Re: [TLS] DSA support in TLS 1.3.
"Dang, Quynh" <quynh.dang@nist.gov> Fri, 04 September 2015 10:56 UTC
Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9800D1B2F1F for <tls@ietfa.amsl.com>; Fri, 4 Sep 2015 03:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.302
X-Spam-Level:
X-Spam-Status: No, score=-1.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mp8bH91i2jkC for <tls@ietfa.amsl.com>; Fri, 4 Sep 2015 03:56:21 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0103.outbound.protection.outlook.com [207.46.100.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBFE21A6F32 for <tls@ietf.org>; Fri, 4 Sep 2015 03:56:20 -0700 (PDT)
Received: from BN1PR09MB124.namprd09.prod.outlook.com (10.255.200.27) by BN1PR09MB121.namprd09.prod.outlook.com (10.255.200.145) with Microsoft SMTP Server (TLS) id 15.1.256.15; Fri, 4 Sep 2015 10:56:19 +0000
Received: from BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) by BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) with mapi id 15.01.0256.013; Fri, 4 Sep 2015 10:56:19 +0000
From: "Dang, Quynh" <quynh.dang@nist.gov>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] DSA support in TLS 1.3.
Thread-Index: AQHQ4cVbMAx36sLx1k+2fYH++EoGO54h0boAgABkLwCAABjvgIAFOuIAgABHdYCAAB83AIAAAhCAgAAIYYCAAAFAgIABj+gAgAKvxdo=
Date: Fri, 04 Sep 2015 10:56:19 +0000
Message-ID: <BN1PR09MB124FF47D9F836DFB70F692FF3570@BN1PR09MB124.namprd09.prod.outlook.com>
References: <BN1PR09MB124C4A9CEF8EAA293190CD8F36E0@BN1PR09MB124.namprd09.prod.outlook.com> <201509011316.43474.davemgarrett@gmail.com> <CAH8yC8=6Kydaeq-m3NZG4wwiR9R4L7sjA_cgZZJALORcnGyidA@mail.gmail.com> <201509011354.05844.davemgarrett@gmail.com> <461fd59027bd4103a0bd935e5f768b3d@ustx2ex-dag1mb2.msg.corp.akamai.com>, <20150902174952.GA10297@LK-Perkele-VII>
In-Reply-To: <20150902174952.GA10297@LK-Perkele-VII>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-originating-ip: [129.6.218.140]
x-microsoft-exchange-diagnostics: 1; BN1PR09MB121; 5:Mw1J0OSOK3uoR9KOb95ubZ9S/jPkf5r/8NXNcZSnBpncNJTD4zkewyOKfrsiAoPvn8u59mdPsU+TsdgQvQ3XNnumntrWsMN4OEY4YJlhA7sg/ldTlJ8kh4mXjgEFSrPF4nmDEK+N2A+4q4vWWsEr7g==; 24:v6JoxDJG1ys6iEoe2YrtFIxxedsHvq3KrqcitYHgVIRTzgm3krXBM9VTNNccSNNl/lKTssZ8fQlOWoA7SBqZhsnnvO5XxwYfDvT9u4+wQVk=; 20:fVv1igCoc3OdjFoHgNOSfbcv9uKyV9eYqohLwiTgNaRsO0MjNuUPOWst+PfueVdBrhoipkc0iEWyj0HUci744w==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB121;
x-microsoft-antispam-prvs: <BN1PR09MB1213F4045B5EF8C1556D91FF3570@BN1PR09MB121.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(8121501046)(3002001); SRVR:BN1PR09MB121; BCL:0; PCL:0; RULEID:; SRVR:BN1PR09MB121;
x-forefront-prvs: 06891E23FB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(377454003)(24454002)(199003)(87936001)(64706001)(74316001)(62966003)(97736004)(66066001)(2900100001)(86362001)(2950100001)(102836002)(76176999)(54356999)(77096005)(77156002)(46102003)(15975445007)(68736005)(101416001)(50986999)(19580405001)(19580395003)(4001540100001)(99286002)(2501003)(5007970100001)(5003600100002)(106356001)(5004730100002)(81156007)(93886004)(5001860100001)(5002640100001)(106116001)(5001830100001)(189998001)(107886002)(105586002)(10400500002)(92566002)(33656002)(40100003)(5001960100002)(76576001)(5001770100001)(122556002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB121; H:BN1PR09MB124.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2015 10:56:19.0237 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB121
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8PCJSXCl2JJ51MBFirXOJKjhteU>
Subject: Re: [TLS] DSA support in TLS 1.3.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2015 10:56:22 -0000
Hi IIari, >From all of the RFCs about suite B that I have read, DSA has never been a part of it. RSA can be used for signatures and key wrap/transport. Quynh. ________________________________________ From: TLS <tls-bounces@ietf.org> on behalf of Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Sent: Wednesday, September 2, 2015 1:49 PM To: Salz, Rich Cc: tls@ietf.org Subject: Re: [TLS] DSA support in TLS 1.3. On Tue, Sep 01, 2015 at 05:58:33PM +0000, Salz, Rich wrote: > There is a third option: you don't get to use TLS 1.3 until the > government requirements are updated. > > I'm fine with that. I think they already have, with NSA seemingly saying RSA3k is OK for up to TOP SECRET (unless I misunderstood). The same table from NSA that mentions RSA (and the 3k limit) does not mention DSA (the only other signature algo is ECDSA with 384 limit). So maybe even US govt. is not using DSA? -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] DSA support in TLS 1.3. Ilari Liusvaara
- [TLS] DSA support in TLS 1.3. Dang, Quynh
- Re: [TLS] DSA support in TLS 1.3. Sean Turner
- Re: [TLS] DSA support in TLS 1.3. Hanno Böck
- Re: [TLS] DSA support in TLS 1.3. Tony Arcieri
- Re: [TLS] DSA support in TLS 1.3. Viktor Dukhovni
- Re: [TLS] DSA support in TLS 1.3. Dave Garrett
- Re: [TLS] DSA support in TLS 1.3. Tony Arcieri
- Re: [TLS] DSA support in TLS 1.3. Jacob Appelbaum
- Re: [TLS] DSA support in TLS 1.3. Dave Garrett
- Re: [TLS] DSA support in TLS 1.3. Jeffrey Walton
- Re: [TLS] DSA support in TLS 1.3. Geoffrey Keating
- Re: [TLS] DSA support in TLS 1.3. Ronald del Rosario
- Re: [TLS] DSA support in TLS 1.3. Dang, Quynh
- Re: [TLS] DSA support in TLS 1.3. Hanno Böck
- Re: [TLS] DSA support in TLS 1.3. Dave Garrett
- Re: [TLS] DSA support in TLS 1.3. Robert Relyea
- Re: [TLS] DSA support in TLS 1.3. Hubert Kario
- Re: [TLS] DSA support in TLS 1.3. Jeffrey Walton
- Re: [TLS] DSA support in TLS 1.3. Dave Garrett
- Re: [TLS] DSA support in TLS 1.3. Jeffrey Walton
- Re: [TLS] DSA support in TLS 1.3. Dave Garrett
- Re: [TLS] DSA support in TLS 1.3. Salz, Rich
- Re: [TLS] DSA support in TLS 1.3. Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] DSA support in TLS 1.3. Tony Arcieri
- Re: [TLS] DSA support in TLS 1.3. Jeffrey Walton
- Re: [TLS] DSA support in TLS 1.3. Dave Garrett
- Re: [TLS] DSA support in TLS 1.3. Watson Ladd
- Re: [TLS] DSA support in TLS 1.3. Blumenthal, Uri -- 0553 -- MITLL
- Re: [TLS] DSA support in TLS 1.3. Tony Arcieri
- Re: [TLS] DSA support in TLS 1.3. Blumenthal, Uri -- 0553 -- MITLL
- Re: [TLS] DSA support in TLS 1.3. Tony Arcieri
- Re: [TLS] DSA support in TLS 1.3. Jeffrey Walton
- Re: [TLS] DSA support in TLS 1.3. Tony Arcieri
- Re: [TLS] DSA support in TLS 1.3. Ilari Liusvaara
- Re: [TLS] DSA support in TLS 1.3. Dang, Quynh