[TLS] Nuking DHE in favour of ECDHE (Was: Re: Confirming Consensus on removing RSA key Transport from TLS 1.3)

Martin Thomson <martin.thomson@gmail.com> Fri, 28 March 2014 00:04 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D16611A03F8 for <tls@ietfa.amsl.com>; Thu, 27 Mar 2014 17:04:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gexR1fTSY3T2 for <tls@ietfa.amsl.com>; Thu, 27 Mar 2014 17:04:04 -0700 (PDT)
Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) by ietfa.amsl.com (Postfix) with ESMTP id 6F68E1A034E for <tls@ietf.org>; Thu, 27 Mar 2014 17:04:04 -0700 (PDT)
Received: by mail-wg0-f41.google.com with SMTP id n12so3102803wgh.24 for <tls@ietf.org>; Thu, 27 Mar 2014 17:04:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=roF9RkhIXsn9ZF/APyMfwlLLcwgqbtuDO0j64z1vUFc=; b=mD/DoCwsQfw3ZKdVrcslY9m7YDPjo3BMVvCEgFnHyWJQMigXAkfPlUelBDaWB4riQw RU+UgHsoDGLPjRtUmTlSYL05+8Vr3E2gOJ91kWEY1Kd9UaH+OWOv39KQ5z5nT22yE7LL 5jwj4jy70nf4fmOlXhMZJEfCdUwYFFR7HKIKe/yKWDJ3oBRqOxZHphuIF7wLttXWjutG LaeJbiefiEYWeFoaC7+LDP7+nstyGN6SVYqYmJUiGyWlda5ixXOxYE1pc4xCI8pRXVoP QVXK62wRTiB8CTRw9eDVuhS2EpJA6OkPz1srOKCSDEkgePaN0gmH1zBvh3zYslKhfgNT r1yQ==
MIME-Version: 1.0
X-Received: by 10.180.75.202 with SMTP id e10mr43825418wiw.50.1395965042034; Thu, 27 Mar 2014 17:04:02 -0700 (PDT)
Received: by 10.227.147.10 with HTTP; Thu, 27 Mar 2014 17:04:01 -0700 (PDT)
Date: Thu, 27 Mar 2014 17:04:01 -0700
Message-ID: <CABkgnnX=KM4YVf1+znp_HS+Pu6DSw64q1adDC4EOPqRLuTDZKQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Marsh Ray <maray@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/EE7wZDWyGYc7ehK5oyZGvTaHovE
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: [TLS] Nuking DHE in favour of ECDHE (Was: Re: Confirming Consensus on removing RSA key Transport from TLS 1.3)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 00:04:06 -0000

(Renaming the thread, since this is what we seem to be talking about)

On 27 March 2014 16:55, Marsh Ray <maray@microsoft.com> wrote:
> From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Alyssa Rowan
>>
>> Show of hands: who *really* wants to deploy 2048-bit (or above) DHE, when they could have curve25519 instead?
>
> The general consensus at Microsoft is that we like ECDHE much better than the classic DHE.

I think that this is the general trend, but is it so bad that you
would want to prohibit DHE?