IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-rfc4492bis-00.txt

Henrick Hellström <henrick@streamsec.se> Tue, 02 December 2014 17:06 UTC

Return-Path: <henrick@streamsec.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BA241A6EDE for <tls@ietfa.amsl.com>; Tue, 2 Dec 2014 09:06:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.649
X-Spam-Level:
X-Spam-Status: No, score=0.649 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0-fWi9xMpN3 for <tls@ietfa.amsl.com>; Tue, 2 Dec 2014 09:06:13 -0800 (PST)
Received: from vsp9.ballou.se (vsp9.ballou.se [91.189.40.105]) by ietfa.amsl.com (Postfix) with SMTP id C282C1A1EFE for <tls@ietf.org>; Tue, 2 Dec 2014 09:05:39 -0800 (PST)
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp9.ballou.se (Halon Mail Gateway) with ESMTP; Tue, 2 Dec 2014 18:05:37 +0100 (CET)
Received: from [192.168.0.195] (c-21cfe555.06-134-73746f39.cust.bredbandsbolaget.se [85.229.207.33]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id 6299A1DE89; Tue, 2 Dec 2014 18:05:37 +0100 (CET)
Message-ID: <547DF15C.4060804@streamsec.se>
Date: Tue, 02 Dec 2014 18:05:32 +0100
From: Henrick Hellström <henrick@streamsec.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Manuel Pégourié-Gonnard <mpg@polarssl.org>, tls@ietf.org
References: <20141202132629.8023.24760.idtracker@ietfa.amsl.com> <547DC339.80800@streamsec.se> <547DCDF3.2000206@polarssl.org>
In-Reply-To: <547DCDF3.2000206@polarssl.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/TsoxbwdIo8AGz4xvoOvOghohw_c
Subject: Re: [TLS] I-D Action: draft-ietf-tls-rfc4492bis-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 17:06:15 -0000

On 2014-12-02 15:34, Manuel Pégourié-Gonnard wrote:
> I think this is not a problem since the text is about server_implementations_
> not actual server deployment.

Well, it is a problem if the standard allows fully conformant clients to 
only support cipher suites that require the server to choose RSA 
certificates, because that rules out conformant servers to be deployed 
with only EC certificates.


> I'm more concerned about the choice of ECDH as opposed to ECDHE for the first
> two ciphersuites.

Good point.

v2.23.0 | Report a Bug | By Email