Re: [TLS] Mail regarding draft-ietf-tls-tls13

Viktor Dukhovni <> Mon, 18 June 2018 16:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BCCE3130DF6 for <>; Mon, 18 Jun 2018 09:32:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nFfRIMPyOZgE for <>; Mon, 18 Jun 2018 09:32:56 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 34F90130DE0 for <>; Mon, 18 Jun 2018 09:32:56 -0700 (PDT)
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id C3F517A330D; Mon, 18 Jun 2018 16:32:54 +0000 (UTC) (envelope-from
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
From: Viktor Dukhovni <>
In-Reply-To: <>
Date: Mon, 18 Jun 2018 12:32:54 -0400
Cc: TLS WG <>
Reply-To: TLS WG <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <>
To: Ben Personick <>
X-Mailer: Apple Mail (2.3445.8.2)
Archived-At: <>
Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Jun 2018 16:32:59 -0000

> On Jun 18, 2018, at 9:10 AM, Ben Personick <> wrote:
> There is a common thread circulating, that all support for RSA Certificates/Ciphers are dropped in TLS 1.3.

This is not the case.

> As I wrote in the last email, I am aware we can implemenet ECC certs and ciphers in TLS 1.2, along side RSA certs/ciphers, however there is a consistent fear of breaking what already works by moving onto offering both an ECC and RSA certificate and corrosponding ciphers.

You should at least support verifying ECDSA certificates on the client
side, some servers your client software might connect to may have only
ECDSA certificates.  On the server side you can continue to use RSA
certificates if you wish.  While ECDSA is faster on the server, there
are still some clients (perhaps yours among them) that only support RSA,
and so you'd need to have both RSA and ECDSA certificates, which is
operationally a bit more challenging.