwI7HGtM sQ41bYJs5qyYLyQAhQFYrN3AI59g3u8heoIN3NEkOWUoNS2vmKNq96dbdRBp7J8yWpBI XjJwKdb5iDr1Z+4q0NHZv+IntvDNMU03QmC0xCbLwuL+BHm9p7zLEli65eznHOiVzt2X 6n759pZ97QbsnpdodrvzstjTf5bRqjyFRv90SjsgURA4B1+Wtj6TUFGLFv3OP2YO66TG gUJ2MdVtzOoIvH4fQn8wVD1Qg0NZ2vqmvzLTYi61JIzOufCQ287lPxSkRp2x6iSKCjGf Ljyw==
X-Gm-Message-State: ALoCoQkTYyNx/QO4/l2np7wE003zZWt1Fzqo4AZ9QixA0GdhqlpzCCl1yHKRXAuuc9HpzQTxLT3H
X-Received: by 10.43.24.76 with SMTP id rd12mr4255053icb.84.1432226391709; Thu, 21 May 2015 09:39:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.5.1 with HTTP; Thu, 21 May 2015 09:39:31 -0700 (PDT)
In-Reply-To: <0FEF3981-063C-450C-9E6A-685696B4F5E0@ieca.com>
References: <5549E480.4030806@alvestrand.no> <CABkgnnUquwQVo+RO=96UVBVuJ-EhZQzsCA6vV7LBbEpCiGS=bQ@mail.gmail.com> <CA+9kkMAOu28ZmBPv2vPjU5EQsGF2isgMuw_KUKKroJ-P3Fn_LA@mail.gmail.com> <CABkgnnVZvNTeFfSv09PuKEOFXZAM5dmjpp3Gg7SOuhXVG8QR9Q@mail.gmail.com> <0FEF3981-063C-450C-9E6A-685696B4F5E0@ieca.com>
From: Justin Uberti <juberti@google.com>
Date: Thu, 21 May 2015 09:39:31 -0700
Message-ID: <CAOJ7v-3TLbRZpQW1qjZAHwj58dKCxeHtqrgDdwA-jYwe6vQSYw@mail.gmail.com>
To: Sean Turner <turners@ieca.com>
Content-Type: multipart/alternative; boundary="bcaec51dd02d50f08c05169a319f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/vWJ9PmIcvWN_ye_ApzZ8d_JtyFU>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Open Security issue: Crypto algorithms
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 16:39:53 -0000

On Wed, May 20, 2015 at 5:56 AM, Sean Turner <turners@ieca.com> wrote:

> On May 07, 2015, at 09:46, Martin Thomson <martin.thomson@gmail.com>
> wrote:
>
> > On 7 May 2015 at 02:38, Ted Hardie <ted.ietf@gmail.com> wrote:
> >> I am not chair with the particularly good position to collect feedback,
> but
> >> I happen to know he's flying today.  My understanding of the current
> theory
> >> is that we ask TLS what cipher suites and version numbers to mandate;
> if we
> >> had a strong reason to disagree, we would need to document why we went
> with
> >> something other than what they suggested.
> >>
> >> He-who-is-in-the-air may tell me I've got it wrong, of course.
> >
> > Sounds good, perhaps we should ask he-who-will-eventually-land to pass
> > on the question, unless we both are wrong.
>
> On it - albeit a little late. It’s worth noting that the UTA BCP195 (RFC
> 7525) (Recommendations for Secure Use of Transport Layer Security (TLS) and
> Datagram Transport Layer Security (DTLS)) was recently published and
> recommends this set of algorithms:
>
>    o  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>    o  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>    o  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
>    o  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>
> I also admit that I prefer ECDSA, primarily for smaller certs for
> comparable security, but acknowledge Martin’s point about the cert
> management APIs.
>

I'd also like to see ECDSA mandated, since it is much more friendly for
low-power devices.