IETF Logo Mail Archive

Re: [TLS] Fresh results

David Benjamin <davidben@chromium.org> Fri, 04 December 2015 19:38 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC1F01B32D1 for <tls@ietfa.amsl.com>; Fri, 4 Dec 2015 11:38:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.912
X-Spam-Level:
X-Spam-Status: No, score=0.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MANGLED_BACK=2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcwUCHxnf069 for <tls@ietfa.amsl.com>; Fri, 4 Dec 2015 11:38:52 -0800 (PST)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 557441B32D5 for <tls@ietf.org>; Fri, 4 Dec 2015 11:38:52 -0800 (PST)
Received: by igcmv3 with SMTP id mv3so42964732igc.0 for <tls@ietf.org>; Fri, 04 Dec 2015 11:38:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=8r8yLE6DzGlSBhNWKaor+RO8P/XNYWrDlzc1yxZvJ8U=; b=fBHvYhYUKTJ+KaAgg89eaJbWrfjDVKfi5mOLGKJtOzi8OzBMwjHXyzF1GkSOg5IWry j5OpMKWkrCecd2Q42UfTl5VadVUVr7MrZ2f5vXbQvliSD/am7f32YJ95wwbV1QsBx3cv 089DdxwFNmW+i9tQhPqyboeruKzSm0BFB8TTw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; bh=8r8yLE6DzGlSBhNWKaor+RO8P/XNYWrDlzc1yxZvJ8U=; b=VvStBYa+LN6TemCc5Ca3PJxc61kMnn7yj0AeO/s1VxeTxavEQdCIMW+S5gmM/gXvo8 gpm0gkaDsqzPN3Inr1ujAUNQcf++WtWfv4cwCYwm7FCmWiwj8h4GJ3B0ALHaGCOTbyfU rpgGirIaj7irUULV5M1TkCwWM73HNAvNj27A9a4dUXnplofrE96vVHVsw2L7U9aqgwYs /qmxL1fYkd57Z5N58yyureGw209W5TKYZC72LIqPNm9KUTlhEK9orSv4fQlLSKN7Ggdd DEJOEgPUo2sFd2fNDhbFgdWY2jNLJf2uqumU+6QzpgJc0lxWHHadsyhqyROOURMNiG8D PGBw==
X-Gm-Message-State: ALoCoQmPffUpcZZ3Zw7BZf7bBqswJMxBmk/CEFscV5fPt2uQQOItdmGKioUBW59KuvDlgjQaTQde0QigQpYYUeVOT0NkFKmUCs4lopOw7x5TwigJ1wpdk4Y=
X-Received: by 10.50.155.65 with SMTP id vu1mr6066470igb.11.1449257931571; Fri, 04 Dec 2015 11:38:51 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cm41VD40tiwR-sO9piPu01rRkoWKPwHWCKcr5Z9id8kDg@mail.gmail.com> <CACsn0ckkqhmH82P=NOaRF9J+EYBf=4HwfaBXKMvkp2QGdmnqNA@mail.gmail.com> <20151204005208.5b9aad75@pc1> <1819508.BiWZzO1XF0@pintsize.usersys.redhat.com>
In-Reply-To: <1819508.BiWZzO1XF0@pintsize.usersys.redhat.com>
From: David Benjamin <davidben@chromium.org>
Date: Fri, 04 Dec 2015 19:38:39 +0000
Message-ID: <CAF8qwaDNRe57m3xTy0A1FCzX+YkNDz_7N0d44mJEop-p5G3e6g@mail.gmail.com>
To: Hubert Kario <hkario@redhat.com>, tls@ietf.org
Content-Type: multipart/alternative; boundary="001a11346410336207052617a8e6"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/BivHTq8r6C6C529OVvU4v705Hvc>
Subject: Re: [TLS] Fresh results
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 19:38:54 -0000

On Fri, Dec 4, 2015 at 1:17 PM Hubert Kario <hkario@redhat.com> wrote:

> On Friday 04 December 2015 00:52:08 Hanno Böck wrote:
> > * Fully deprecate RSA key exchange.
> > The compatibility costs of this one are high. They are even higher
> > considering the fact that chrome wants to deprecate dhe and use rsa as
> > their fallback for hosts not doing ecdhe. ecdhe implementations
> > weren't widespred until quite recently. A lot of patent foo has e.g.
> > stopped some linux distros from shipping it.
>
> Then maybe Chrome should reconsider.
>

Note that Apple has already removed DHE cipher suites from Safari in the
latest OS X and iOS releases, so advertising only DHE is already infeasible
for most servers.

I don't think telling servers to disable RSA ciphers and only advertise
DHE_RSA ciphers makes much sense. The set of servers which...

1. Are willing to disable plain RSA.
2. Don't have ECDHE support.
3. Are unwilling to take updates and get ECDHE support.
4. Support DHE support *with a sensible group*.
5. Are willing to deploy DHE with said sensible group despite the
compatibility and performance hit.

...is certainly all but nil.

David

I think we're overstating the compatibility costs.
>
> very few widely deployed implementations (with the exception of the long
> deprecated Windows XP) lack support for DHE_RSA *and* ECDHE_RSA at the
> same time
>
> --
> Regards,
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech
> Republic_______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email