IETF Logo Mail Archive

[TLS] Deprecating Static DH certificates in the obsolete key exchange document

Joseph Salowey <joe@salowey.net> Mon, 15 April 2024 18:14 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41036C14F681 for <tls@ietfa.amsl.com>; Mon, 15 Apr 2024 11:14:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BSY5bc4_e6k9 for <tls@ietfa.amsl.com>; Mon, 15 Apr 2024 11:14:23 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4A5DC14F601 for <tls@ietf.org>; Mon, 15 Apr 2024 11:14:23 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2d9fe2b37acso44372321fa.2 for <tls@ietf.org>; Mon, 15 Apr 2024 11:14:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20230601.gappssmtp.com; s=20230601; t=1713204861; x=1713809661; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=P6Lh/urf4jO+URHU+MBTPEu/FKBq9c9nD7K4KQ6vwhc=; b=sxEV7a9XO+chGylUlVopooROXpBRd+jmd7+ZYQzSNjn7a/9qv5HxBEqKm5sywqOxtE xuMU9UkMGUw/Wm/GZqM29/807e2ydVmWJOY4AqiXWqkeCWBKbnOKJjjImdl8NSCUfAhf OCTMtcrY9ZPEj0cwV7vz7JVMKGHC3IdL4seYOjlIDXxqapNzphOuhqQhgpVn0Pxgb9x0 2fOe+QgIbC+ttDDsquqwbIOgEeiax35gWm2iQAQ6+11H25CPQCjmtDOYui/C3oosbAls zOG2q0jMQEiMUHtM5pzwlzFf4tLVgHVP8dU0yzrubloUKlGrBZ9Q7UqqkC8dsRVQscnZ ZSaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713204861; x=1713809661; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=P6Lh/urf4jO+URHU+MBTPEu/FKBq9c9nD7K4KQ6vwhc=; b=FzgMv6m+1AUgoxVmE5MtmU9Ly+qHg+IpdzKh+qx9J7Cf0EBhMH1s5ohszZtVKNGJJB sop6jqW3u5zSyZOG2VFIIz5znIazGvGFOwT/7tXt7Q3D/i0kDfimm6ygYLjEC8l6lxLB Dh3GFOcsw6BvIhYlNdCxmqTCljV1aDERBEwYkcB9wRAR7qb2vletZWXwNOxQDZld9Zgs kDBmiNEffKrSvU6gbM/EmHX1OSxKNizaKPjE0YXZm/svzzAbMNVpTftI2ajvykrS3Cho vCmot4ZTjvKyK26Vp5s5u3Tte36izuRkMScBC9Dk2KrdLCM4k7FepoYXzklSUXUMGxXj azgg==
X-Gm-Message-State: AOJu0YyXII0Zbb6vJDuL+beJrYrGKjnu74icdiDZV35fbk3T32AJzs72 HKR+Idc6YM/uqheYvMed+GnzXBHOznVhvjpcB6Du6K6gF2t3Z4U2XACSv2jZ308svccP94nTIB2 7ioRlxJE7PItfRlGHlYqvkxHu6nsHxlR2hpBlBwa3tmr6iH/iYNU=
X-Google-Smtp-Source: AGHT+IFlxqWtMuN/GuLKdUnuKxGHmlybJlb5ehtjMRiR5evi8uTa/vExtUYYdJNgmHH1ET2Ej+gDEQAxdkLvPaGP/ZM=
X-Received: by 2002:a2e:300b:0:b0:2d7:7c0:b077 with SMTP id w11-20020a2e300b000000b002d707c0b077mr6562140ljw.43.1713204860003; Mon, 15 Apr 2024 11:14:20 -0700 (PDT)
MIME-Version: 1.0
From: Joseph Salowey <joe@salowey.net>
Date: Mon, 15 Apr 2024 11:14:08 -0700
Message-ID: <CAOgPGoBBq-SBb4N1b0VCyUxMytbgRCoGWOQug-XJAKSYh6Ezag@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001bcef90616269773"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/QR4o-JF4pq4KoyaYN2PWT1ChXYU>
Subject: [TLS] Deprecating Static DH certificates in the obsolete key exchange document
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 18:14:24 -0000

At IETF 119 we had discussion that static DH certificates lead to static
key exchange which is undesirable.  Although the current draft deprecates
static DH ciphersuites, it seems that RFC 5246 allows the client to provide
a certificate with a static DH keypair to provide static parameters in
(EC)DHE in TLS 1.2 (I don't know of any implementations that do this).

Should the draft deprecate these ClientCertificateTypes and mark the
entries (rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, ecdsa_fixed_ecdh) as
'D' discouraged?

Please respond with any comments on this proposal by April 30,2024.

Thanks,

Sean, Deirdre and Joe

v2.23.0 | Report a Bug | By Email