Re: [TLS] Ala Carte Cipher suites - was: DSA should die
Yoav Nir <ynir.ietf@gmail.com> Tue, 14 April 2015 06:03 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83D5D1B33FB for <tls@ietfa.amsl.com>; Mon, 13 Apr 2015 23:03:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eZ45XcWHvK8a for <tls@ietfa.amsl.com>; Mon, 13 Apr 2015 23:03:33 -0700 (PDT)
Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com [IPv6:2a00:1450:400c:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE2D01B33F9 for <tls@ietf.org>; Mon, 13 Apr 2015 23:03:32 -0700 (PDT)
Received: by wgso17 with SMTP id o17so103534984wgs.1 for <tls@ietf.org>; Mon, 13 Apr 2015 23:03:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LodH8Wyu4hBhhDCF1G2oweA5utBeBGE721MS/Gy3xT4=; b=BjvCRwnI34kJogHIQVwqrnPBNFnWKO1opFBumH67CMBEL9z8rgHoOHnJXU0g93ujne JLlVdpp89pdUpOAsNfRsGddU2szdwIc8QrUxFkMFZSLbc9UoXZcIROnmvzMsPFKynyBG wQImzxX1+MBhX0uhKfmxh9Z03AEi7ybtVjaM2OMpv7rNjyABOdVjrySaFMpEO3mDwSES PsLmHYedm5352BbV62Jr0Er89s1QvzekOp6gEe1z5X70NCD9MoGzA2KSCxtazyHwVk3p da/NpqAzjvPHEpUilnomv++E4wJU8Gvnd6HFfO+XkcjQRcmNseLX69LiTrOULiM2hsnh uhlQ==
X-Received: by 10.181.29.36 with SMTP id jt4mr11251907wid.21.1428991411712; Mon, 13 Apr 2015 23:03:31 -0700 (PDT)
Received: from yoavs-mbp.mshome.net ([176.12.143.32]) by mx.google.com with ESMTPSA id mc20sm1191279wic.15.2015.04.13.23.03.30 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 13 Apr 2015 23:03:30 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <87oamrs98q.fsf@alice.fifthhorseman.net>
Date: Tue, 14 Apr 2015 09:03:27 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <6CF84798-4553-493B-9B6A-899336090D5A@gmail.com>
References: <CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com> <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com> <201504021257.09955.davemgarrett@gmail.com> <CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com> <551DE914.4010804@nthpermutation.com> <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com> <CABkgnnXoBmSfoK5Ht5x7jqf3zGB-mDntcVRMVzKgr2wfsixgNg@mail.gmail.com> <m2r3rnzqfi.fsf@localhost.localdomain> <AAC2BF7D-C528-42A0-8BAD-74CA451DAEBE@gmail.com> <m2mw2bzkkk.fsf@localhost.localdomain> <20150414003658.GB17637@mournblade.imrryr.org> <87oamrs98q.fsf@alice.fifthhorseman.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/NqDFLfjSLAqsAQahsPXm2CKoNfs>
Cc: tls@ietf.org
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2015 06:03:34 -0000
> On Apr 14, 2015, at 6:02 AM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > > On Mon 2015-04-13 20:36:58 -0400, Viktor Dukhovni wrote: >> So a key question is whether policies that rule out various corners >> of the product space are legitimately required??? > > Here's one (granted, contrived) policy: > > * i'm willing to talk to US Government peers (they all want Suite B) > and Russian Government peers (they all want GOST). so my policy is > that I want either an all-GOST collection or an all-suite-B > collection. a la carte would suggest that i'd be OK with GOST key > agreement combined with suite B symmetric crypto, though i would not > consider that OK. > IKE has a complex structure of multiple “proposals”, each a collection of several “transforms”, where a “transform” is one algorithm and you can have more than one algorithm of the same type in a single proposal, so you could have for example: - proposal #1: GOST signature, GOST DH group, GOST encryption, GOST MAC - proposal #2: AES-128-CGC, AES-GCM-128, HMAC-SHA-1, HMAC-SHA-256, 2048-bit DH group, P-256, RSA certificates. I haven’t found this construct to be particularly useful, and my implementation only ever emits one proposal (but can be configured with multiple algorithms). Back to TLS: Your contrived policy can be implemented in the server. Your server (or Rich’s hosting) can be programmed to select only certain combinations depending on SNI, and that does not require any special support in the protocol. For a client it is more difficult. Do we have a use case where a client connects to some site, and is fine with either GOST certificates and GOST encryption, or with AES-GCM and ECDSA, but not a mix? If we accept that such policies should be enforced by servers, I think the problem goes away. Yoav
- Re: [TLS] DSA should die Yoav Nir
- Re: [TLS] DSA should die Dave Garrett
- [TLS] DSA should die Hanno Böck
- Re: [TLS] DSA should die Aaron Zauner
- Re: [TLS] DSA should die David Benjamin
- Re: [TLS] DSA should die Stephen Checkoway
- Re: [TLS] DSA should die Tony Arcieri
- Re: [TLS] DSA should die Bill Frantz
- Re: [TLS] DSA should die Tom Ritter
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Martin Rex
- Re: [TLS] DSA should die Watson Ladd
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die CodesInChaos
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Ilari Liusvaara
- Re: [TLS] DSA should die Joseph Salowey
- Re: [TLS] DSA should die Kurt Roeckx
- Re: [TLS] DSA should die Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Martin Thomson
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Sniffen
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Andrei Popov
- Re: [TLS] Negotiate only symmetric cipher via cip… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Negotiate only symmetric cipher via cip… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Negotiate only symmetric cipher via cip… Dmitry Belyavsky
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir