Re: [TLS] Ala Carte Cipher suites - was: DSA should die

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 08 April 2015 03:00 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 513781B2C13 for <tls@ietfa.amsl.com>; Tue, 7 Apr 2015 20:00:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OnYObJysvPz9 for <tls@ietfa.amsl.com>; Tue, 7 Apr 2015 20:00:55 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 181821B2C11 for <tls@ietf.org>; Tue, 7 Apr 2015 20:00:55 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 7F1EA283031; Wed, 8 Apr 2015 03:00:54 +0000 (UTC)
Date: Wed, 8 Apr 2015 03:00:54 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150408030054.GI17637@mournblade.imrryr.org>
References: <20150401201221.163745c2@pc1.fritz.box> <CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com> <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com> <201504021257.09955.davemgarrett@gmail.com> <CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com> <551DE914.4010804@nthpermutation.com> <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com> <54c69c7ac7074ba8a2e71734843bf106@ustx2ex-dag1mb2.msg.corp.akamai.com> <CAHOTMV+j2VECFme_iizE_9UnPfebSGETnfx0Cwv7BZQ-Oc902w@mail.gmail.com> <m2oamzwmfl.fsf@tereva.kendall.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <m2oamzwmfl.fsf@tereva.kendall.corp.akamai.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/fB0gLGGbA76Xy0saO1Ib_qjW6Bs>
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 03:00:56 -0000

On Tue, Apr 07, 2015 at 07:25:34PM -0400, Brian Sniffen wrote:

> Lots of them, and terrible mistakes.  For example, the OpenSSL
> configuration language encourages selections like:
> 
> HIGH
> TLSv1:SSLv3:-EDH:-ADH:-NULL:@STRENGTH
> TLSv1:SSLv3:HIGH:-SSLv2:-MEDIUM:-LOW

The problem is that this attempts to mix choices along multiple
axes into a single list.  Very few people understand this oranges
and apples interface.

If each setting just expressed preferences along a single axis,
the interface would be much simpler.

This is why the wire format should avoid combining independent
choices, that way the user's preferences for any given apples to
apples comparison can be expressed without change on the wire.

Otherwise one has to make trade-offs that try to decide whether
ECDHE with AES128 is better than DHE with AES256?  And similar
imponderables.

So I would go further and urge a full decomposition, not just
handshake vs. bulk crypto.

-- 
	Viktor.