Re: [TLS] Ala Carte Cipher suites - was: DSA should die

Aaron Zauner <azet@azet.org> Mon, 13 April 2015 12:59 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 150BD1B2F73 for <tls@ietfa.amsl.com>; Mon, 13 Apr 2015 05:59:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2rg-g_4TEZTb for <tls@ietfa.amsl.com>; Mon, 13 Apr 2015 05:59:06 -0700 (PDT)
Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com [209.85.212.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D02BF1B2F58 for <tls@ietf.org>; Mon, 13 Apr 2015 05:59:05 -0700 (PDT)
Received: by widdi4 with SMTP id di4so71198936wid.0 for <tls@ietf.org>; Mon, 13 Apr 2015 05:59:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=XxEPtNKmQqwwl1x8IXHZv0R52W3vdoSkHfXFwM3mwiM=; b=CZ+TS0yBWpdv8upb+MnCC352rAHvnYeuM1EVrXE4iMAC9mRMEyKZjCQ4D1ALEPvcd0 zu6MQ8ED1N0PQAy/oAPY6l0Ffl3AtLNULuEiohZF0cfWKrivXRSBxdztv+Ew9Y/6B0XM c2JDoqbgl3Mz+ApNtbP1cpzAxw+8rOfzmeNDIGRP9zKqLBSCec9XT30w/F3bqrW1/Enl mhYtpO889jdcyDfn9fYs7adCbvIcD4IopCTcjCvPYXn5yw/9r06UBcXsGp/HSFzd+zFs S1BJz7Sx4bCMaSiYIzIolookUKQBBBH3m/atVz9/C9DxnGNAcoULyb4/H0GXaDWz7ghV WGWg==
X-Gm-Message-State: ALoCoQmqZogBd/kSXYVgB/zy5bdlB1HdWOryxGsXRQLgWmBM61jWCo4rlLk9mXkPrv3aN7m7WQY4
X-Received: by 10.194.177.167 with SMTP id cr7mr26476466wjc.19.1428929944551; Mon, 13 Apr 2015 05:59:04 -0700 (PDT)
Received: from [192.168.23.81] (chello212017113090.11.11.vie.surfer.at. [212.17.113.90]) by mx.google.com with ESMTPSA id eh5sm11401009wic.20.2015.04.13.05.59.02 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 13 Apr 2015 05:59:03 -0700 (PDT)
Message-ID: <552BBD92.3010807@azet.org>
Date: Mon, 13 Apr 2015 14:58:58 +0200
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Dave Garrett <davemgarrett@gmail.com>
References: <20150401201221.163745c2@pc1.fritz.box> <201504032121.07726.davemgarrett@gmail.com> <551F6E22.1040207@azet.org> <201504041141.39158.davemgarrett@gmail.com>
In-Reply-To: <201504041141.39158.davemgarrett@gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig52B3B2557CD2DFE98B2DA3E8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/I3uBridX8qZYoef2Qg02ONFnYaw>
Cc: tls@ietf.org
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Apr 2015 12:59:07 -0000

Hi Dave et al.,

Sorry for the late reply.

Dave Garrett wrote:
> I'm fine with (EC)DHE_PSK, but I thought the consensus was that non-ephemeral cipher suites were not permitted any longer. I thought usage of plain PSK would be against TLS 1.3 & HTTP/2 consensus. If it really is needed, I think they should be prohibited in general TLS and only allowed via the IoT application profile.

As the draft currently is written it also applies to TLS 1.2. I have no
problem with removing non-ephemeral ciphersuites from the document,
given that there's agreement among embedded implementers.

So far no further comments on the ensuing discussion, your ideas are all
very interesting and -- I think -- are well worth exploring.

Aaron