Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
"Salz, Rich" <rsalz@akamai.com> Tue, 17 August 2021 19:18 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B536E3A0826 for <tls@ietfa.amsl.com>; Tue, 17 Aug 2021 12:18:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level:
X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7pOUzsPqvXwv for <tls@ietfa.amsl.com>; Tue, 17 Aug 2021 12:18:22 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88E5E3A0821 for <tls@ietf.org>; Tue, 17 Aug 2021 12:18:22 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.1.2/8.16.0.43) with SMTP id 17HGYN7r011565; Tue, 17 Aug 2021 20:18:18 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=dDeMoPziQ0hBjN66FSZ+w44PSB2gnEeQqqL3N0NDwH8=; b=elKK7+UjSpdieeysT0BRIJHgOyZmK+I0WS2I0lxf4d7Iuk+2l20W7wc8jJsRdU8T6IWb SyyNosKU6Un4k/6LaeQO9GHT3wMmtzisZeExPTqPDpglDDx3RYtKuXjz1uQezoySzsS5 0CwbGw/UYIL5K9uLZ/YeGhfQ/siXji3ffhH3lMx655R4WqgZbggcqnTtPF+DLlh2qDvU /bUZA4EzVC4qFhxECuBV4Lk9so9JxFN2fxI9PAe4RZJ5FFx6rgqwODtYxRoW3hyZPF+b rN9InE+/WqstWaH7nzmwMXNeT5qWNx8un706HKF2/BndsLCOS72CRROTWiuVl1zUe+dV 9w==
Received: from prod-mail-ppoint4 (a72-247-45-32.deploy.static.akamaitechnologies.com [72.247.45.32] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 3agd89sqb4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 Aug 2021 20:18:18 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 17HJ40Wp009416; Tue, 17 Aug 2021 15:18:17 -0400
Received: from email.msg.corp.akamai.com ([172.27.165.114]) by prod-mail-ppoint4.akamai.com with ESMTP id 3agg11s0ym-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 17 Aug 2021 15:18:17 -0400
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.165.119) by ustx2ex-dag1mb5.msg.corp.akamai.com (172.27.165.123) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Tue, 17 Aug 2021 14:18:16 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.165.119]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.165.119]) with mapi id 15.00.1497.023; Tue, 17 Aug 2021 14:18:16 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: David Benjamin <davidben@chromium.org>, Filippo Valsorda <filippo@ml.filippo.io>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
Thread-Index: AQHXkEsievlYQkhI2k2w0QsYiPtP+atyAjQAgAVEJ4CAAMRgAIAAKBwA///2lgA=
Date: Tue, 17 Aug 2021 19:18:15 +0000
Message-ID: <3AAA4B88-0D58-4A88-B0B5-F5C8EA37B44D@akamai.com>
References: <CAOgPGoC4C0bWz0h0iyzGzMPEoDKAPv4euoOkmS+6Uuxncux4Zg@mail.gmail.com> <cc9c9d9f-d6b1-3b93-1231-a9a9c34a7fcd@gmail.com> <67533325-2983-47B7-871C-D90799D09532@ll.mit.edu> <CAOgPGoDAvnFic3VmEsge3i8C2FEfWp74ac_ievtfNo=MQB+C8g@mail.gmail.com> <385b963a-9627-4ede-b4a9-95b5badebc58@www.fastmail.com> <CAF8qwaA64fHrvUA9WjjRYQkg_zUV3AjgLaENSyo5C79U1XsPfg@mail.gmail.com>
In-Reply-To: <CAF8qwaA64fHrvUA9WjjRYQkg_zUV3AjgLaENSyo5C79U1XsPfg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.52.21080801
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: multipart/alternative; boundary="_000_3AAA4B880D584A88B0B5F5C8EA37B44Dakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-17_06:2021-08-17, 2021-08-17 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 mlxscore=0 adultscore=0 phishscore=0 mlxlogscore=999 bulkscore=0 malwarescore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108170119
X-Proofpoint-GUID: i4CZcWg85Ey0kpcKMq2UezXHiSDCYROB
X-Proofpoint-ORIG-GUID: i4CZcWg85Ey0kpcKMq2UezXHiSDCYROB
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-17_06,2021-08-17_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 adultscore=0 spamscore=0 clxscore=1011 suspectscore=0 mlxlogscore=999 priorityscore=1501 malwarescore=0 bulkscore=0 mlxscore=0 lowpriorityscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108170120
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 72.247.45.32) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint4
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/CPAiBcOV24z4cnwn3JkPQR-zyQA>
Subject: Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Aug 2021 19:18:28 -0000
I still support adoption, as I said a couple of weeks ago. I also still think we should consider merging this and draft-aviram-tls-deprecate-obsolete-kex-00. I know that I’ve also said this before (can’t find it in my “sent mail” folder), but the fact that some communities can still use this safely, or must use it (for a variety of reasons usually around the infeasibility of upgrading), doesn’t mean that the general populace should not be warned away from doing these kinds of things.
- [TLS] Adoption call for Deprecating FFDH(E) Ciphe… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Martin Thomson
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Martin Thomson
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Ilari Liusvaara
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Viktor Dukhovni
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Viktor Dukhovni
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Benjamin Kaduk
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… David Benjamin
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Eric Rescorla
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Loganaden Velvindron
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Benjamin Kaduk
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Dan Brown
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Peter Gutmann
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Nimrod Aviram
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rob Sayre
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Nimrod Aviram
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rob Sayre
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich