Re: [TLS] Ala Carte Cipher suites - was: DSA should die
Brian Sniffen <bsniffen@akamai.com> Tue, 07 April 2015 23:25 UTC
Return-Path: <bsniffen@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEEC81A913E for <tls@ietfa.amsl.com>; Tue, 7 Apr 2015 16:25:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JBl4IgF-Pfye for <tls@ietfa.amsl.com>; Tue, 7 Apr 2015 16:25:36 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (prod-mail-xrelay02.akamai.com [72.246.2.14]) by ietfa.amsl.com (Postfix) with ESMTP id 005D41A9140 for <tls@ietf.org>; Tue, 7 Apr 2015 16:25:35 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (localhost [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 3323328539; Tue, 7 Apr 2015 23:25:35 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay02.akamai.com (Postfix) with ESMTP id 1E6742852B; Tue, 7 Apr 2015 23:25:35 +0000 (GMT)
Received: from tereva.kendall.corp.akamai.com (sfo-wp8n3.kendall.corp.akamai.com [172.19.34.11]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id ECF182026; Tue, 7 Apr 2015 23:25:34 +0000 (GMT)
From: Brian Sniffen <bsniffen@akamai.com>
To: Tony Arcieri <bascule@gmail.com>, "Salz, Rich" <rsalz@akamai.com>
In-Reply-To: <CAHOTMV+j2VECFme_iizE_9UnPfebSGETnfx0Cwv7BZQ-Oc902w@mail.gmail.com>
References: <20150401201221.163745c2@pc1.fritz.box> <CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com> <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com> <201504021257.09955.davemgarrett@gmail.com> <CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com> <551DE914.4010804@nthpermutation.com> <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com> <54c69c7ac7074ba8a2e71734843bf106@ustx2ex-dag1mb2.msg.corp.akamai.com> <CAHOTMV+j2VECFme_iizE_9UnPfebSGETnfx0Cwv7BZQ-Oc902w@mail.gmail.com>
User-Agent: Notmuch/0.19 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-apple-darwin14.0.0)
Date: Tue, 07 Apr 2015 19:25:34 -0400
Message-ID: <m2oamzwmfl.fsf@tereva.kendall.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/IwawvRIlONyOrN1ksVXLNVm9sGo>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2015 23:25:38 -0000
> As myself and many others have described, we're essentially being > asked to compute the combinatorial explosion of different ciphersuite > configurations by hand. Guess what happens when you do that? People > make mistakes. Lots of them, and terrible mistakes. For example, the OpenSSL configuration language encourages selections like: HIGH TLSv1:SSLv3:-EDH:-ADH:-NULL:@STRENGTH TLSv1:SSLv3:HIGH:-SSLv2:-MEDIUM:-LOW all of which admit terrible choices. I think this is because those look like short, easily comprehensible commands---but aren't. > Seems like a huge win to me. So what's the problem from an implementer > perspective besides "it'd be hard"? But that's not the wire format. That's the best attempt of implementors to provide a better configuration format than just listing everything you want. After a lot of trying for better, I am persuaded that the right answer is to explicitly list exactly what you want, or to reference first-order named sets of what you want---that set algebra on cipher selections is more dangerous. The best advice we can give now could be expressed to OpenSSL as 'EECDH+AESGCM', but it's not much more work to say ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256, and at least that looks like something you should read carefully and make sure you didn't swap a : and a -. -Brian -- Brian Sniffen
- Re: [TLS] DSA should die Yoav Nir
- Re: [TLS] DSA should die Dave Garrett
- [TLS] DSA should die Hanno Böck
- Re: [TLS] DSA should die Aaron Zauner
- Re: [TLS] DSA should die David Benjamin
- Re: [TLS] DSA should die Stephen Checkoway
- Re: [TLS] DSA should die Tony Arcieri
- Re: [TLS] DSA should die Bill Frantz
- Re: [TLS] DSA should die Tom Ritter
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Martin Rex
- Re: [TLS] DSA should die Watson Ladd
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die CodesInChaos
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Ilari Liusvaara
- Re: [TLS] DSA should die Joseph Salowey
- Re: [TLS] DSA should die Kurt Roeckx
- Re: [TLS] DSA should die Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Martin Thomson
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Sniffen
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Andrei Popov
- Re: [TLS] Negotiate only symmetric cipher via cip… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Negotiate only symmetric cipher via cip… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Negotiate only symmetric cipher via cip… Dmitry Belyavsky
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir