Re: [TLS] I-D Action: draft-ietf-tls-rfc4492bis-00.txt

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 02 December 2014 17:41 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FECB1A1EEA for <tls@ietfa.amsl.com>; Tue, 2 Dec 2014 09:41:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_71=0.6] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cIOApGVL3ISM for <tls@ietfa.amsl.com>; Tue, 2 Dec 2014 09:41:18 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC0881A6FBB for <tls@ietf.org>; Tue, 2 Dec 2014 09:40:34 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 7458A282FD0; Tue, 2 Dec 2014 17:40:33 +0000 (UTC)
Date: Tue, 02 Dec 2014 17:40:33 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20141202174033.GW285@mournblade.imrryr.org>
References: <20141202132629.8023.24760.idtracker@ietfa.amsl.com> <547DC339.80800@streamsec.se>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <547DC339.80800@streamsec.se>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/_etXW0RypDFAH2g-LxSPogVCLW4
Subject: Re: [TLS] I-D Action: draft-ietf-tls-rfc4492bis-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 17:41:19 -0000

On Tue, Dec 02, 2014 at 02:48:41PM +0100, Henrick Hellstr?m wrote:

>    Server implementations SHOULD support all of the following cipher
>    suites, and client implementations SHOULD support at least one of
>    them:
> 
>    o  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
>    o  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
>    o  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
>    o  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA.
> 
> Isn't this recommendation problematic? I don't think it is very common for
> servers to have more than one certificate, and a server can't support all
> four of these cipher suites, unless it has both one RSA certificate and one
> EC certificate.

Given the far from universal support for ECDSA by clients, a server
that wants to use ECDSA when possible, but still wants to interoperate
with more than just a select few clients really SHOULD have both
ECDSA and RSA certificates.

The main reason it is not common for servers to have more than one
certificate is that generally they have only RSA certificates,
which have (practically) universal support.

For what it is worth, Postfix (via OpenSSL) supports simultaneous
deployment of both RSA and ECDSA keys/certs.  In the near to medium
term, any server that wants to deploy ECDSA should also deploy RSA,
to avoid interoperability issues with a sizeable fraction of clients.

-- 
	Viktor.