Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx

Yoav Nir <ynir.ietf@gmail.com> Wed, 12 March 2014 21:03 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E265A1A077E for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 14:03:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bBsV9BWcLHyl for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 14:03:00 -0700 (PDT)
Received: from mail-ea0-x22f.google.com (mail-ea0-x22f.google.com [IPv6:2a00:1450:4013:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id F2D7F1A0764 for <tls@ietf.org>; Wed, 12 Mar 2014 14:02:59 -0700 (PDT)
Received: by mail-ea0-f175.google.com with SMTP id d10so99544eaj.6 for <tls@ietf.org>; Wed, 12 Mar 2014 14:02:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=DEhOJPLGk4zwmrwMz5aq+lDIXv7mnYVqrLhlL5NUg0U=; b=ZgJ1/8durd7OIzPJebXs/9A+rQr9NEuWi6w89t57Tdu9v15Sjcmsc0h1+1PWFykjDB zIOLvNE1aDLQelKq1ksv0ev+QlV0KIgLsZxbk7eZDU8VpZcRre7DgWTu4kcDPiIel3ZC r97BD33VxLyjbI5ix5laPQOwIMOFJErv2yBPVD/3DOm7YjmPBgQCV4kvmp2zV/d8QIQt jwzminFiVMHuMtArDKr82Ob7A5jQ3vdzLb63mn3FbAU2vtC82rTeiwLlLQ2VzeEWGhyp cwap1HjPM9Z82OgkHKrBaWu+ZLR2mpyLIPutbQKQLhnchQl8IXkDGmoL+rhMlRw6Zd2L HZSQ==
X-Received: by 10.14.198.197 with SMTP id v45mr34688977een.9.1394658173380; Wed, 12 Mar 2014 14:02:53 -0700 (PDT)
Received: from [192.168.1.101] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id f45sm287561eeg.5.2014.03.12.14.02.52 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 12 Mar 2014 14:02:52 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CAHE9jN0-8QLCCTp8Mmem3wvSXJrMrLxTSOv67Rs2-wMJxM+y9w@mail.gmail.com>
Date: Wed, 12 Mar 2014 23:02:51 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <C81CA1B3-B8D0-4E17-BDB1-A801BBBBC9A3@gmail.com>
References: <CAK3OfOgw70LVQsykxNZSH9+4Dn2inBTx0q0KrvujS1LOY1i9tg@mail.gmail.com> <532024EF.4060607@polarssl.org> <53205A3F.5080802@fifthhorseman.net> <2643d802-f33b-4caf-b5e1-4df42d59814e@email.android.com> <CAHE9jN0-8QLCCTp8Mmem3wvSXJrMrLxTSOv67Rs2-wMJxM+y9w@mail.gmail.com>
To: Alexandre Anzala-Yamajako <anzalaya@gmail.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/ISToGz3_znCcVkq3AQI51Icr0j4
Cc: tls@ietf.org
Subject: Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 21:03:02 -0000

Anonymous cipher suites save not only bandwidth, they also save calculation. 

ECDHE_RSA requires a private RSA operation on the server as well as the ECDH calculation
ECDHE alone requires only the ECDH calculation. 

In many servers the cost of the handshake is a more significant part of the sizing than the application or the encryption. So that would save a lot - the same server will be able to handle more clients.

However, anonymous cipher suites are very rarely used in practice. Browsers don’t implement them at all, and they’re not the default for any library.

Yoav

On Mar 12, 2014, at 3:34 PM, Alexandre Anzala-Yamajako <anzalaya@gmail.com> wrote:

> Just out of curisoity, is anyone aware of scenarios where people chose *_anon suites to save on the bandwidth of sending certificates ?
> 
> 
> -- 
> Alexandre Anzala-Yamajako
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls