Re: [TLS] Should we support static RSA in TLS 1.3?

Eric Rescorla <ekr@rtfm.com> Sun, 17 November 2013 05:04 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9603F21F8FF8 for <tls@ietfa.amsl.com>; Sat, 16 Nov 2013 21:04:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.976
X-Spam-Level:
X-Spam-Status: No, score=-102.976 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OKuhDvuOydgl for <tls@ietfa.amsl.com>; Sat, 16 Nov 2013 21:03:52 -0800 (PST)
Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com [209.85.212.180]) by ietfa.amsl.com (Postfix) with ESMTP id 1005611E8569 for <tls@ietf.org>; Sat, 16 Nov 2013 21:03:51 -0800 (PST)
Received: by mail-wi0-f180.google.com with SMTP id ey16so2555246wid.1 for <tls@ietf.org>; Sat, 16 Nov 2013 21:03:51 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=w/tZzCCtFOebo/PLF6vYNuec+XvqPdeHgBngVB9TiiA=; b=ZzFhopYkM5UEAyX/aHpLVrR0Y5ky3IqdOS05OCnTvXwDBBxb5R+ytikwxPSmxE5Sqd o8Vhm2dx0NC05LQpCCBNhYXphDeKCCzlanXzNQF2zbxM01Vh6n/RoIzv/YsxV7JhTPVe UjCtoK8XmQqEckqdwFQPvL/aiuJmUBOG/SBIM/yYyzEjkQUqGLrGC0EoQKsSXAp8vVKD WHS8K88A80dLS7woZrjD8RmRGUTifybMqOeqaHgu1awbT4r6sneT5u0q2B28MMK/9BUH MYN9W5bbxmbZ6G0xsGSOuL1dE80LHyn9dSqHMxx8VhY/tZch4y0X80X+UKfEMms6lQk/ YeWg==
X-Gm-Message-State: ALoCoQlg4KtTs/B122dkiCo8iuACEcNDyZLH5UtRxbgbKZvAkOn2oFEPRi1SObISfVpovm7lX8b3
X-Received: by 10.194.89.233 with SMTP id br9mr11968480wjb.15.1384664631126; Sat, 16 Nov 2013 21:03:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.152.137 with HTTP; Sat, 16 Nov 2013 21:03:10 -0800 (PST)
X-Originating-IP: [74.95.2.168]
In-Reply-To: <CACsn0cnd58NwPfmXXdH4NsqPa5Mes2H5_9_HsB+jLJ8ViNG6ig@mail.gmail.com>
References: <CABcZeBN3WPigLn-ggm2YGTcPEwn8G-1ecRAxdCtK3ueuUPF09Q@mail.gmail.com> <CACsn0cnd58NwPfmXXdH4NsqPa5Mes2H5_9_HsB+jLJ8ViNG6ig@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 16 Nov 2013 21:03:10 -0800
Message-ID: <CABcZeBMESWo9PN7C-aeAmF+GdOGFxvS45FW=8RK1HqEEk2DPPg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary=089e0102fb5c78c8fb04eb585be3
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Should we support static RSA in TLS 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2013 05:04:01 -0000

On Sat, Nov 16, 2013 at 8:32 PM, Watson Ladd <watsonbladd@gmail.com> wrote:

> I think that we need a better idea of the problem we are trying to solve.
> Trading computation for latency by going to ECDSA/RSA signing certs
> and signing a Diffie-Hellman exchange is a good idea for Google and the
> web,
> but not so for embedded devices.
>

TLS is extensively used in both settings.

That said, using ephemeral keying doesn't really improve latency
that much. There are a number of cases to consider, but off the top
of my head you get between 0-1/2 RTT by switching to ephemeral
exchange, depending on how much information the client has
about the server.

-Ekr



> Sincerely,
> Watson Ladd
>