Re: [TLS] Should we support static RSA in TLS 1.3?
Peter Gutmann <p.gutmann@auckland.ac.nz> Tue, 26 November 2013 23:21 UTC
Return-Path: <p.gutmann@auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF97C1AE04A for <tls@ietfa.amsl.com>; Tue, 26 Nov 2013 15:21:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kkV7l80Z3H01 for <tls@ietfa.amsl.com>; Tue, 26 Nov 2013 15:21:23 -0800 (PST)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) by ietfa.amsl.com (Postfix) with ESMTP id 58D5E1AE052 for <tls@ietf.org>; Tue, 26 Nov 2013 15:21:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1385508083; x=1417044083; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=KmGy/0Leyo0yuEfrd5ymS4YJBw7UD6mxDQxeccQXjng=; b=SV14emqAtGaM+l0A9kVdlaqC6krusX7z1ndtGNHslvQwRQ9I57raWY68 X6yZinS510vmbdiICeE+m6xQBFj2e2lnG6bAuM6vRJE6pds1jqZUlzX/G ZuJ9oP82yYAOqwfDheGbVVsBEpBok+qHVgRBCDL8GD0MhwJnN077fZaD2 8=;
X-IronPort-AV: E=Sophos;i="4.93,778,1378814400"; d="scan'208";a="224227773"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 27 Nov 2013 12:21:20 +1300
Received: from UXCN10-TDC06.UoA.auckland.ac.nz ([169.254.11.216]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.03.0158.001; Wed, 27 Nov 2013 12:21:19 +1300
From: Peter Gutmann <p.gutmann@auckland.ac.nz>
To: Phillip Hallam-Baker <hallam@gmail.com>, Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Should we support static RSA in TLS 1.3?
Thread-Index: Ac7q/jW+EoVJ3ZD2RM+RRywywwkWPA==
Date: Tue, 26 Nov 2013 23:21:18 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C736541CBEF@uxcn10-tdc06.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] Should we support static RSA in TLS 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2013 23:21:28 -0000
Phillip Hallam-Baker <hallam@gmail.com> writes: >The goal here is not so much forward secrecy as to increase the work factor >for an attacker. We have been considering short lived certs as a mechanism >for addressing the revocation issue for some time. Generating a new cert with >a different key each time does not increase the effort a great deal if it is >thought about at the start. There's been an RFC draft for this around pretty much forever, specifically: Some years ago I proposed a simple extension to X.509 to allow users to issue their own encryption certificates which they could renew and roll over as required. This means that it's no longer necessary to ask a CA for permission to encrypt data, keys can be rolled over regularly at no cost, and if a key is compromised it can be quickly replaced. This proposal was rejected by the PKIX working group with the comment that "we don't want to turn X.509 into PGP". http://www.cs.auckland.ac.nz/~pgut001/pubs/autonomous.txt So it's pretty straightforward to do, the only thing is that it couldn't be done by the PKIX working group, or whatever undead zombie form it's currently continuing as. Peter.
- [TLS] Should we support static RSA in TLS 1.3? Eric Rescorla
- Re: [TLS] Should we support static RSA in TLS 1.3? Phillip Hallam-Baker
- Re: [TLS] Should we support static RSA in TLS 1.3? Geoffrey Keating
- Re: [TLS] Should we support static RSA in TLS 1.3? Watson Ladd
- Re: [TLS] Should we support static RSA in TLS 1.3? Eric Rescorla
- Re: [TLS] Should we support static RSA in TLS 1.3? Watson Ladd
- Re: [TLS] Should we support static RSA in TLS 1.3? Eric Rescorla
- Re: [TLS] Should we support static RSA in TLS 1.3? Eric Rescorla
- Re: [TLS] Should we support static RSA in TLS 1.3? Manuel Pégourié-Gonnard
- Re: [TLS] Should we support static RSA in TLS 1.3? Andy Lutomirski
- Re: [TLS] Should we support static RSA in TLS 1.3? Geoffrey Keating
- Re: [TLS] Should we support static RSA in TLS 1.3? Andy Lutomirski
- Re: [TLS] Should we support static RSA in TLS 1.3? Phillip Hallam-Baker
- Re: [TLS] Should we support static RSA in TLS 1.3? Marsh Ray
- Re: [TLS] Should we support static RSA in TLS 1.3? Peter Gutmann