[TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Wed, 26 March 2014 18:43 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id DF93E1A03A0 for <tls@ietfa.amsl.com>; Wed, 26 Mar 2014 11:43:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.511
X-Spam-Status: No, score=-9.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id vHKhnKPgt9-G for <tls@ietfa.amsl.com>; Wed, 26 Mar 2014 11:43:26 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com []) by ietfa.amsl.com (Postfix) with ESMTP id 790311A038B for <tls@ietf.org>; Wed, 26 Mar 2014 11:43:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=704; q=dns/txt; s=iport; t=1395859400; x=1397069000; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=cBqW6H3BDwbKcz1uWGhvIORKR3xe8h6n8QOZZ7OLcFQ=; b=j2YsuFKOBKd2np+0jY6S3PFn2740gb+lYyaMgL9pTcJtTLrr1gvfMGec gK7kQLDIqSxdBrRiHA7ya7RheCfMfGbglqiD+iqvtnomygXo0HSJXM4sT nOHpUQdngsJoiZbzcIGYNNvqobJKWGW+b2we8MeMRZ2QPSZjImrCCTuXB w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnsFAEQfM1OtJXG9/2dsb2JhbABZgwaBEsQSFnSCLDpRAT5CJwSIDJ8ZsWwXjg6EDoEUBJhNkjODLoIr
X-IronPort-AV: E=Sophos;i="4.97,737,1389744000"; d="scan'208";a="30598729"
Received: from rcdn-core2-2.cisco.com ([]) by alln-iport-1.cisco.com with ESMTP; 26 Mar 2014 18:43:19 +0000
Received: from xhc-aln-x12.cisco.com (xhc-aln-x12.cisco.com []) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id s2QIhJF4006072 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <tls@ietf.org>; Wed, 26 Mar 2014 18:43:19 GMT
Received: from xmb-rcd-x09.cisco.com ([]) by xhc-aln-x12.cisco.com ([]) with mapi id 14.03.0123.003; Wed, 26 Mar 2014 13:43:19 -0500
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Confirming Consensus on removing RSA key Transport from TLS 1.3
Thread-Index: AQHPSSNBHMLaOP6B/EejoHSZ5uWtRg==
Date: Wed, 26 Mar 2014 18:43:18 +0000
Message-ID: <AD51D38F-2CFE-4277-854D-C0E56292A336@cisco.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3303029BC3BA0B41926C1DFE594B5C00@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/f7WVUwsTe5ACGhIPxXe3BSlvI3M
Subject: [TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Mar 2014 18:43:28 -0000

TLS has had cipher suites based on RSA key transport (aka "static RSA", TLS_RSA_WITH_*) since the days of SSL 2.0.   These cipher suites have several drawbacks including lack of PFS, pre-master secret contributed only by the client, and the general weakening of RSA over time.  It would make the security analysis simpler to remove this option from TLS 1.3.  RSA certificates would still be allowed, but the key establishment would be via DHE or ECDHE.  The consensus in the room at IETF-89 was to remove RSA key transport from TLS 1.3.  If you have concerns about this decision please respond on the TLS list by April 11, 2014.


[Speaking for the TLS chairs]