[TLS] Remove signature algorithm from the cipher suite

Kyle Rose <krose@krose.org> Wed, 22 July 2015 14:30 UTC

Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F8161B2B39 for <tls@ietfa.amsl.com>; Wed, 22 Jul 2015 07:30:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ugo-Y4X3p6CI for <tls@ietfa.amsl.com>; Wed, 22 Jul 2015 07:30:25 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D0801A802A for <tls@ietf.org>; Wed, 22 Jul 2015 07:30:25 -0700 (PDT)
Received: by wibxm9 with SMTP id xm9so105405680wib.1 for <tls@ietf.org>; Wed, 22 Jul 2015 07:30:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:date:message-id:subject:from:to:content-type; bh=dkag3yTxcYhOPoiuDTaXQ9Iged9G8g3OlmS7AU+UQqk=; b=dDZ1w/Mj2OsS7dzIBI5svy5I8sH3epM2clL2cXlugdBQpXST2nvHDh2gLuExBR+WPO rjCG+7xBSBG+CKOXROgqZKFmsjY4HyqztVckK8MunLQBBp55HSAtF9Pb8hDRuuoQnovm mboHBhBa5O+qu4EKNTzSCQuT46VHYH7bIDkPo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=dkag3yTxcYhOPoiuDTaXQ9Iged9G8g3OlmS7AU+UQqk=; b=Qe+GWUDvglj9azfa6VwcauGcDqWBv5aSh5iuUL3iWa4pvlfvOxnMy3uRzbwtFXgbFc kVqZPouHtEwrKISEEj9RFf4xcgUCqmg+HPOvnFETBnvjSxPOA6B+ZtYtPlt4sUg/r7jY idlKld7eNzQZQiITUJWHHPgTg0XcMtrPICM7Lx2W9YwMNVXZZvJ8/O3OR2CEcSCiNHPH U2AWpkMWTutm+GAhEpDNqmczSFdwV/5XiVHiB8mDdIOE1menXdqr8rcULrcoGiGIk68v utBqnTZcjHdspWTA6Melt2MMOc5ogPrKSY6WvlWKzGjn+lAfQ6O47JIlvytKimmE88WI Mhjg==
X-Gm-Message-State: ALoCoQlrzzFjlNpv9Q5GEl67iBXM13w0WjPHWMkkROGqIrrPra1u6vPzSm2KrxZb9UG5iyfd6TAR
MIME-Version: 1.0
X-Received: by 10.194.185.8 with SMTP id ey8mr5750375wjc.118.1437575424107; Wed, 22 Jul 2015 07:30:24 -0700 (PDT)
Received: by 10.28.88.66 with HTTP; Wed, 22 Jul 2015 07:30:24 -0700 (PDT)
X-Originating-IP: [31.30.2.53]
Date: Wed, 22 Jul 2015 10:30:24 -0400
Message-ID: <CAJU8_nXOTBTX+zLBH6a=dr2oxWUn_Wf9p13WHZiQt=38js2ijg@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/3cFC2ZjeU2VL-puO5IoHX89NM2E>
Subject: [TLS] Remove signature algorithm from the cipher suite
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 14:30:27 -0000

How about removing the RSA/ECDSA from the cipher suite, and making the
SigAlgs extension mandatory for connections requiring authentication?
That halves the number of cipher suites and eliminates an unnecessary
redundancy, while keeping the rest of the cipher suite negotiation
logic intact.

Kyle