Re: [TLS] I-D Action: draft-ietf-tls-deprecate-obsolete-kex-03.txt
Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 22 September 2023 06:08 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0413C14CE38 for <tls@ietfa.amsl.com>; Thu, 21 Sep 2023 23:08:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.609
X-Spam-Level:
X-Spam-Status: No, score=-2.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MxO_et8WcDcL for <tls@ietfa.amsl.com>; Thu, 21 Sep 2023 23:08:24 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9394C14CF1C for <tls@ietf.org>; Thu, 21 Sep 2023 23:08:23 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2171.outbound.protection.outlook.com [104.47.71.171]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-6-jw8trnzqOsOD4v8tbe1Pqg-1; Fri, 22 Sep 2023 16:08:19 +1000
X-MC-Unique: jw8trnzqOsOD4v8tbe1Pqg-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SY7PR01MB9026.ausprd01.prod.outlook.com (2603:10c6:10:21d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.23; Fri, 22 Sep 2023 06:08:18 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::51fd:5fb3:4580:447d]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::51fd:5fb3:4580:447d%5]) with mapi id 15.20.6813.017; Fri, 22 Sep 2023 06:08:17 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Thomas Fossati <thomas.fossati@linaro.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] I-D Action: draft-ietf-tls-deprecate-obsolete-kex-03.txt
Thread-Index: AQHZ7GTHb2GmaIwfs0SR7mA0VH0CcbAlY3aAgAD59+8=
Date: Fri, 22 Sep 2023 06:08:17 +0000
Message-ID: <SY4PR01MB62516C1C9ACF8DFF8E22DCCAEEFFA@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <169528449088.13369.15448586382120882786@ietfa.amsl.com> <CA+1=6yeGfdLbAYPuvGthJE2YFdcTUNdnYVg+NJrmpeSE1UK_Qg@mail.gmail.com>
In-Reply-To: <CA+1=6yeGfdLbAYPuvGthJE2YFdcTUNdnYVg+NJrmpeSE1UK_Qg@mail.gmail.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SY4PR01MB6251:EE_|SY7PR01MB9026:EE_
x-ms-office365-filtering-correlation-id: 132d92ac-841c-454d-7c22-08dbbb3250a3
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: 1MTsWRC5H1jEps6SI98Zq92iShLny42NgG5Arai1ps1531EOn1O+6agAO5krP2IN5OFN1wU7SI5CfU4PdXlhS26Ju8fzZso6lDA+tlyhwV5zKXbzTply8JJ5YUlsLoHSeuP85aYZLuQkrIUQyW/fbxrRSJnOYj8UplHachHvf/xNKRH351asJprPhlpbGsDRoK7sbwOhFwvIXpA0YfPnHC3amrTjHYotI06vl7e9pik1cBRHdSerghfPwoXXfYaN2g9LkGCQ/63wZrVEd6KGIyEGpBZNIYOZwcwu4+shrVfpFq8rnB08CU22IZ9BZNRpCpJB2euoGuIHHg/td+Z+S/qdU9IorwgYfRSyqiIX6dYe7g8VnDoT4v0RSH2wb/HCSSj/ZTFqDuOk894rbxdFfs5tjPgpBlCJW+3zbsUsqozKPYVfyg7+3+w8AvnNH4IYIto/2VGGCWGeiJ80MP4Av7nUhhMcgGpB4+Vp3Dt0vOJ00OI5K0yAMuccmk+LomOwS0Ht4/OfoiifTRRpEmWnloZzJltGaP2QiAMnuGYFgbvlDQUGlitybOLvXdfXFY3/14sAXwFYXLwrwzklj/Agx//sjq0bYhxEXW9fcYgTLRIdiRka5+aLFuIc9X+PfUDI
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(376002)(346002)(136003)(366004)(39860400002)(451199024)(1800799009)(186009)(76116006)(64756008)(66476007)(66946007)(786003)(316002)(41300700001)(66446008)(71200400001)(478600001)(7696005)(66556008)(110136005)(9686003)(86362001)(6506007)(26005)(8936002)(8676002)(5660300002)(33656002)(52536014)(55016003)(4744005)(2906002)(66899024)(38100700002)(122000001)(38070700005); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IvrtrZP9hav5BZkSMqVVeH8JoW1/HD5O6F4tUmjhGJmDmEXH7Ik2zI+w/tbiV7fRIHiyvR2B9rhhYGLwPBQdDcwh9WhNfyFackHDyXGOHIo4fwYmKl6ICptqPSHcNPG1zBhbRH4ZphMya0UFw+ZLlZv4FQlNEH0WdWLPdoPM/qlyEsZUkXuUPdaC