Re: [TLS] ban more old crap
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Sat, 25 July 2015 05:35 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F13071B2B18 for <tls@ietfa.amsl.com>; Fri, 24 Jul 2015 22:35:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id POA6qKV171IF for <tls@ietfa.amsl.com>; Fri, 24 Jul 2015 22:35:54 -0700 (PDT)
Received: from emh06.mail.saunalahti.fi (emh06.mail.saunalahti.fi [62.142.5.116]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90C721B2B2B for <tls@ietf.org>; Fri, 24 Jul 2015 22:35:52 -0700 (PDT)
Received: from LK-Perkele-VII (a91-155-194-207.elisa-laajakaista.fi [91.155.194.207]) by emh06.mail.saunalahti.fi (Postfix) with ESMTP id 12179699AB; Sat, 25 Jul 2015 08:35:49 +0300 (EEST)
Date: Sat, 25 Jul 2015 08:35:49 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <20150725053549.GA24205@LK-Perkele-VII>
References: <201507221610.27729.davemgarrett@gmail.com> <1724827.ajpDBsKllU@pintsize.usersys.redhat.com> <201507231143.46288.davemgarrett@gmail.com> <55B11EFC.6070400@cs.tcd.ie> <CABcZeBMbuqKwK2T1e0jHOE6+SJRViBZAny_2Bo5x-eDTp_-b9g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABcZeBMbuqKwK2T1e0jHOE6+SJRViBZAny_2Bo5x-eDTp_-b9g@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LL3cbqBStz96PJanQS_r2-J1P1U>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] ban more old crap
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 05:35:57 -0000
On Thu, Jul 23, 2015 at 07:10:30PM +0200, Eric Rescorla wrote: > On Thu, Jul 23, 2015 at 7:06 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> > wrote: > > > A suggestion - could we remove mention of anything that > > is not a MUST or SHOULD ciphersuite from the TLS1.3 document > > and then have someone write a separate draft that adds a > > column to the registry where we can mark old crap as > > deprecated? > > > > Not sure if it'd work though. > > > > I'm starting to lean towards this. I don't generally think of TLS 1.3 as a > vehicle > for telling people how to configure use of TLS 1.2, and I think it might be > better > to move all that stuff out. The MUST/SHOULD list is presumably: {ECDHE_RSA,ECDHE_ECDSA,PSK}*{AES-128-GCM,AES-256-GCM,Chacha20-Poly1305}? (9 ciphersuites)? Or are there some others there as well (of course, if new signatures appear and get their own ciphersuites, then three of those too)? Then what to mark as deprecated? Everything that doesn't work with TLS 1.3 is pretty obvious candidate. Which would mean deprecating TLS 1.0 and 1.1, as all ciphersuites for those get deprecated. Then I made this table of ciphersuites that work with TLS 1.3: +---------------+-------+-------+-------+-------+ | |AESGCM |VANITY |AESCCM |CHACHA | +---------------+-------+-------+-------+-------+ |DHE_RSA |Y |Y |Y |P | |DHE_DSS |Y |Y |Y |- | |DHE_PSK |Y |Y |- |- | |DHE_anon |Y |Y |Y |- | |ECDHE_RSA |Y |Y |- |P | |ECDHE_ECDSA |Y |Y |Y |P | |ECDHE_PSK |P |- |P |P | |ECDHE_anon |- |- |- |- | |ECDHE_ECIDSA |- |- |- |- | |PSK |Y |Y |Y |P | +---------------+-------+-------+-------+-------+ Legend: - => No active proposal, P => active I-D proposes these, Y => In registry AES-GCM => AES-GCM ciphers VANITY => ARIA and CAMELLIA (GCM). SEED doesn't have AEAD. AES-CCM => AES-CCM ciphers CHACHA => Chacha20-Poly1305. Comments on some methods: - DHE_RSA: Uses FFDHE, problematic especially on 1.2 and older. - DHE_DSS: Virtually nobody uses this or will use this (already removed from two major browsers. - DHE_PSK: IoT type, but I don't think IoT appriciates FFDHE. - DHE_anon: Anonymous. - ECDHE_RSA: ECC certs are still much harder to get than RSA. - ECDHE_anon: Should add if not deprecating anonymous. - ECDHE_ECIDSA: New signature scheme. Or try merging this with ECDHE_ECDSA (requires bit of bending of 1.2 rules). - PSK: Needed for resumption in TLS 1.3. -Ilari
- [TLS] A la carte concerns from IETF 93 Dave Garrett
- Re: [TLS] A la carte concerns from IETF 93 Hubert Kario
- Re: [TLS] A la carte concerns from IETF 93 Ilari Liusvaara
- [TLS] ban more old crap (was: A la carte concerns… Dave Garrett
- Re: [TLS] ban more old crap (was: A la carte conc… Viktor Dukhovni
- Re: [TLS] ban more old crap (was: A la carte conc… Dave Garrett
- Re: [TLS] ban more old crap Stephen Farrell
- Re: [TLS] ban more old crap (was: A la carte conc… Yuhong Bao
- Re: [TLS] ban more old crap Eric Rescorla
- Re: [TLS] ban more old crap Hubert Kario
- Re: [TLS] ban more old crap (was: A la carte conc… Hubert Kario
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Ilari Liusvaara
- Re: [TLS] ban more old crap Hubert Kario
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Hubert Kario
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Yuhong Bao
- Re: [TLS] ban more old crap Ilari Liusvaara
- Re: [TLS] ban more old crap Viktor Dukhovni
- Re: [TLS] ban more old crap Salz, Rich
- Re: [TLS] ban more old crap Stephen Farrell
- Re: [TLS] ban more old crap Benjamin Beurdouche
- Re: [TLS] ban more old crap Eric Rescorla
- Re: [TLS] ban more old crap Martin Thomson
- Re: [TLS] ban more old crap Salz, Rich
- Re: [TLS] ban more old crap Martin Thomson
- Re: [TLS] ban more old crap Viktor Dukhovni
- Re: [TLS] ban more old crap Viktor Dukhovni
- Re: [TLS] ban more old crap Dave Garrett
- Re: [TLS] ban more old crap Viktor Dukhovni