Re: [TLS] Ala Carte Cipher suites - was: DSA should die

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 14 April 2015 04:01 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E013D1B32E6 for <tls@ietfa.amsl.com>; Mon, 13 Apr 2015 21:01:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5bybOtZIql-s for <tls@ietfa.amsl.com>; Mon, 13 Apr 2015 21:01:08 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA3201B32DF for <tls@ietf.org>; Mon, 13 Apr 2015 21:01:07 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 564D7283031; Tue, 14 Apr 2015 04:01:06 +0000 (UTC)
Date: Tue, 14 Apr 2015 04:01:06 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150414040106.GF17637@mournblade.imrryr.org>
References: <CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com> <551DE914.4010804@nthpermutation.com> <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com> <CABkgnnXoBmSfoK5Ht5x7jqf3zGB-mDntcVRMVzKgr2wfsixgNg@mail.gmail.com> <m2r3rnzqfi.fsf@localhost.localdomain> <AAC2BF7D-C528-42A0-8BAD-74CA451DAEBE@gmail.com> <m2mw2bzkkk.fsf@localhost.localdomain> <20150414003658.GB17637@mournblade.imrryr.org> <87oamrs98q.fsf@alice.fifthhorseman.net> <298ab44f77a84adda90125cd7bb4481d@usma1ex-dag1mb2.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <298ab44f77a84adda90125cd7bb4481d@usma1ex-dag1mb2.msg.corp.akamai.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/R6zb5EQrjIT0sFIqH-WsWa3l3j4>
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2015 04:01:11 -0000

On Tue, Apr 14, 2015 at 03:06:23AM +0000, Salz, Rich wrote:

> > Here's one (granted, contrived) policy:
> 
> Or, say, you're hosting those kinds of organizations.
> 
> Not contrived at all.

It suffices for clients to not offer building blocks they don't
implement.  If servers choose to "bundle" certain algorithms, that's
fine, so long as clients don't object to what they get.

Picky clients can offer a smaller cross-product.  Suite-B restrictions
IIRC are triggered in part by certificate content, which in turn
is selected via SNI.

I am sure we can find corner cases where legacy TLS implementations
warts and all needed various exclusions.  If TLS 1.3 clients can
only express cross-product suites, servers may be able to pick up
the slack as appropriate.

We need to be sure that the objections are really future requirements
for 1.3, rather than work-arounds for legacy 1.2 and older stacks
whose defects are not expected to be carried forward into 1.3.

That said, finally we're finding plausible cases in which ala carte
is less flexible.  Are these sufficiently compelling?

-- 
	Viktor.