Re: [TLS] Call for consensus to remove anonymous DH
Nico Williams <nico@cryptonector.com> Wed, 16 September 2015 22:55 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DB791A6F67 for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 15:55:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level:
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rm3H8RzfvdNI for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 15:55:05 -0700 (PDT)
Received: from homiemail-a85.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 0DEC21A8ACA for <tls@ietf.org>; Wed, 16 Sep 2015 15:55:05 -0700 (PDT)
Received: from homiemail-a85.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a85.g.dreamhost.com (Postfix) with ESMTP id 8C1DCBBA088; Wed, 16 Sep 2015 15:55:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=E0MN4PNj2jXO6z CfDj3cUPWjkbc=; b=Mu4tc/y2saNlABCVk7yjeFaz5t7pk/IBZ7vvAOPshUQ3nO uIsJka6z5qSKX1bimSd59TPCH2qXaGBbk/QFoluidLFGcaJFTXsuVQP0kSINWQVJ WAAoSfwBqWPFNKtDw6yFDpU4qZilymnpl8XCTxsbmDYUbg5QgIbZbnUmOBRO0=
Received: from localhost (108-207-244-100.lightspeed.austtx.sbcglobal.net [108.207.244.100]) (Authenticated sender: nico@cryptonector.com) by homiemail-a85.g.dreamhost.com (Postfix) with ESMTPA id 18E4BBBA076; Wed, 16 Sep 2015 15:55:03 -0700 (PDT)
Date: Wed, 16 Sep 2015 17:55:02 -0500
From: Nico Williams <nico@cryptonector.com>
To: Brian Smith <brian@briansmith.org>
Message-ID: <20150916225501.GR13294@localhost>
References: <CAOgPGoBT9C=pWebXShqxhbOsnqK+OZe=-n-SvZ_pH-dAtRaWXQ@mail.gmail.com> <CAFewVt7_23v18HpzzDy4ew1h66iNTBOSdP+CVBgc9T-4Z3isfA@mail.gmail.com> <20150916210113.GP13294@localhost> <CABcZeBPY6JRnLiqd=-aQQ+8kZGHa3TujSr9+hn1CSt1B_X-r=Q@mail.gmail.com> <CAFewVt64QphK5=WtAZhN8A7uhjmMZ1wc0nLOKvS8sgTRwY_vkg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAFewVt64QphK5=WtAZhN8A7uhjmMZ1wc0nLOKvS8sgTRwY_vkg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/AB3xFQ5k5wPCpTFXBEuwbmHLP3g>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for consensus to remove anonymous DH
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 22:55:07 -0000
On Wed, Sep 16, 2015 at 02:25:52PM -0700, Brian Smith wrote: > On Wed, Sep 16, 2015 at 2:05 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > > In addition, they are already part of TLS, so the question would be if we > > have > > consensus to remove them.... > > > > This thread is about the removal of DH_anon_*, not about raw public keys. Yes, but you implied that you might not support keeping raw public keys. I'm not in favor of removing the anon cipher suites if we also remove raw public key support. This is important. I don't want the cost of doing anon with TLS to escalate piecemeal. All cards on the table please. Nico --
- [TLS] Call for consensus to remove anonymous DH Joseph Salowey
- Re: [TLS] Call for consensus to remove anonymous … Tony Arcieri
- Re: [TLS] Call for consensus to remove anonymous … Tom Ritter
- Re: [TLS] Call for consensus to remove anonymous … Dave Garrett
- Re: [TLS] Call for consensus to remove anonymous … Nikos Mavrogiannopoulos
- Re: [TLS] Call for consensus to remove anonymous … Aaron Zauner
- Re: [TLS] Call for consensus to remove anonymous … Martin Thomson
- Re: [TLS] Call for consensus to remove anonymous … Russ Housley
- Re: [TLS] Call for consensus to remove anonymous … Andrei Popov
- Re: [TLS] Call for consensus to remove anonymous … Eric Rescorla
- Re: [TLS] Call for consensus to remove anonymous … Salz, Rich
- Re: [TLS] Call for consensus to remove anonymous … Nico Williams
- Re: [TLS] Call for consensus to remove anonymous … Brian Smith
- Re: [TLS] Call for consensus to remove anonymous … Nico Williams
- Re: [TLS] Call for consensus to remove anonymous … Eric Rescorla
- Re: [TLS] Call for consensus to remove anonymous … Tony Arcieri
- Re: [TLS] Call for consensus to remove anonymous … Nico Williams
- Re: [TLS] Call for consensus to remove anonymous … Brian Smith
- Re: [TLS] Call for consensus to remove anonymous … Eric Rescorla
- Re: [TLS] Call for consensus to remove anonymous … Eric Rescorla
- Re: [TLS] Call for consensus to remove anonymous … Nico Williams
- Re: [TLS] Call for consensus to remove anonymous … Dave Garrett
- Re: [TLS] Call for consensus to remove anonymous … Eric Rescorla
- Re: [TLS] Call for consensus to remove anonymous … Nico Williams
- Re: [TLS] Call for consensus to remove anonymous … Dave Garrett
- Re: [TLS] Call for consensus to remove anonymous … Viktor Dukhovni
- Re: [TLS] Call for consensus to remove anonymous … Daniel Kahn Gillmor
- Re: [TLS] Call for consensus to remove anonymous … Viktor Dukhovni
- Re: [TLS] Call for consensus to remove anonymous … Daniel Kahn Gillmor
- Re: [TLS] Call for consensus to remove anonymous … Eric Rescorla
- Re: [TLS] Call for consensus to remove anonymous … Bill Frantz
- Re: [TLS] Call for consensus to remove anonymous … Nico Williams