[TLS] Deprecating FFDHE + RSA Key Exchange
Nimrod Aviram <nimrod.aviram@gmail.com> Tue, 06 April 2021 09:27 UTC
Return-Path: <nimrod.aviram@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id A43FB3A18AD
for <tls@ietfa.amsl.com>; Tue, 6 Apr 2021 02:27:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ZYXwNRuvFNVr for <tls@ietfa.amsl.com>;
Tue, 6 Apr 2021 02:27:26 -0700 (PDT)
Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com
[IPv6:2607:f8b0:4864:20::f34])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id EA6383A18AC
for <tls@ietf.org>; Tue, 6 Apr 2021 02:27:25 -0700 (PDT)
Received: by mail-qv1-xf34.google.com with SMTP id u3so4625390qvj.8
for <tls@ietf.org>; Tue, 06 Apr 2021 02:27:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=94X5GnFnYP9AsYY0339UgmbGRlWXOBF8cyNCl1Dl7Es=;
b=T1v24lCNP3xPDGfLmvD1+WsvWhgABRghTpxIjTEUwAoN5RfFSGCuu8o+lwd8S4r+/Q
oA9vcJl1atpG+z4fcQtBFzbxjkhvI6B9KdqKeF08OxwnCeXEQSdMsiY7XJT7n9zEcRRH
Gy3Hwts/+GK+yAJVD3ghTkw5xd8NaIkWRvp3X6MnsYiCF0Sxuc1Bgc+YnWswB+WepokB
jQYNZuc3/vPrv409KLZAZIDiVM5tfMAwOn83z2gXEp4mWDb3u3jGvGInJOhpgkDOzTH4
3MiVH//++42x3n9qPLSUd2RKkFF1WOhhUinwyvkObdONM8uh8OrNP2XkEZGxXBSpxTUi
liDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=94X5GnFnYP9AsYY0339UgmbGRlWXOBF8cyNCl1Dl7Es=;
b=lg3uni4xDaC72N+ZyO6/c1TRJk6Lna/msgvS+KgbI758JuVDKUz3Rd4X/9be5av5NY
KnIHzV0+mrSBaiOrwMebZKslj+FXS4W5Rzrgz1jqjozSmsTkVeOWWGpKXCYC1UvVaRMf
8ILT0ed+gsGKz9/e97ycHqeaLntyb8SLPTYVB77A9UL8TJmsxTXslmtvrF0dQV4YtKD2
qqA/nixrBlPtHAfKiz+Z5BEm0Vdx21yOCFsx/83w2j9nsr+iaFzB5Xsr9s9KwSyYEh4Z
lhQ/B3570QsC8SnOll058VAYG4b5MsfTCvKY3C/4F782745ltZ6k+Sknn9TCTadBvxG2
7MfQ==
X-Gm-Message-State: AOAM532ATVRO0xUvCucF5ZVi6Ibcu0tT5iYIcjwce0dOpWCmQcvpF3UX
mBMlSuvCsd0xHzoeMzrmh9cJLRhDsAnzpybSrCpawNQxTU9HVg==
X-Google-Smtp-Source: ABdhPJzf+4yAYwOV1A23TlW8ph00Yq/TfUfubHIdn6bkRzWCe0q19NGldqxierKhpAJM6prA+CwhHl6cVMwPOFrx1Vs=
X-Received: by 2002:a05:6214:2402:: with SMTP id
fv2mr5007370qvb.40.1617701243105;
Tue, 06 Apr 2021 02:27:23 -0700 (PDT)
MIME-Version: 1.0
From: Nimrod Aviram <nimrod.aviram@gmail.com>
Date: Tue, 6 Apr 2021 12:27:12 +0300
Message-ID: <CABiKAoTBTcRGvQyFF5GAUGDu3pu-Cc_S3U4nnafpjx6vGVHodA@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f2b7c205bf4a6ba7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XVuFzKyGr0b0y1HaqsnETPDnDD4>
Subject: [TLS] Deprecating FFDHE + RSA Key Exchange
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2021 09:27:28 -0000
Dear all, Following the discussion around draft-bartle-tls-deprecate-ffdhe, what are your thoughts on deprecating RSA key exchange, and Finite-Field Diffie-Hellman? (This would probably happen in a separate document.) Considering the following different areas/use cases: 1. On the open Internet/web, both key exchange methods have been superseded by ECDH. Browser support for FFDHE has been entirely removed IIUC, so formally deprecating FFDHE should not be a problem (right?). Are there any reasons to avoid deprecating FFDHE and RSA on the open Internet? 2. On local networks, deprecating both key exchange methods may leave some endpoints without any key exchange algorithms. Could you please give feedback on the following: a. Is the number of such endpoints large enough that we shouldn’t deprecate these methods? b. If the answer to the above is yes, what would be a good plan/timeline to deprecate them? We could also consider limiting FFDHE to well-known groups of at least 2048 bits, with fully ephemeral secrets. But this would likely cause enough interoperability problems that we might as well deprecate it fully, right? thanks, Nimrod
- [TLS] Deprecating FFDHE + RSA Key Exchange Nimrod Aviram
- Re: [TLS] Deprecating FFDHE + RSA Key Exchange Blumenthal, Uri - 0553 - MITLL