Re: [TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3

Eric Rescorla <ekr@rtfm.com> Mon, 05 May 2014 17:49 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 741291A041E for <tls@ietfa.amsl.com>; Mon, 5 May 2014 10:49:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y4NySKGe4Saq for <tls@ietfa.amsl.com>; Mon, 5 May 2014 10:49:35 -0700 (PDT)
Received: from mail-wg0-f46.google.com (mail-wg0-f46.google.com [74.125.82.46]) by ietfa.amsl.com (Postfix) with ESMTP id 669C81A041C for <tls@ietf.org>; Mon, 5 May 2014 10:49:35 -0700 (PDT)
Received: by mail-wg0-f46.google.com with SMTP id n12so5956271wgh.5 for <tls@ietf.org>; Mon, 05 May 2014 10:49:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=QmcU4O4AGZtnGbOOJlrgfCLBwxzQH2YjOC5HWCWulKI=; b=ezMF5ywZ2s6y/XMCwjuCMVfBCqDPsVSADhvsdSvetwg02YSZSbJXSzmj317r0gymJ/ sF8yGtjq0TxBMf9/7KXZpsenX1uhVcEfMJ4MUjYF4Q5+3jVFRKguqIvfM/GVTuPdAszL 5NYPoY5rnmT7Phx87tr/BKRXm3abE4dr3EXtKesqdwprE2SSJoy28HidXYHnHc85zrk/ 7IcSteeipe0hUCr/chuENyTzZrsJIa0PW7r5kK4DgjTiYifH9eQPQ82WYM6azYaAd4I3 68OOqtKH0kfnQ53RyHR83KZCF/VCl9C5bGp2Fd8WePZKn7h4I01i/A7/6Ct7K/K49QNW R7lA==
X-Gm-Message-State: ALoCoQkBTCWja/ckcBf1g75bWdQcBf4qf+rvkkQ4Z1KBbqwWlalFKpv1BFmWqCZEoY1yF3cHRz2A
X-Received: by 10.194.187.107 with SMTP id fr11mr2857955wjc.70.1399312171520; Mon, 05 May 2014 10:49:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Mon, 5 May 2014 10:48:51 -0700 (PDT)
X-Originating-IP: [63.245.221.34]
In-Reply-To: <20140505174614.GA26839@roeckx.be>
References: <AD51D38F-2CFE-4277-854D-C0E56292A336@cisco.com> <277ABA2E-FA8C-4927-9522-06E8907C28EB@cisco.com> <CABcZeBOb-ym7+TrRmfasuyJJ6BVNbQB96jqqBOGZr+YPG-NBWA@mail.gmail.com> <1399274903.2312.6.camel@dhcp-2-127.brq.redhat.com> <20140505170029.GA24821@roeckx.be> <CABcZeBO_Yg+2UyvvDt7ah0gH7RFadAVt64M1ui1ok0+zNyg=iw@mail.gmail.com> <20140505174614.GA26839@roeckx.be>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 5 May 2014 10:48:51 -0700
Message-ID: <CABcZeBNNGYJQLS23iS1M5Jn8GNDmOQz-+VYGUK30P0i7pqpzLw@mail.gmail.com>
To: Kurt Roeckx <kurt@roeckx.be>
Content-Type: multipart/alternative; boundary=047d7bb03f60e9e18904f8aac0af
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/VhE6pe_I9FMp4ks1QW2l355JEnA
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 17:49:38 -0000

On Mon, May 5, 2014 at 10:46 AM, Kurt Roeckx <kurt@roeckx.be> wrote:

> On Mon, May 05, 2014 at 10:23:37AM -0700, Eric Rescorla wrote:
> > You're probably thinking of:
> > http://tools.ietf.org/html/draft-gillmor-tls-negotiated-dl-dhe-02
> >
> > This seems like a reasonable kind of thing for the WG to
> > consider, but my impression was that the WG consensus
> > was to remove static RSA unconditionally. Certainly, it would
> > be reasonable to argue that we should address this issue prior
> > to final publication, however.
>
> I'm not sure what you mean with "static RSA".  It's my
> understanding that this proposal is about removing the RSA key
> exchange and only using something like DHE and ECDHE.


Correct. I mean "RSA key exchange". My point was that my impression of
WG consensus was that we were to remove RSA key exchange regardless
of the fate of Daniel's draft.



>  That draft
> would still be valid and useful if RSA key exchanges are dropped.


Yes, I agree. I'm merely saying that I don't think it's a precondition to
merging this pull request.

-Ekr


>
>
> Kurt
>
>