Re: [TLS] DSA should die
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Thu, 02 April 2015 17:48 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C9B01B2DA3 for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 10:48:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Crt0WgfNu9iZ for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 10:48:29 -0700 (PDT)
Received: from emh03.mail.saunalahti.fi (emh03.mail.saunalahti.fi [62.142.5.109]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D726A1B2DA2 for <tls@ietf.org>; Thu, 2 Apr 2015 10:48:28 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh03.mail.saunalahti.fi (Postfix) with ESMTP id 68023188780; Thu, 2 Apr 2015 20:48:26 +0300 (EEST)
Date: Thu, 02 Apr 2015 20:48:26 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Nico Williams <nico@cryptonector.com>
Message-ID: <20150402174826.GA7414@LK-Perkele-VII>
References: <20150401201221.163745c2@pc1.fritz.box> <20150402002646.GR17637@mournblade.imrryr.org> <551C9008.5030605@cs.tcd.ie> <201504012115.09048.davemgarrett@gmail.com> <CAK3OfOhazGCtR7nmSz7szyN2GDAOnU9RJ=YDxHHbwuSZpe7c9Q@mail.gmail.com> <CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com> <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/A_2n0HYWkJ-oflDSFY_Kv1NtUeg>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 17:48:31 -0000
On Thu, Apr 02, 2015 at 11:45:35AM -0500, Nico Williams wrote: > On Thu, Apr 2, 2015 at 2:39 AM, CodesInChaos <codesinchaos@gmail.com> wrote: > > Nico Williams nico@cryptonector.com wrote: > >> Yes, we could patch in a-la-carte ciphersuite negotiation by having > >> non-functional ciphersuites that wild-card all but the one kind of > >> thing. You offer those. A matching functional ciphersuite gets > >> selected. Done. > >> > >> TLS_*_*_WITH_AES_GCM_* > >> TLS_*_*_WITH_*_*_SHA384 > >> TLS_ECDHE_*_WITH_*_*_* > >> ... > > > > I think full a-la-carte is too complex. But I'm for negotiating the > > handshake and symmetric crypto separately. They're already very > > loosely coupled and most proposals that introduce/obsolete > > ciphersuites are only interested in one of the two sides, with the > > other being only an afterthought. > > That would be a huge improvement over what we have now. I say if one splits symmetric/asymmetric, then the hash should go to the asymmetric part, since it is used there. And furthermore, since there are group and cert type negotiation mechanism already can do unified DH/w certs. So (with some added in): TLS13_A_DH_CERT_SHA256 TLS13_A_DH_CERT_SHA384 TLS13_S_AES_128_GCM TLS13_S_AES_256_GCM TLS13_S_ARIA_128_GCM TLS13_S_ARIA_256_GCM TLS13_S_CAMELLIA_128_GCM TLS13_S_CAMELLIA_256_GCM TLS13_S_AES_128_CCM TLS13_S_AES_256_CCM TLS13_S_AES_128_CCM8 TLS13_S_AES_256_CCM8 TLS13_S_CHACHA20_POLY1305 (I included a cipher if it had an existing codepoint or was in wide use and was TLS 1.3 compatible). I'm on fence about splitting hash out: TLS13_A_DH_CERT TLS13_H_SHA256 TLS13_H_SHA384 TLS13_S_* As it seems to me that symmetric algorithm, key exchange and hash to use are relatively independent concerns (I know gnutls has internal mapping table that breaks ciphersuites to internal component parts). Regarding ServerHello parts of this, the ServerHello could be redesigned, except for the version field, which is convinently the first. So one could put two or three ciphersuite fields, one for each type there. If one wanted to add anonDH and PSK: TLS13_A_DH_ANON TLS13_A_DH_PSK TLS13_A_PSK Giving 17 ciphers that span cartesian space of 88 cipher- suites. -Ilari
- Re: [TLS] DSA should die Yoav Nir
- Re: [TLS] DSA should die Dave Garrett
- [TLS] DSA should die Hanno Böck
- Re: [TLS] DSA should die Aaron Zauner
- Re: [TLS] DSA should die David Benjamin
- Re: [TLS] DSA should die Stephen Checkoway
- Re: [TLS] DSA should die Tony Arcieri
- Re: [TLS] DSA should die Bill Frantz
- Re: [TLS] DSA should die Tom Ritter
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Martin Rex
- Re: [TLS] DSA should die Watson Ladd
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die CodesInChaos
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Ilari Liusvaara
- Re: [TLS] DSA should die Joseph Salowey
- Re: [TLS] DSA should die Kurt Roeckx
- Re: [TLS] DSA should die Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Martin Thomson
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Sniffen
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Andrei Popov
- Re: [TLS] Negotiate only symmetric cipher via cip… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Negotiate only symmetric cipher via cip… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Negotiate only symmetric cipher via cip… Dmitry Belyavsky
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir