Re: [TLS] DSA should die

Kurt Roeckx <kurt@roeckx.be> Thu, 02 April 2015 22:36 UTC

Return-Path: <kurt@roeckx.be>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08CB91A872C for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 15:36:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ew_6ICofKRlY for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 15:36:02 -0700 (PDT)
Received: from defiant.e-webshops.eu (defiant.e-webshops.eu [82.146.122.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DB151A1B49 for <tls@ietf.org>; Thu, 2 Apr 2015 15:36:02 -0700 (PDT)
Received: from intrepid.roeckx.be (localhost [127.0.0.1]) by defiant.e-webshops.eu (Postfix) with ESMTP id 812A41C20DF; Fri, 3 Apr 2015 00:35:59 +0200 (CEST)
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id 668BF1FE074A; Fri, 3 Apr 2015 00:35:59 +0200 (CEST)
Date: Fri, 3 Apr 2015 00:35:59 +0200
From: Kurt Roeckx <kurt@roeckx.be>
To: Nico Williams <nico@cryptonector.com>
Message-ID: <20150402223559.GA23692@roeckx.be>
References: <20150401201221.163745c2@pc1.fritz.box> <20150402002646.GR17637@mournblade.imrryr.org> <551C9008.5030605@cs.tcd.ie> <CAK3OfOii7LC+gXscsA1XMfZ4iNyyiHcUdPX_qqNT1=ddb+5HAw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAK3OfOii7LC+gXscsA1XMfZ4iNyyiHcUdPX_qqNT1=ddb+5HAw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/PXwaGSnE2INHIoQp1vqBjwZDAyU>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 22:36:04 -0000

On Wed, Apr 01, 2015 at 07:48:36PM -0500, Nico Williams wrote:
> 
> It would be easier to specify the inputs to the cartesian product.
> 
> It would be better to also negotiate (cipher+mode), (hash), (KDF), and
> (key agreement+server authentication) separately.

I've been wondering about getting rid of the ciphers as we know it
now and that maybe each of the components should instead have it's
own extension.


Kurt