Re: [TLS] Require deterministic ECDSA
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 25 January 2016 19:36 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06B9E1A0033 for <tls@ietfa.amsl.com>; Mon, 25 Jan 2016 11:36:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gmQ-B754RZ8S for <tls@ietfa.amsl.com>; Mon, 25 Jan 2016 11:36:39 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id B91881A0024 for <tls@ietf.org>; Mon, 25 Jan 2016 11:36:39 -0800 (PST)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 12C2BF991; Mon, 25 Jan 2016 14:36:07 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id E4AA720085; Mon, 25 Jan 2016 14:36:08 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Yoav Nir <ynir.ietf@gmail.com>, Rich Salz <rsalz@akamai.com>
In-Reply-To: <1D8D93F4-7A7C-4875-927E-21E19AB5F942@gmail.com>
References: <CACaGAp=-xJZN=L3av+DX_WQcki_k=L-_tc5dZnJNtM=M0W8MnQ@mail.gmail.com> <CAGwT64i5v+0xXLzQYFO5JVKs302x6BgZYN+ffYzMVesgbB9biA@mail.gmail.com> <962c1d946dba48bf95d22f0aa5f77c8f@ustx2ex-dag1mb1.msg.corp.akamai.com> <1D8D93F4-7A7C-4875-927E-21E19AB5F942@gmail.com>
User-Agent: Notmuch/0.21+72~gd8c4f1c (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Mon, 25 Jan 2016 14:36:08 -0500
Message-ID: <87wpqxa1uf.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/MJ8dvcO-PyLF2W8g2L7ig5uxPfY>
Cc: Jacob Maskiewicz <jmaskiew@eng.ucsd.edu>, Joseph Birr-Pixton <jpixton@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Require deterministic ECDSA
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2016 19:36:41 -0000
On Mon 2016-01-25 14:10:13 -0500, Yoav Nir wrote: >> On 25 Jan 2016, at 5:08 PM, Salz, Rich <rsalz@akamai.com> wrote: >> >>> But any system running a TLS stack is already going to have a high quality entropy source for client/server randoms and IVs and such >> >> That's assuming a constraint that isn't accurate. > > Eh. Just s/is/should/ Remember that keys (whether in HSMs or not) can be moved between implementations. While it seems (hopefully) likely that most keys will usually be used with a TLS stack with a high-quality entropy source, it's also possible that the key gets used occasionally with some other, less sophisticated code or platform. We should be pushing heavily for deterministic ECDSA, even though it's not something we can require via wire protocol at runtime. --dkg
- [TLS] Require deterministic ECDSA Joseph Birr-Pixton
- Re: [TLS] Require deterministic ECDSA Joseph Birr-Pixton
- Re: [TLS] Require deterministic ECDSA Geoffrey Keating
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Brian Smith
- Re: [TLS] Require deterministic ECDSA Dave Garrett
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Watson Ladd
- Re: [TLS] Require deterministic ECDSA Filippo Valsorda
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- [TLS] Fwd: Re: Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Hubert Kario
- Re: [TLS] Require deterministic ECDSA Jacob Maskiewicz
- Re: [TLS] Require deterministic ECDSA Salz, Rich
- Re: [TLS] Require deterministic ECDSA Adam Langley
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Salz, Rich
- Re: [TLS] Require deterministic ECDSA Daniel Kahn Gillmor
- Re: [TLS] Require deterministic ECDSA Joseph Birr-Pixton
- Re: [TLS] Require deterministic ECDSA Watson Ladd
- Re: [TLS] Require deterministic ECDSA Salz, Rich
- Re: [TLS] Require deterministic ECDSA Jacob Maskiewicz
- Re: [TLS] Require deterministic ECDSA Bill Cox
- Re: [TLS] Require deterministic ECDSA Michael StJohns