Re: [TLS] DSA should die
Michael StJohns <msj@nthpermutation.com> Thu, 02 April 2015 23:33 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97AE11A8792 for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 16:33:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TQV2QynczVmc for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 16:33:30 -0700 (PDT)
Received: from mail-qg0-f49.google.com (mail-qg0-f49.google.com [209.85.192.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 782731A038A for <tls@ietf.org>; Thu, 2 Apr 2015 16:33:30 -0700 (PDT)
Received: by qgfi89 with SMTP id i89so209371qgf.1 for <tls@ietf.org>; Thu, 02 Apr 2015 16:33:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type; bh=tDHRLPVgf+EanYXTG3OySVY6uH3FvJEsT92iWtAzsyY=; b=BOoUkWEXStT4k2EG2qMef9DjE1aoFhNMzrN/aJGtljVCB77mYTPcECE1oCUEXGMkSW SLClFAU3y7qmsrxQtKNNyK3K9JGH5DXPTzxUtF9/M6sPWoVqQEQYZdbhXV+oK+KjNjj7 Sh5BF9f3BDEY+Fyf3hBrmLkBbpFyad9OywkT7ia98bzQSIRVUW//mjjtgKO3kKqimZK4 cxKNvC10vr8LXo8jsUZPz2lkObCK56TwCqZrDOPe5D7RXhwF88/3xOnF9EDZrlNE9i4a nemrC2r5BGDXA9d/bz/f4NgOc8y9E+Fx6UOhMagiCK58Qn28fJNvz2VxDHwwhJY/8pmC jsRw==
X-Gm-Message-State: ALoCoQn7IGJT8hNWbn1EtFlPscrp0lKV2lrDmKj8jgDpmqSrIHj1Rl0rzKIR58+x9okLeBCZYlNB
X-Received: by 10.140.84.164 with SMTP id l33mr62448427qgd.11.1428017609615; Thu, 02 Apr 2015 16:33:29 -0700 (PDT)
Received: from ?IPv6:2601:a:2a00:84:f827:63cf:7b05:550e? ([2601:a:2a00:84:f827:63cf:7b05:550e]) by mx.google.com with ESMTPSA id h34sm4516683qkh.34.2015.04.02.16.33.28 for <tls@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Apr 2015 16:33:28 -0700 (PDT)
Message-ID: <551DD1CC.1040502@nthpermutation.com>
Date: Thu, 02 Apr 2015 19:33:32 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: tls@ietf.org
References: <20150401201221.163745c2@pc1.fritz.box>
In-Reply-To: <20150401201221.163745c2@pc1.fritz.box>
Content-Type: multipart/alternative; boundary="------------060902030403030002000605"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/DnLxB05ufQmMAFpFym2Eae8gfTI>
Subject: Re: [TLS] DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 23:33:32 -0000
On 4/1/2015 2:12 PM, Hanno Böck wrote: > Hi, > > Mozilla just removed DSA support from Firefox. It seems the use of > (non-ecc) DSA in TLS is pretty much nonexistent. Still the TLS 1.3 draft > contains DSA. > > Proposal: DSA should go away and not be part of TLS 1.3. To translate the above, its basically asking that DHE_DSS and DH_DSS be removed as key exchange mechanisms. I've watched the discussion and mostly this is a don't care for me except: This is a cipher suite issue and nothing else. E.g. its an implementation decision rather than a protocol decision and vendors should be free to offer this if they think they have a market. The rest of us should gleefully remove this from the set of cipher suites we offer or accept. I would deprecate the older suites (e.g. anything less than <112 bits of strength) on general principles, but I would leave the choice whether or not to implement these to those who will charge what they need to charge when these are specified in RFPs as necessary. So for the base question - no. The section on DHE_DSS and DH_DSS in the TLS1.3 document should be unchanged from the TLS1.2 document AFAICT so there shouldn't be any additional work leaving it. Mike > > Reasons to remove DSA: > * DSA with 1024 bit is considered weak and DSA with more than 1024 bit > is widely unsupported. > * DSA has comparable security to RSA (it using same keysize) which is > the de-facto-default. Given that everybody uses RSA and nobody uses > DSA having the latter only adds unneccessary complexity. > * DSA can fail badly with bad random number generators. > > Some numbers: > In the 2013 https ecosystem scan there were 17 DSA keys on public IPs, > none of them CA-trusted: > http://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf > > I think it's safe to say nobody will care if DSA is removed. > > cu, > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] DSA should die Yoav Nir
- Re: [TLS] DSA should die Dave Garrett
- [TLS] DSA should die Hanno Böck
- Re: [TLS] DSA should die Aaron Zauner
- Re: [TLS] DSA should die David Benjamin
- Re: [TLS] DSA should die Stephen Checkoway
- Re: [TLS] DSA should die Tony Arcieri
- Re: [TLS] DSA should die Bill Frantz
- Re: [TLS] DSA should die Tom Ritter
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Martin Rex
- Re: [TLS] DSA should die Watson Ladd
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die CodesInChaos
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Ilari Liusvaara
- Re: [TLS] DSA should die Joseph Salowey
- Re: [TLS] DSA should die Kurt Roeckx
- Re: [TLS] DSA should die Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Martin Thomson
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Sniffen
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Andrei Popov
- Re: [TLS] Negotiate only symmetric cipher via cip… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Negotiate only symmetric cipher via cip… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Negotiate only symmetric cipher via cip… Dmitry Belyavsky
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir