Re: [TLS] Require deterministic ECDSA
Watson Ladd <watsonbladd@gmail.com> Mon, 25 January 2016 20:38 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB001A0196 for <tls@ietfa.amsl.com>; Mon, 25 Jan 2016 12:38:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VKzBHNTTha23 for <tls@ietfa.amsl.com>; Mon, 25 Jan 2016 12:38:31 -0800 (PST)
Received: from mail-yk0-x22a.google.com (mail-yk0-x22a.google.com [IPv6:2607:f8b0:4002:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5715E1A0193 for <tls@ietf.org>; Mon, 25 Jan 2016 12:38:31 -0800 (PST)
Received: by mail-yk0-x22a.google.com with SMTP id k129so176591440yke.0 for <tls@ietf.org>; Mon, 25 Jan 2016 12:38:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=0D/sfDT9v3Gjfy6vqRvalfrSF10iVlvIyhay9DdYXmM=; b=AgApdfUH+p/PCpXBeDlBKkeQTj8z5CGvX6mUEPtyOhgj8n74ZH5dmvb6Pjl4ooJtje CVyCWfwsmExHcHWX7/Gq8IXgxLw1L9t4SNwVdze+b1545ti2GjoDytKFCEnCwGTbBfgt BMJslbJvfbME86uV0PG/OBvtoiKlNek8/+uI3gxeNM6xl+5kCQ6UxaxsCI/eHNqarfS7 2Vyvbc5kHkNM0VtF+hdXUhLzcv5LCG5CLD3tTnUm0Iq2+G0b/paAd0DKqHJel8SvHxaU Ic7MAX8NnPM9+rtYFRg0oqjJiJ8Prb3nvkb01uxXOqB269XZa/hM6YSgphEovazecy3u xLNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=0D/sfDT9v3Gjfy6vqRvalfrSF10iVlvIyhay9DdYXmM=; b=MEfUHhv03WTCSpx7dhE4uaNBSgecvlUAT9Ub79jmFAJ4xf/ld7Lh6+3GNXF/NSc3RS K8eckgjmRaMj7JBfTMP7hZjGU5Bq67CrCMhJU0hzATGfU0YQW1AoL+fbjalxStrNbqOQ G27a2U1dF92lv+xCc7cP4f8Ss6XHcPDKaNCWNa2eSxp0Ru6dpvm5X+P/roU30mPNS76B ih9rSJA9FQDa7nPy15YMMWz73OUNfOHfLGTa6w9rtDVl2s9dguVZs6jq5vadeiyB2OCq g8dY/7teCZ3lwfQ01gQxAPW1JT5AgKoQQVsw/rHyAzruFP9tR74lvne7x1B2nsXFDL23 Lf6Q==
X-Gm-Message-State: AG10YORI0MIjfMu7jr4V0BN/wmGJT8KqUNor8vWXjmanRyJ6GM90S4Jdz+gq+YuMnOC9J9508xg/OVZiUC7tig==
MIME-Version: 1.0
X-Received: by 10.129.45.2 with SMTP id t2mr7633554ywt.182.1453754310640; Mon, 25 Jan 2016 12:38:30 -0800 (PST)
Received: by 10.13.216.150 with HTTP; Mon, 25 Jan 2016 12:38:30 -0800 (PST)
In-Reply-To: <b075e5774d104662b4b39c0bca9d9d94@ustx2ex-dag1mb1.msg.corp.akamai.com>
References: <CACaGAp=-xJZN=L3av+DX_WQcki_k=L-_tc5dZnJNtM=M0W8MnQ@mail.gmail.com> <CAGwT64i5v+0xXLzQYFO5JVKs302x6BgZYN+ffYzMVesgbB9biA@mail.gmail.com> <962c1d946dba48bf95d22f0aa5f77c8f@ustx2ex-dag1mb1.msg.corp.akamai.com> <1D8D93F4-7A7C-4875-927E-21E19AB5F942@gmail.com> <CAGwT64ge2RTw2hxzvQTUzYXStSNnb+uS9GcHU0t38VF9Kv+zkQ@mail.gmail.com> <b075e5774d104662b4b39c0bca9d9d94@ustx2ex-dag1mb1.msg.corp.akamai.com>
Date: Mon, 25 Jan 2016 12:38:30 -0800
Message-ID: <CACsn0c=atv-YvrD512MReWudZ-z5z5Pe-9gE3cUQU91jxOp4eA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/4LqisxctFHRuJFraccMZGQ-HSAU>
Cc: Joseph Birr-Pixton <jpixton@gmail.com>, Jacob Maskiewicz <jmaskiew@eng.ucsd.edu>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Require deterministic ECDSA
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 20:38:33 -0000
On Mon, Jan 25, 2016 at 11:25 AM, Salz, Rich <rsalz@akamai.com> wrote: >> is/should, or they're going to have other problems. > > Really? > > Some high-value device that is rarely connected-to? Like a missle? If you can't generate 256 random bits for use as a DH key or a client random, anyone can read the connection if they know what the random number generator actually produced. If you can produce 256 random bits, and the device maker was halfway competent, they should know how to turn 256 random bits into computationally indistinguishable infinite stream of random bits. If your missile maker was not halfway competent at computer security, I can only hope the guidance engineers were of the same caliber. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- "Man is born free, but everywhere he is in chains". --Rousseau.
- [TLS] Require deterministic ECDSA Joseph Birr-Pixton
- Re: [TLS] Require deterministic ECDSA Joseph Birr-Pixton
- Re: [TLS] Require deterministic ECDSA Geoffrey Keating
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Brian Smith
- Re: [TLS] Require deterministic ECDSA Dave Garrett
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Watson Ladd
- Re: [TLS] Require deterministic ECDSA Filippo Valsorda
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- [TLS] Fwd: Re: Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Hubert Kario
- Re: [TLS] Require deterministic ECDSA Jacob Maskiewicz
- Re: [TLS] Require deterministic ECDSA Salz, Rich
- Re: [TLS] Require deterministic ECDSA Adam Langley
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Salz, Rich
- Re: [TLS] Require deterministic ECDSA Daniel Kahn Gillmor
- Re: [TLS] Require deterministic ECDSA Joseph Birr-Pixton
- Re: [TLS] Require deterministic ECDSA Watson Ladd
- Re: [TLS] Require deterministic ECDSA Salz, Rich
- Re: [TLS] Require deterministic ECDSA Jacob Maskiewicz
- Re: [TLS] Require deterministic ECDSA Bill Cox
- Re: [TLS] Require deterministic ECDSA Michael StJohns