Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]

Rob Stradling <> Mon, 01 June 2015 20:46 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C2D491A8AC4 for <>; Mon, 1 Jun 2015 13:46:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 64mjoYi1gqWO for <>; Mon, 1 Jun 2015 13:46:09 -0700 (PDT)
Received: from ( [IPv6:2a02:1788:402:c00::c0a8:9cd6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 61EC21A9025 for <>; Mon, 1 Jun 2015 13:46:08 -0700 (PDT)
Received: (qmail 5272 invoked by uid 1004); 1 Jun 2015 20:46:06 -0000
Received: from (HELO ( by (qpsmtpd/0.84) with ESMTP; Mon, 01 Jun 2015 21:46:06 +0100
Received: (qmail 16989 invoked by uid 1000); 1 Jun 2015 20:46:06 -0000
Received: from (HELO []) ( (smtp-auth username rob, mechanism plain) by (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Mon, 01 Jun 2015 21:46:06 +0100
Message-ID: <>
Date: Mon, 01 Jun 2015 21:46:04 +0100
From: Rob Stradling <>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Michael Hamburg <>, Daniel Kahn Gillmor <>
References: <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <>
Cc: Phillip Rogaway <>, TLS Mailing List <>, Charanjit Jutla <>
Subject: Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 01 Jun 2015 20:46:12 -0000

On 01/06/15 19:33, Michael Hamburg wrote:
> I tried to get one from Comodo about a year ago.  It wasn’t advertised on their website but I asked one of their tech support folks.  They said that it was an experimental feature for business customers only, and would cost me something like $600.  I don’t remember if that was a 1-year or 3-year cert.

Hi Mike.  It's true that we haven't made a big deal of advertising the 
fact that we are happy to certify EC public keys and sign using ECDSA 
these days.

I'm rather puzzled by your experience with our tech support guys though. 
  It's never been an "experimental feature for business customers only". 
  And we don't set different prices for EC certs compared to RSA certs.

If you place an order directly with Comodo, and provide a CSR containing 
an EC public key (secp256r1, secp384r1 or secp521r1), then the resulting 
cert will be signed using ECDSA.  Simple as that.  It should be equally 
simple if you order via a Comodo reseller, but as DKG said, YMMV.  (I'm 
guessing that some reseller systems might feel the need to attempt to 
parse the CSR...and fail because they're not ECC-ready).

> I looked at Verisign’s catalog as well, and it was labeled as an enterprise feature with an even higher price tag.  Low thousands I think.  I asked the guys at BaySec and they said that this was the shape of the market at that time.
> I also looked at StartSSL.  They are free, but only offer RSA certs.  I mostly wanted ECDSA for performance on a super slow home server, and I figured $600 in hardware upgrades would go a lot further than $600 in certs.
> Anyway you can get ECDSA certs relatively easily, but not cheaply; or at least, that’s how it was a year ago.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online