Re: [TLS] Ala Carte Cipher suites - was: DSA should die
Brian Smith <brian@briansmith.org> Tue, 07 April 2015 06:09 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 539971B31E6 for <tls@ietfa.amsl.com>; Mon, 6 Apr 2015 23:09:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z2R3KmT3HT8p for <tls@ietfa.amsl.com>; Mon, 6 Apr 2015 23:09:09 -0700 (PDT)
Received: from mail-vn0-f49.google.com (mail-vn0-f49.google.com [209.85.216.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C10871B31E5 for <tls@ietf.org>; Mon, 6 Apr 2015 23:09:08 -0700 (PDT)
Received: by vnbg129 with SMTP id g129so7372756vnb.4 for <tls@ietf.org>; Mon, 06 Apr 2015 23:09:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Jbn1804+2LnBeSXeGHZEctz7tR94WAT0jwn7mURXVI0=; b=jCMH87XNMyT2izrxfNh/gpjsBwGAx5p5fZylYVbgDt0GW5ghIGNRIWPQwL68VcnCDw zQrHsyqd/JZ4uo4BnxhoVZjYWQlZ5c14t0My+32d7M33hRIMYYWjfLNnEhzl7dYxDIEP IQ7Ciut7VeI3BsfxnAYnEKNU8ZEn/p92s9KNdSjs9klYoXzrW9MxG0QA1kXwxTjYh2m9 ems9KSVoCl3vF7Yqyplb/WBqIkTyxyRza0Or55V+n2KcbgqKeVKeqwa7XnKZZF6HkFAj 76KOuxbMqFtg69KZ6+b7D5k74J0N87AtqsYCaa1kwoGH74jMFluyfSKc99NXP55DF/KB a0sw==
X-Gm-Message-State: ALoCoQmzciflVzrlG799rIlNAi2M1Ky09pnIaVoFg3AM8VgAOLeqVdYFghpQTmLGctjYUrLpPsU8
MIME-Version: 1.0
X-Received: by 10.60.82.10 with SMTP id e10mr23366824oey.85.1428386947909; Mon, 06 Apr 2015 23:09:07 -0700 (PDT)
Received: by 10.76.20.146 with HTTP; Mon, 6 Apr 2015 23:09:07 -0700 (PDT)
In-Reply-To: <CAHOTMV+j2VECFme_iizE_9UnPfebSGETnfx0Cwv7BZQ-Oc902w@mail.gmail.com>
References: <20150401201221.163745c2@pc1.fritz.box> <CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com> <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com> <201504021257.09955.davemgarrett@gmail.com> <CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com> <551DE914.4010804@nthpermutation.com> <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com> <54c69c7ac7074ba8a2e71734843bf106@ustx2ex-dag1mb2.msg.corp.akamai.com> <CAHOTMV+j2VECFme_iizE_9UnPfebSGETnfx0Cwv7BZQ-Oc902w@mail.gmail.com>
Date: Mon, 06 Apr 2015 20:09:07 -1000
Message-ID: <CAFewVt4OB1fHEytDnrnWgZfpwoLxTqjNFs1bK2LputxAmz8p+w@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Tony Arcieri <bascule@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/2jyVhQAVRyX-8QGrBDFAt0dnbWY>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2015 06:09:11 -0000
Tony Arcieri <bascule@gmail.com> wrote: > On Sat, Apr 4, 2015 at 4:55 PM, Salz, Rich <rsalz@akamai.com> wrote: >> >> > Please don't change the syntax for negotiating cipher suites. >> >> +1, for the reasons Brian said. > > Looks like the opinion of TLS implementers is this far unanimously against > this proposal. I would like to give the counterpoint from a TLS user > perspective. > > I am more or less in charge of the ciphersuite selection for a large web > site with a lot of users. I find the present means of describing > ciphersuites to TLS stacks to be difficult at best. As myself and many > others have described, we're essentially being asked to compute the > combinatorial explosion of different ciphersuite configurations by hand. As far as I understand, that problem doesn't have much to do with the syntax of cipher suites in the ClientHello, because that problem is about describing to your web server software which cipher suites to enable on the server. > Guess what happens when you do that? People make mistakes. I think the TLS > libraries should have an easier-to-use configuration format that computes > things for me so I don't have to. I understand why TLS implementers are > reluctant to provide that. It's more work for them. But so far none of them > have said why this is qualitatively bad. That can be done already today, without any protocol changes, and without any TLS library changes (at least as far as OpenSSL is concerned). Somebody just needs to write the code to do it. > Seems like a huge win to me. So what's the problem from an implementer > perspective besides "it'd be hard"? The client doesn't always (ever?) want to enable the entire set of (key exchange algorithm * authentication algorithm * encryption algorithm * integrity algorithm) combinations, so a syntax that only allows the client to describe cipher suites by the individual components is too limiting. More generally, an "a la cart" syntax automates the enabling of lots of cipher suites. But, how is enabling lots of cipher suites a good thing? it seems like a bad idea, in general, to me. If we had a need to have clients enable a whole lot more cipher suites, such that the size of the ClientHello would become really large with the current syntax, then that would be a reason to consider a new syntax. But, it seems that when we consider that the old syntax has to be supported for backward compatibility with TLS 1.2 and below, it seems like the set of new cipher suites to enable would have to be quite large before we would enjoy any positive space savings from doing that. Thus, the idea seems counterproductive even considering the area where it would be most likely to help. Finally, there is a lot of value to getting TLS 1.3 done in a reasonable time frame. Cutting unnecessary or counterproductive changes accelerates the schedule while giving us more time to solve more important problems. Cheers, Brian
- Re: [TLS] DSA should die Yoav Nir
- Re: [TLS] DSA should die Dave Garrett
- [TLS] DSA should die Hanno Böck
- Re: [TLS] DSA should die Aaron Zauner
- Re: [TLS] DSA should die David Benjamin
- Re: [TLS] DSA should die Stephen Checkoway
- Re: [TLS] DSA should die Tony Arcieri
- Re: [TLS] DSA should die Bill Frantz
- Re: [TLS] DSA should die Tom Ritter
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Martin Rex
- Re: [TLS] DSA should die Watson Ladd
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die CodesInChaos
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Ilari Liusvaara
- Re: [TLS] DSA should die Joseph Salowey
- Re: [TLS] DSA should die Kurt Roeckx
- Re: [TLS] DSA should die Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Martin Thomson
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Sniffen
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Andrei Popov
- Re: [TLS] Negotiate only symmetric cipher via cip… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Negotiate only symmetric cipher via cip… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Negotiate only symmetric cipher via cip… Dmitry Belyavsky
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir