IETF Logo Mail Archive

Re: [TLS] DSA support in TLS 1.3.

"Dang, Quynh" <quynh.dang@nist.gov> Fri, 04 September 2015 10:56 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9800D1B2F1F for <tls@ietfa.amsl.com>; Fri, 4 Sep 2015 03:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.302
X-Spam-Level:
X-Spam-Status: No, score=-1.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mp8bH91i2jkC for <tls@ietfa.amsl.com>; Fri, 4 Sep 2015 03:56:21 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0103.outbound.protection.outlook.com [207.46.100.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBFE21A6F32 for <tls@ietf.org>; Fri, 4 Sep 2015 03:56:20 -0700 (PDT)
Received: from BN1PR09MB124.namprd09.prod.outlook.com (10.255.200.27) by BN1PR09MB121.namprd09.prod.outlook.com (10.255.200.145) with Microsoft SMTP Server (TLS) id 15.1.256.15; Fri, 4 Sep 2015 10:56:19 +0000
Received: from BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) by BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) with mapi id 15.01.0256.013; Fri, 4 Sep 2015 10:56:19 +0000
From: "Dang, Quynh" <quynh.dang@nist.gov>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] DSA support in TLS 1.3.
Thread-Index: AQHQ4cVbMAx36sLx1k+2fYH++EoGO54h0boAgABkLwCAABjvgIAFOuIAgABHdYCAAB83AIAAAhCAgAAIYYCAAAFAgIABj+gAgAKvxdo=
Date: Fri, 04 Sep 2015 10:56:19 +0000
Message-ID: <BN1PR09MB124FF47D9F836DFB70F692FF3570@BN1PR09MB124.namprd09.prod.outlook.com>
References: <BN1PR09MB124C4A9CEF8EAA293190CD8F36E0@BN1PR09MB124.namprd09.prod.outlook.com> <201509011316.43474.davemgarrett@gmail.com> <CAH8yC8=6Kydaeq-m3NZG4wwiR9R4L7sjA_cgZZJALORcnGyidA@mail.gmail.com> <201509011354.05844.davemgarrett@gmail.com> <461fd59027bd4103a0bd935e5f768b3d@ustx2ex-dag1mb2.msg.corp.akamai.com>, <20150902174952.GA10297@LK-Perkele-VII>
In-Reply-To: <20150902174952.GA10297@LK-Perkele-VII>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-originating-ip: [129.6.218.140]
x-microsoft-exchange-diagnostics: 1; BN1PR09MB121; 5:Mw1J0OSOK3uoR9KOb95ubZ9S/jPkf5r/8NXNcZSnBpncNJTD4zkewyOKfrsiAoPvn8u59mdPsU+TsdgQvQ3XNnumntrWsMN4OEY4YJlhA7sg/ldTlJ8kh4mXjgEFSrPF4nmDEK+N2A+4q4vWWsEr7g==; 24:v6JoxDJG1ys6iEoe2YrtFIxxedsHvq3KrqcitYHgVIRTzgm3krXBM9VTNNccSNNl/lKTssZ8fQlOWoA7SBqZhsnnvO5XxwYfDvT9u4+wQVk=; 20:fVv1igCoc3OdjFoHgNOSfbcv9uKyV9eYqohLwiTgNaRsO0MjNuUPOWst+PfueVdBrhoipkc0iEWyj0HUci744w==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB121;
x-microsoft-antispam-prvs: <BN1PR09MB1213F4045B5EF8C1556D91FF3570@BN1PR09MB121.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(8121501046)(3002001); SRVR:BN1PR09MB121; BCL:0; PCL:0; RULEID:; SRVR:BN1PR09MB121;
x-forefront-prvs: 06891E23FB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(377454003)(24454002)(199003)(87936001)(64706001)(74316001)(62966003)(97736004)(66066001)(2900100001)(86362001)(2950100001)(102836002)(76176999)(54356999)(77096005)(77156002)(46102003)(15975445007)(68736005)(101416001)(50986999)(19580405001)(19580395003)(4001540100001)(99286002)(2501003)(5007970100001)(5003600100002)(106356001)(5004730100002)(81156007)(93886004)(5001860100001)(5002640100001)(106116001)(5001830100001)(189998001)(107886002)(105586002)(10400500002)(92566002)(33656002)(40100003)(5001960100002)(76576001)(5001770100001)(122556002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB121; H:BN1PR09MB124.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2015 10:56:19.0237 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB121
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8PCJSXCl2JJ51MBFirXOJKjhteU>
Subject: Re: [TLS] DSA support in TLS 1.3.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2015 10:56:22 -0000

Hi IIari,

>From all of the RFCs about suite B that I have read, DSA has never been a part of it.

RSA can be used for signatures and key wrap/transport.

Quynh. 

________________________________________
From: TLS <tls-bounces@ietf.org> on behalf of Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Sent: Wednesday, September 2, 2015 1:49 PM
To: Salz, Rich
Cc: tls@ietf.org
Subject: Re: [TLS] DSA support in TLS 1.3.

On Tue, Sep 01, 2015 at 05:58:33PM +0000, Salz, Rich wrote:
> There is a third option:  you don't get to use TLS 1.3 until the
> government requirements are updated.
>
> I'm fine with that.

I think they already have, with NSA seemingly saying RSA3k is OK for
up to TOP SECRET (unless I misunderstood).

The same table from NSA that mentions RSA (and the 3k limit) does
not mention DSA (the only other signature algo is ECDSA with
384 limit).


So maybe even US govt. is not using DSA?


-Ilari

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email