IETF Logo Mail Archive

Re: [TLS] Call for consensus to remove anonymous DH

Nico Williams <nico@cryptonector.com> Wed, 16 September 2015 22:55 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DB791A6F67 for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 15:55:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level:
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rm3H8RzfvdNI for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 15:55:05 -0700 (PDT)
Received: from homiemail-a85.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 0DEC21A8ACA for <tls@ietf.org>; Wed, 16 Sep 2015 15:55:05 -0700 (PDT)
Received: from homiemail-a85.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a85.g.dreamhost.com (Postfix) with ESMTP id 8C1DCBBA088; Wed, 16 Sep 2015 15:55:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=E0MN4PNj2jXO6z CfDj3cUPWjkbc=; b=Mu4tc/y2saNlABCVk7yjeFaz5t7pk/IBZ7vvAOPshUQ3nO uIsJka6z5qSKX1bimSd59TPCH2qXaGBbk/QFoluidLFGcaJFTXsuVQP0kSINWQVJ WAAoSfwBqWPFNKtDw6yFDpU4qZilymnpl8XCTxsbmDYUbg5QgIbZbnUmOBRO0=
Received: from localhost (108-207-244-100.lightspeed.austtx.sbcglobal.net [108.207.244.100]) (Authenticated sender: nico@cryptonector.com) by homiemail-a85.g.dreamhost.com (Postfix) with ESMTPA id 18E4BBBA076; Wed, 16 Sep 2015 15:55:03 -0700 (PDT)
Date: Wed, 16 Sep 2015 17:55:02 -0500
From: Nico Williams <nico@cryptonector.com>
To: Brian Smith <brian@briansmith.org>
Message-ID: <20150916225501.GR13294@localhost>
References: <CAOgPGoBT9C=pWebXShqxhbOsnqK+OZe=-n-SvZ_pH-dAtRaWXQ@mail.gmail.com> <CAFewVt7_23v18HpzzDy4ew1h66iNTBOSdP+CVBgc9T-4Z3isfA@mail.gmail.com> <20150916210113.GP13294@localhost> <CABcZeBPY6JRnLiqd=-aQQ+8kZGHa3TujSr9+hn1CSt1B_X-r=Q@mail.gmail.com> <CAFewVt64QphK5=WtAZhN8A7uhjmMZ1wc0nLOKvS8sgTRwY_vkg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAFewVt64QphK5=WtAZhN8A7uhjmMZ1wc0nLOKvS8sgTRwY_vkg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/AB3xFQ5k5wPCpTFXBEuwbmHLP3g>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for consensus to remove anonymous DH
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 22:55:07 -0000

On Wed, Sep 16, 2015 at 02:25:52PM -0700, Brian Smith wrote:
> On Wed, Sep 16, 2015 at 2:05 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> > In addition, they are already part of TLS, so the question would be if we
> > have
> > consensus to remove them....
> >
> 
> This thread  is about the removal of DH_anon_*, not about raw public keys.

Yes, but you implied that you might not support keeping raw public keys.

I'm not in favor of removing the anon cipher suites if we also remove
raw public key support.  This is important.  I don't want the cost of
doing anon with TLS to escalate piecemeal.  All cards on the table
please.

Nico
--

v2.23.0 | Report a Bug | By Email