Re: [TLS] Ala Carte Cipher suites - was: DSA should die

Aaron Zauner <azet@azet.org> Sat, 04 April 2015 04:52 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF8321A89EF for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 21:52:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_52=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PkGB9s0guaRj for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 21:52:57 -0700 (PDT)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53E991A01EC for <tls@ietf.org>; Fri, 3 Apr 2015 21:52:57 -0700 (PDT)
Received: by wixm2 with SMTP id m2so82556229wix.0 for <tls@ietf.org>; Fri, 03 Apr 2015 21:52:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=nqMIG6IOET3Ac6ufjxzBuHV0GkN1NhN//2GNJ6Mtnbc=; b=jHj8eo+Yp3oZxrqi3EWeHWGNfIko9RuN3j76l3xooJiw+sJW5wDYxidZrWXRErekbD AJFKxlCZ/KkndWc6vVGI0yQ9ocHvim3/gYTZkHibPs6O0OjOqhcUkDeOj5XZuwSHA5U4 p8XqXrvYd5zK8yT875UYAEnTW/rfNR5vzmnj1uTJqIZ9cA27T7xOtFMf7WlSgHJUTp4k TkXk0DiajXi2BaNO64LiZyeObmphIj8F/kwBmq0AGSOfw41kH2OyKU0iF2a5mAhBHl58 Gfk+ALF/nfymCoL1md7ZSXiKB0xsTgfowGkoO9phd3NcdBy4CfnKOXO/h5/k5W4Hdmw/ POoA==
X-Gm-Message-State: ALoCoQl615AXzGq6HpzhzHyqj8RrNknPiwamrK0AolyiQS/rkiDhKqZXsbTu/xWppXLSPyaFo1c4
X-Received: by 10.194.201.164 with SMTP id kb4mr10764215wjc.32.1428123176025; Fri, 03 Apr 2015 21:52:56 -0700 (PDT)
Received: from [10.0.0.142] (chello080108032135.14.11.univie.teleweb.at. [80.108.32.135]) by mx.google.com with ESMTPSA id xy2sm14100793wjc.14.2015.04.03.21.52.54 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 03 Apr 2015 21:52:54 -0700 (PDT)
Message-ID: <551F6E22.1040207@azet.org>
Date: Sat, 04 Apr 2015 06:52:50 +0200
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Dave Garrett <davemgarrett@gmail.com>
References: <20150401201221.163745c2@pc1.fritz.box> <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com> <CAHOTMVLohRLPw=WwmEhqVrE91+F_nuM9Z9w0=NtzypN1J0xKoA@mail.gmail.com> <201504032121.07726.davemgarrett@gmail.com>
In-Reply-To: <201504032121.07726.davemgarrett@gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig6BCE258E0BB68E0F05356AB0"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/0MxDpVASb3F5v9kqeg-mvfXAB0U>
Cc: tls@ietf.org
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2015 04:52:58 -0000

Hi,

Dave Garrett wrote:
> (by the way, do we really want plain PSK?)

Added the PSK ciphersuites after lengthy discussion with nikos and peter
gutmann, they assure me it's of importance to the embedded world.


> Just splitting it into only two parts would avoid the risk of support holes you'd get with the full a la carte route.
> 
> There's plenty of space in the registry to keep adding piles and piles of variations for each suite, but I have seen actual instances where a server and client actually do support the same handshake and connection ciphers in TLS 1.2, but don't negotiate it because the specific combination isn't listed. The current system does lead to some support holes as-is.
> 

I actually really like the idea. But there're a couple of open questions
to that; What happens to existing ciphersuites? And given we switch to a
model of asymmetric and symmetric ciphersuites: (how) do we document all
the implicit ciphersuites that are defined once a new symmetric or
asymmetric algorithm is defined?

Aaron