2evJmBkXZNeT2yPH1EnR8A9q1nkByC+4uPEwLHRA7KXs5VZqxXyGUqwb+8PpUE6wu+1oIVM/VATtxtRrYSliXyxHdV03iizUzvAzgdzxtQuzyGdpBXadClNArKfFBjIWAhfUNGN3E/LLGozIxVwVLC8OqgFcY6mBov3G1wEboikpAVnABM58fvnkhYAx7RyGnGD4QyCbXwMEBFClayIi8/a9XaopTqWbmyBZOdURUCell6RB2iyZLkAPbxqxaTnY48Ao68JDKtE/7CEREZFJJoGvbQQP94D7m103rBjh5rFe3gD8iojlO6ysy98iQE4VibFiQDDyltnG5zBrm8xE+m8dugxBEW3gdYLXQioXY7fGgslNBs28ZrjOePt+c2PG/NfRBMpzqTgMuSlPbGh+TNvlHrU5t2zejEcdZ1iwEiQQ/KRFPK9dxF8dyXGNU6wD6BwjQK1Sk8e3BqPngflfLQQki6aHgGIMMBjkWRf0YNtShx2K1+oE8ov61ItbbdutfdM3mUMn20huP+/OH+LQ27nhe2ff70REUfVSwRAtEhx3yxnl8GPq/bNW7JAA0xc1GH9OYKtquAKHrBYEFzldGGFIF/z6qi5UYiP5HSZJr/lWfDIkQdJ6Pad4INfhZfiASKQ6lc4bInCXgkWTBBZ7yXzZoxVF2pHHOjK9JewP9qZDcTOe5JhwOHOAB6sUw98RVysPDFnhGNZp+1UHGxM5JI+WciIYFVKSVOHcmOkFcXZBrqF3z6QvdwDIfuU3X/cXoYe0klw60jobeo1WaniDhcn4pSFEkmbxWtdxz3YHfO5qPZGCU7BkXvlCtbsWw70CyumPiC7dyFI+JrVRwNmU+2agsJdIhn1RHckmjibyNnadEptQYbte7mBjPHkl7mrZh2xGgFFEVtmaTuU0IMsHXsrH5nEfG6fdHV372I895ZH/X0UPFl5OPM0odGOIQk7ptEw2xgl3oCZ9k10vVIdK7Jj1OqwAZ8xXCqP6Hg+naQhWKj6jiHTzlA0gD8q7xWp0A5Tnz7at20Z5xxitNFDsSiL4koQH35wzaMmHBqINyHRv94WCXD896V3QLh0UrntOUvs4NqCtzJM1yib9gWVpY5ygR3is2ljL4981uNWMMCe5CmNmRkLmyQNyOjLpMHa8kMxdzA3RdOWPFxruk1t0+OYmXhwJAeCk9iVVrPebyySs23MWRFwW62e9q7X+AGLLOERd+uxdn5/ETd7jHKPf6PBUIlnzhi4vNKX+BibZpyI5bI3wOQI45SnJ9V2ckd+0/Pph/Z2qYdEdTvaoFmUuUbnmIp9jsNCxVPmDGAsNwdjGtIun6tdcPpSOrwjogIqsB/GPGuwBzywzUjAcAmQb0N3vLqgF/+oCax3EWSs0KNHadIsG5RuRJ5zzqjcHA6KHhrfn/54X
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 132d92ac-841c-454d-7c22-08dbbb3250a3
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2023 06:08:17.8199 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 10w462LKiKIQvv/wtiLjWaApIJsTcZCfnEIR5c4XxjoCV6HSx8tuIP4ECDw+mtGEZ0k0h96w1qwK5fNPDMhRPaC9nrAeWdMR4bQ4FUT4TU0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY7PR01MB9026
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3X2pkdGfNpcIg_HqrFW7HPzNrUY>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-deprecate-obsolete-kex-03.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Sep 2023 06:08:25 -0000
This draft still has the same problem that's been pointed out previously: Clients MUST NOT offer and servers MUST NOT select FFDHE cipher suites in TLS 1.2 connections. What this means is that if the implementation doesn't support ECC, as some do, then it's in effect saying: Clients and servers MUST use RSA cipher suites. Some people may actually read a bit further and see the MUST NOT RSA, but that's just as non-useful because now it's saying you can't do TLS at all. So it needs to say: Unless ECC suites are not available, [Clients MUST NOT ...]. Or just something that doesn't end up being MUST RSA as it's currently being interpreted. I'd also go further and say that since FFDHE is allowed in TLS 1.3 it's also safe with EMS or LTS in effect, so it should really be: Clients and servers that do not support TLS-EMS or TLS-LTS MUST NOT offer and servers MUST NOT select FFDHE cipher suites in TLS 1.2 connections. Peter.
- [TLS] I-D Action: draft-ietf-tls-deprecate-obsole… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-deprecate-ob… Thomas Fossati
- Re: [TLS] I-D Action: draft-ietf-tls-deprecate-ob… Thomas Fossati
- Re: [TLS] I-D Action: draft-ietf-tls-deprecate-ob… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-deprecate-ob… Nimrod Aviram
- Re: [TLS] I-D Action: draft-ietf-tls-deprecate-ob… Hubert Kario