Re: [TLS] Mail regarding draft-ietf-tls-tls13

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 19 June 2018 17:07 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 576AD13118F for <tls@ietfa.amsl.com>; Tue, 19 Jun 2018 10:07:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jdw8soov4job for <tls@ietfa.amsl.com>; Tue, 19 Jun 2018 10:07:18 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B94EA131185 for <tls@ietf.org>; Tue, 19 Jun 2018 10:07:18 -0700 (PDT)
Received: from [192.168.1.161] (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id DE7387A3309; Tue, 19 Jun 2018 17:07:17 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <BN7PR14MB2356778AD43FDB1ED5F229D591700@BN7PR14MB2356.namprd14.prod.outlook.com>
Date: Tue, 19 Jun 2018 13:07:17 -0400
Cc: TLS WG <tls@ietf.org>
Reply-To: TLS WG <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B3358762-851E-451A-8E05-206FA932DB01@dukhovni.org>
References: <BN7PR14MB23560D791932A8CB164C592D917F0@BN7PR14MB2356.namprd14.prod.outlook.com> <897AC345-0832-4252-9D96-5A030CBEAD25@dukhovni.org> <cc5fe1d8-b065-4f30-8b76-57714aea1949@iongroup.com> <7D370F20-3C5C-4347-9EA3-3F0F61458377@dukhovni.org> <5fdded19-da5c-4d23-a0e3-e4e9e905f7aa@iongroup.com> <085E5CF6-0879-48DE-A8C5-A3C8F5C48F86@akamai.com> <BN7PR14MB2356778AD43FDB1ED5F229D591700@BN7PR14MB2356.namprd14.prod.outlook.com>
To: Ben Personick <ben.personick@iongroup.com>
X-Mailer: Apple Mail (2.3445.8.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0DUslGIT-nXRDySyORs846vhY3c>
Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2018 17:07:21 -0000


> On Jun 19, 2018, at 11:17 AM, Ben Personick <ben.personick@iongroup.com>; wrote:
> 
>   Yes, I meant ECDHE_ECDSA and ECDHE_RSA are both supported in TLS 1.3, I’d been lead to believe that all RSA based ciphers were not supported.
>  
>  Having seem some further responses, it appears it is only the NON ECDHE RSA Based ciphers which are having support dropped in TLS 1.3

I may have been too cryptic.  When I wrote (EC)DHE I meant both DHE and ECDHE.
However, some (early) implementations may only support ECDHE with TLS 1.3.
IIRC, OpenSSL 1.1.1 does not yet support the TLS 1.3 DHE groups.  So
interoperability if you only support DHE may be problematic.

-- 
	Viktor.