IETF Logo Mail Archive

Re: [TLS] Call for consensus to remove anonymous DH

Nico Williams <nico@cryptonector.com> Wed, 16 September 2015 23:23 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 670F91A9062 for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 16:23:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level:
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qDsO2P75_ABS for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 16:23:37 -0700 (PDT)
Received: from homiemail-a64.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 7CFAF1A8AFC for <tls@ietf.org>; Wed, 16 Sep 2015 16:23:36 -0700 (PDT)
Received: from homiemail-a64.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTP id 4016443808B; Wed, 16 Sep 2015 16:23:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=+v925oYDdE05j2 LoQMOhXpp4y6E=; b=y2KHcP3DfX3cKou+z+o0WZGgTGd17QLCa6OKP2s/LCaglC d94YabgNO9rmAEeIAG6vx+isUDbO6lJJMvvYzfqBuvVfuHvm2bGedHZW6O2E+wN/ T9v4nbDCpeNl3byxgQyY7l6hbIrvZ+9Sq3bpsV5+qX19geM1U1+MmD//fs8Ic=
Received: from localhost (108-207-244-100.lightspeed.austtx.sbcglobal.net [108.207.244.100]) (Authenticated sender: nico@cryptonector.com) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTPA id A41AA438080; Wed, 16 Sep 2015 16:23:34 -0700 (PDT)
Date: Wed, 16 Sep 2015 18:23:34 -0500
From: Nico Williams <nico@cryptonector.com>
To: Dave Garrett <davemgarrett@gmail.com>
Message-ID: <20150916232333.GT13294@localhost>
References: <CAOgPGoBT9C=pWebXShqxhbOsnqK+OZe=-n-SvZ_pH-dAtRaWXQ@mail.gmail.com> <CAFewVt64QphK5=WtAZhN8A7uhjmMZ1wc0nLOKvS8sgTRwY_vkg@mail.gmail.com> <20150916225501.GR13294@localhost> <201509161907.32297.davemgarrett@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <201509161907.32297.davemgarrett@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/0puH_H9__qcJjqKyB9xpJB-oJ9k>
Cc: tls@ietf.org
Subject: Re: [TLS] Call for consensus to remove anonymous DH
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 23:23:38 -0000

On Wed, Sep 16, 2015 at 07:07:31PM -0400, Dave Garrett wrote:
> This appears to just be a miscommunication.

It is not.

> The current poll is to remove anon ciphers in favor of raw public
> keys. We're not considering removing raw public keys, as far as I
> know, and I think most of us would be against that.

Once more, with feeling.  I would oppose the current proposal if there
was to be a follow-on proposal to remove raw public keys, which I
wouldn't have even though plausible but for Brian's intimating that he'd
be fine with removing raw public keys.  Otherwise I would be neutral as
to removing anon ciphersuites.

I would also be neutral as to removing raw public keys if anon
ciphersuites are to remain.

Whichever one is removed, I shall oppose the removal of the other.

I.e., these two features are interrelated.  It is difficult to consider
the removal of one without considering the possible removal of the
other.

I leave it at that.

Nico
--

v2.23.0 | Report a Bug | By Email