Re: [TLS] I-D Action: draft-ietf-tls-curve25519-00.txt

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Mon, 15 June 2015 13:29 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14EFF1B2D3F for <tls@ietfa.amsl.com>; Mon, 15 Jun 2015 06:29:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hJ4CBz2ZCNUL for <tls@ietfa.amsl.com>; Mon, 15 Jun 2015 06:29:22 -0700 (PDT)
Received: from emh01.mail.saunalahti.fi (emh01.mail.saunalahti.fi [62.142.5.107]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81AA01B3615 for <tls@ietf.org>; Mon, 15 Jun 2015 06:29:21 -0700 (PDT)
Received: from LK-Perkele-VII (a91-155-194-207.elisa-laajakaista.fi [91.155.194.207]) by emh01.mail.saunalahti.fi (Postfix) with ESMTP id 86269900FE for <tls@ietf.org>; Mon, 15 Jun 2015 16:29:19 +0300 (EEST)
Date: Mon, 15 Jun 2015 16:29:19 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: tls@ietf.org
Message-ID: <20150615132919.GA28329@LK-Perkele-VII>
References: <20150612180230.4804.45802.idtracker@ietfa.amsl.com> <20150612195654.GA9401@LK-Perkele-VII> <CABkgnnVh6P=pkmdQJcsDgVr1=cYZ7darDjTaKnq_-d2vmB970Q@mail.gmail.com> <20150615130345.GJ14121@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20150615130345.GJ14121@mournblade.imrryr.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/OJvQzMHj-SwWldhgKLva42nmLdI>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-curve25519-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2015 13:29:24 -0000

On Mon, Jun 15, 2015 at 01:03:45PM +0000, Viktor Dukhovni wrote:
> On Fri, Jun 12, 2015 at 01:43:25PM -0700, Martin Thomson wrote:
> 
> > > "Servers MUST NOT select an ECDHE_ECDSA ciphersuite if there are no
> > > common curves suitable for ECDSA."
> > >
> > > You mean MUST NOT select ECDSA certificate? Because TLS 1.2 rules
> > > seemingly allow selecting ECDHE_RSA ciphersuite with ECDSA
> > > certificate.
> > 
> > This seems right to me.  The point here is that when a named_curve (or
> > named_group) identifies 25519, then it can't be used for ECDSA.  25519
> > is always OK with an _RSA_ suite.
> 
> It seems that provided there's also a named_curve for ECDSA
> that matches the certificate, then one might use 25519 for a key
> exchange that is signed with ECDSA.
> 
> If both are supported I don't see why this combination should be
> excluded.  What problem does the exclusion solve?
> 
> If 25519 ECDH is faster and safer than with ECDSA why not use it
> even with servers that sign the parameters with ECDSA?
 
The problem is that clients that support 25519 ECDHE might not
support any curve usable for ECDSA.

And even if they did, they are very unlikely to support 25519
ECDSA.


-Ilari