Re: [rtcweb] Open Security issue: Crypto algorithms
"Cullen Jennings (fluffy)" <fluffy@cisco.com> Tue, 26 May 2015 20:33 UTC
Return-Path: <fluffy@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0E5B1B313F for <rtcweb@ietfa.amsl.com>; Tue, 26 May 2015 13:33:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -114.511
X-Spam-Level:
X-Spam-Status: No, score=-114.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IslmqoEoeHqv for <rtcweb@ietfa.amsl.com>; Tue, 26 May 2015 13:33:37 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B3901B3138 for <rtcweb@ietf.org>; Tue, 26 May 2015 13:33:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=896; q=dns/txt; s=iport; t=1432672417; x=1433882017; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=Z80ndV/MZqVG81V9c74IGp1ezxWCSKYRJylHsCnNieA=; b=FGxb2h7OHa7Pg99xSdMQ9Ac1hpTyz1i1EMRVUwT8fRwAAuV/GdQRhFww m1OhMyo6hsU4IA3tbN7opEsdNr6hsYUSZco4fc+8IqZ0u/VsgOZOTnH/3 Rku7K39K/JrAbmsBYkIa0s5dszw9U9LHCLNkEeuCQCtyx7TqLg7r8DIn8 Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ANBQBY2GRV/4cNJK1cgxCBMgbLBAKBSUwBAQEBAQGBC4QiAQEBAwE6PwULAgEIGB4QIRElAgQBDQWIFwMKCMYdDYRwAQEBAQEBAQEBAQEBAQEBAQEBAQEBF4s6gk2BaRwzB4MXgRYBBJMIiTaBWZAshwMjg3hvgUaBAQEBAQ
X-IronPort-AV: E=Sophos;i="5.13,501,1427760000"; d="scan'208";a="422767864"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-5.cisco.com with ESMTP; 26 May 2015 20:33:21 +0000
Received: from xhc-aln-x14.cisco.com (xhc-aln-x14.cisco.com [173.36.12.88]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id t4QKXLSO017871 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 26 May 2015 20:33:21 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.147]) by xhc-aln-x14.cisco.com ([173.36.12.88]) with mapi id 14.03.0195.001; Tue, 26 May 2015 15:33:21 -0500
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: Martin Thomson <martin.thomson@gmail.com>, Justin Uberti <juberti@google.com>
Thread-Topic: [rtcweb] Open Security issue: Crypto algorithms
Thread-Index: AQHQl/M0tKGTckfL50yoPV3DPTsARQ==
Date: Tue, 26 May 2015 20:33:20 +0000
Message-ID: <B46B97CD-FEE1-4017-AA8B-785D089CF378@cisco.com>
References: <5549E480.4030806@alvestrand.no> <CABkgnnUquwQVo+RO=96UVBVuJ-EhZQzsCA6vV7LBbEpCiGS=bQ@mail.gmail.com> <CA+9kkMAOu28ZmBPv2vPjU5EQsGF2isgMuw_KUKKroJ-P3Fn_LA@mail.gmail.com> <CABkgnnVZvNTeFfSv09PuKEOFXZAM5dmjpp3Gg7SOuhXVG8QR9Q@mail.gmail.com> <0FEF3981-063C-450C-9E6A-685696B4F5E0@ieca.com> <CAOJ7v-3TLbRZpQW1qjZAHwj58dKCxeHtqrgDdwA-jYwe6vQSYw@mail.gmail.com> <CABkgnnXa=i_p4b+3nrw8e+87U4X9Nhnj852DhSp0Ti8XM1-dPQ@mail.gmail.com>
In-Reply-To: <CABkgnnXa=i_p4b+3nrw8e+87U4X9Nhnj852DhSp0Ti8XM1-dPQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.20.249.165]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <62C9A9230634CC40B08B73BA24FE98E9@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/zNC9Qj8JHOLgeLypkvfwjubHakY>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Open Security issue: Crypto algorithms
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2015 20:33:38 -0000
> On May 21, 2015, at 11:03 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 21 May 2015 at 09:39, Justin Uberti <juberti@google.com> wrote: >>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > > This would be my preference for a MUST. I looked into the the issue with backwards compat with gateways / servers. It seems that most the stuff I could find claimed Suite B compliance or was based on recent version of openssl - either way, I'm not seeing a problem with making TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MTI. I agree it has advantage for low power stuff. I think the IoT people that want to use the WebRTC data channel would be much happier with no RSA (or to put it a bit more concretely, I doubt they will put both EC and RSA on very small stuff regardless of what our specs require and they seem to be mostly going EC not RSA).
- [rtcweb] Open Security issue: Crypto algorithms Harald Alvestrand
- Re: [rtcweb] Open Security issue: Crypto algorith… Martin Thomson
- Re: [rtcweb] Open Security issue: Crypto algorith… Ted Hardie
- Re: [rtcweb] Open Security issue: Crypto algorith… Martin Thomson
- Re: [rtcweb] Open Security issue: Crypto algorith… Sean Turner
- Re: [rtcweb] Open Security issue: Crypto algorith… Justin Uberti
- Re: [rtcweb] Open Security issue: Crypto algorith… Martin Thomson
- Re: [rtcweb] Open Security issue: Crypto algorith… Cullen Jennings (fluffy)
- Re: [rtcweb] Open Security issue: Crypto algorith… Martin Thomson