Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx
Nico Williams <nico@cryptonector.com> Thu, 13 March 2014 05:02 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 473FC1A0800 for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 22:02:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.744
X-Spam-Level:
X-Spam-Status: No, score=-0.744 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qnXW9bZValhC for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 22:02:26 -0700 (PDT)
Received: from homiemail-a113.g.dreamhost.com (agjbgdcfdbfc.dreamhost.com [69.163.253.152]) by ietfa.amsl.com (Postfix) with ESMTP id 6A69D1A03A5 for <tls@ietf.org>; Wed, 12 Mar 2014 22:02:26 -0700 (PDT)
Received: from homiemail-a113.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a113.g.dreamhost.com (Postfix) with ESMTP id D975A2005D109 for <tls@ietf.org>; Wed, 12 Mar 2014 22:02:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=miRupZy/kKWFL1hk1f1Skfcsprw=; b=oZi+wMRtDHB 7STm5BqjeWViN6v2YxX36AjGcC/IKDN/NZAMifYR5k6/J3WmrQQw/4MF7s//dtgO kl757I2NW6Qa7DRVSiDhtEYyRtFyNjuP+EC05mb79evINnkuDFgOY6i7xYoR0jlW bhUscfdQAlFUCJD8Iv95l1MdC6pqIx0s=
Received: from mail-wg0-f49.google.com (mail-wg0-f49.google.com [74.125.82.49]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a113.g.dreamhost.com (Postfix) with ESMTPSA id 8A46D2005D107 for <tls@ietf.org>; Wed, 12 Mar 2014 22:02:19 -0700 (PDT)
Received: by mail-wg0-f49.google.com with SMTP id a1so384111wgh.32 for <tls@ietf.org>; Wed, 12 Mar 2014 22:02:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=4glntL2q8fFbX1BE819E/5fIhX+Qz+jGubVGssIUx6Q=; b=Z2Ia2EPhQ/IDgqIgnEP4hnCjmDL6V/IF7cpIFSjlgARlhFPobb1xlWBXqLZobPjgFO zqe1nYyIvqAbWUNnikMZOjjBWGS/+hWUOy+piACuET2voEf0JVqo8amEgAdc9MG2+OcQ iNx55OR4QiYz1bdOPI7aBbWomw/aQpuB0+3rYtKWMjeAeYpI8o5fvenowOaylczo+Y1I 1jVe7CeZYOUEF0WUVhqmSXAHE48CupYqiK/KwSPzCIbLVslIIfersRWG195oRk2XLL1E GTh/chkrMsfbBh/sarQKlCobsP5M/OSREJ7Uv2ttt7S9siXTvhKZlRBCPlg1M7bcn92C uORw==
MIME-Version: 1.0
X-Received: by 10.180.98.35 with SMTP id ef3mr10599435wib.39.1394686938393; Wed, 12 Mar 2014 22:02:18 -0700 (PDT)
Received: by 10.216.199.6 with HTTP; Wed, 12 Mar 2014 22:02:18 -0700 (PDT)
In-Reply-To: <532024EF.4060607@polarssl.org>
References: <CAK3OfOgw70LVQsykxNZSH9+4Dn2inBTx0q0KrvujS1LOY1i9tg@mail.gmail.com> <532024EF.4060607@polarssl.org>
Date: Thu, 13 Mar 2014 00:02:18 -0500
Message-ID: <CAK3OfOiyVqett-bQ4Eta3MLFQSVkR_z2qPRow7C2bNxCoSNxbQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Manuel Pégourié-Gonnard <mpg@polarssl.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/S6wb5wD72qR0V4FcuHLDcgo_GdU
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Mar 2014 05:02:27 -0000
On Wed, Mar 12, 2014 at 4:12 AM, Manuel Pégourié-Gonnard <mpg@polarssl.org> wrote: > On 03/11/2014 11:49 PM, Nico Williams wrote: >> This is a big problem for anything that wants to do opportunistic TLS >> (e.g., MTAs, like Postfix). >> > Sorry if I'm missing something obvious, but why would ECDH_anon be a requirement > for opportunistic TLS? Can't we just use certificates and not validate them? > > Or are you rather interested in the performance gain of ECDH_anon over > authenticated and forward-secure key exchanges? Just because a client and server negotiated an anon ciphersuite does NOT mean that they won't authenticate each other. For example: - the client might initiate renegotiation to send an SNI and get an appropriate server certificate, - or the client might use application-layer authentication with channel binding. Or maybe not authenticating each other is fine and then -yes- ECDH performance will be appealing. In the SMTP case when there's no TLSA RRs in the DNS for the server and the server has no certificates, the client may prefer to use anon DH/ECDH. Considering that e-mail has historically had very poor privacy protection, that would be a huge step up. But today an SMTP client can't get high-performance ECDH and AEAD ciphers :( Nico --
- [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_G… Nico Williams
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Manuel Pégourié-Gonnard
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Daniel Kahn Gillmor
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Alyssa Rowan
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Alexandre Anzala-Yamajako
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Yoav Nir
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Peter Gutmann
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Nico Williams
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Alyssa Rowan
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Yaron Sheffer
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Nico Williams
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Martin Rex
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Yaron Sheffer
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Nico Williams
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Nico Williams
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Kurt Roeckx
- Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_x… Peter Gutmann