Re: [TLS] Ala Carte Cipher suites - was: DSA should die

Tony Arcieri <bascule@gmail.com> Tue, 07 April 2015 06:18 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43ED01A0177 for <tls@ietfa.amsl.com>; Mon, 6 Apr 2015 23:18:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E9h6VvGZzLxu for <tls@ietfa.amsl.com>; Mon, 6 Apr 2015 23:18:32 -0700 (PDT)
Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com [IPv6:2607:f8b0:4003:c01::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8ED81A0171 for <tls@ietf.org>; Mon, 6 Apr 2015 23:18:32 -0700 (PDT)
Received: by obbgh1 with SMTP id gh1so71926395obb.1 for <tls@ietf.org>; Mon, 06 Apr 2015 23:18:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=nl1Dne62LeXwviU7DGY832KbNABOMn4C+MJNqOsgEi0=; b=0Qy7gHWWmwxRw8WWOMLnvYlCo2auwgZbSJf9WE1Lqgp3EC7SAwtu8LoWidNXWwP9Mh HNeMq2kmbs8ZUQ4CBtEjoq5KkWe9MALZ4Av2XmVLTv6VkyVKeJjBm6rj6cVwpjReV4IM Ve0IOw8zlzWattXnN4V4Aaa0iqpqjjxAvUtT8cvJjb7so+GIGLX85p+90Cxt/n0Fe9qp QsjML2kIZvhEA+sf1KDDcrFhRLN2esEucLWYmrPKRCgnJXgzqkZy+ny0Dku3R/gjHC88 NpD37c22ByetLJHTY0Xzm3AABgi5aJhs6i/JL1b1MqPcdE7isi2GOldWQvhCq5QjX3dD OeWQ==
X-Received: by 10.182.46.129 with SMTP id v1mr23246786obm.22.1428387512245; Mon, 06 Apr 2015 23:18:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.166.232 with HTTP; Mon, 6 Apr 2015 23:18:12 -0700 (PDT)
In-Reply-To: <CAFewVt4OB1fHEytDnrnWgZfpwoLxTqjNFs1bK2LputxAmz8p+w@mail.gmail.com>
References: <20150401201221.163745c2@pc1.fritz.box> <CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com> <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com> <201504021257.09955.davemgarrett@gmail.com> <CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com> <551DE914.4010804@nthpermutation.com> <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com> <54c69c7ac7074ba8a2e71734843bf106@ustx2ex-dag1mb2.msg.corp.akamai.com> <CAHOTMV+j2VECFme_iizE_9UnPfebSGETnfx0Cwv7BZQ-Oc902w@mail.gmail.com> <CAFewVt4OB1fHEytDnrnWgZfpwoLxTqjNFs1bK2LputxAmz8p+w@mail.gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Mon, 6 Apr 2015 23:18:12 -0700
Message-ID: <CAHOTMVJG_uDj5P6D0C_P=mp-Zi-msFj84WR+L1yYGJ0NNjFJpA@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Content-Type: multipart/alternative; boundary=001a11c1d9d244e3af05131c627c
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/XmIWLFkUP-tMduy76j9A8MvzFjM>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2015 06:18:34 -0000

On Mon, Apr 6, 2015 at 10:51 PM, Yoav Nir <ynir.ietf@gmail.com> wrote:

> This is about UI, not about wire format.
>

On Mon, Apr 6, 2015 at 11:09 PM, Brian Smith <brian@briansmith.org> wrote:

> As far as I understand, that problem doesn't have much to do with the
> syntax of cipher suites in the ClientHello, because that problem is
> about describing to your web server software which cipher suites to
> enable on the server.


I think some are trying to argue that the problem is deeper than just the
user interface, but you're both correct in saying that's where the problem
starts.

-- 
Tony Arcieri