IETF Logo Mail Archive

Re: [TLS] DSA support in TLS 1.3.

Hanno Böck <hanno@hboeck.de> Mon, 31 August 2015 12:43 UTC

Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D9DB1B3B9F for <tls@ietfa.amsl.com>; Mon, 31 Aug 2015 05:43:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.334
X-Spam-Level: ***
X-Spam-Status: No, score=3.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SBL_CSS=3.335, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8JjtO0X2vJZK for <tls@ietfa.amsl.com>; Mon, 31 Aug 2015 05:43:08 -0700 (PDT)
Received: from zucker2.schokokeks.org (zucker2.schokokeks.org [178.63.68.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F15C41B304F for <tls@ietf.org>; Mon, 31 Aug 2015 05:43:07 -0700 (PDT)
Received: from pc1 ([::ffff:88.128.80.221]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 128bits, ECDHE-RSA-AES128-GCM-SHA256) by zucker.schokokeks.org with ESMTPSA; Mon, 31 Aug 2015 14:43:04 +0200 id 0000000000000031.0000000055E44BD8.00007ACA
Date: Mon, 31 Aug 2015 14:43:16 +0200
From: Hanno Böck <hanno@hboeck.de>
To: tls@ietf.org
Message-ID: <20150831144316.0a4fbf30@pc1>
In-Reply-To: <BN1PR09MB12440B6B7247A82976B0C40F36B0@BN1PR09MB124.namprd09.prod.outlook.com>
References: <BN1PR09MB124C4A9CEF8EAA293190CD8F36E0@BN1PR09MB124.namprd09.prod.outlook.com> <BN1PR09MB12440B6B7247A82976B0C40F36B0@BN1PR09MB124.namprd09.prod.outlook.com>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.28; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-31434-1441024984-0001-2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/HRx-S0ThOsy83n-ilTbbErUrQd4>
Subject: Re: [TLS] DSA support in TLS 1.3.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2015 12:43:10 -0000

On Mon, 31 Aug 2015 12:13:09 +0000
"Dang, Quynh" <quynh.dang@nist.gov> wrote:

> TLSs are used in more places than just
> public servers and common browsers. For the people who use DSA in
> TLSs, it would be nice if they could run TLS 1.3 with DSA if they
> choose to do so.

I think we all know that TLS is more than browsers.
However the "people who use DSA in TLS" are currently a mere statement
from you, we don't know if they exist. Several people have asked you
whether you can name use cases. You haven't answered.

As long as that's the case this discussion is pointless. We shouldn't
keep DSA just because someone we don't know might have a use case we
can't imagine.

If you can tell us
a) who is using DSA
b) why they think this has an advantage
we can have a useful discussion.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42

v2.23.0 | Report a Bug | By Email