Re: [TLS] Ala Carte Cipher suites - was: DSA should die

Brian Smith <brian@briansmith.org> Tue, 14 April 2015 00:46 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C8BE1A8758 for <tls@ietfa.amsl.com>; Mon, 13 Apr 2015 17:46:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3-y7BkupvbPp for <tls@ietfa.amsl.com>; Mon, 13 Apr 2015 17:46:08 -0700 (PDT)
Received: from mail-vn0-f48.google.com (mail-vn0-f48.google.com [209.85.216.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D1971A1ACA for <tls@ietf.org>; Mon, 13 Apr 2015 17:46:08 -0700 (PDT)
Received: by vnbf62 with SMTP id f62so25666407vnb.3 for <tls@ietf.org>; Mon, 13 Apr 2015 17:46:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=zh+1zXN0SSfMleeTCSjJOBcr9gawYpUVs4qLp911ghQ=; b=UTwijrh8bFhQUqWRYxQsUj3UOl12uG09awS2ve6O3OIUPn26BRYmVBIwlVNrrlj7Jd Z9IdfImhvwKnDTfxG62f2fOgTflb1LnKADvskHHwKJEfUSFUs31ypDh9vEoAr5e6oQaE 977bdmRn1vfUAqgKNipygegycIRmtpjzWjVG3cRgUnIHGtgo18228HmkoKQYuGG0Xxu+ AKahOwEiMgf0zpgtzjxoH19/z1yI4B1yl0Ie8D5JAgNW9r8VHfnmH1ePPKjf1M29eIi3 4JabPguW6/3DT9QI3WZrTprAMavkVWHTq9Bo+HwupJjjYK5999CZlRQa49y1d28e+Fs6 RTVA==
X-Gm-Message-State: ALoCoQn3gaJ9sDswK0jc5StSIlb8KgxrONG0oJbEYRhydif6VbgNeRawBCqC4BF5xjos9Schb7yL
MIME-Version: 1.0
X-Received: by 10.60.160.236 with SMTP id xn12mr14372054oeb.53.1428972367053; Mon, 13 Apr 2015 17:46:07 -0700 (PDT)
Received: by 10.76.20.146 with HTTP; Mon, 13 Apr 2015 17:46:06 -0700 (PDT)
In-Reply-To: <20150414003658.GB17637@mournblade.imrryr.org>
References: <CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com> <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com> <201504021257.09955.davemgarrett@gmail.com> <CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com> <551DE914.4010804@nthpermutation.com> <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com> <CABkgnnXoBmSfoK5Ht5x7jqf3zGB-mDntcVRMVzKgr2wfsixgNg@mail.gmail.com> <m2r3rnzqfi.fsf@localhost.localdomain> <AAC2BF7D-C528-42A0-8BAD-74CA451DAEBE@gmail.com> <m2mw2bzkkk.fsf@localhost.localdomain> <20150414003658.GB17637@mournblade.imrryr.org>
Date: Mon, 13 Apr 2015 14:46:06 -1000
Message-ID: <CAFewVt6reXUOZ+dg6Hvy72XisJLQkGb-TSgL4YSbfRVxoa8NPQ@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/fQbQ6ts6g7feFl0z9TODCoRUJJ0>
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2015 00:46:09 -0000

Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> So a key question is whether policies that rule out various corners
> of the product space are legitimately required???

One example: Firefox intentionally enabled
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 without enable the the TLS_RSA_*
or TLS_DHE_* variants, partly to encourage people to move away from
TLS_DHE and especially TLS_RSA key exchange, and partly because of
security concerns regarding TLS_DHE and TLS_RSA key exchange. It
wasn't able to disable all TLS_DHE_* and TLS_RSA_* cipher suites for
compatibility reasons.

TLS_RSA_* cipher suites won't be allowed in TLS 1.3 and later, but I
think the need to be able to support only a subset of the cross
product of all options will remain going forward as attacks against
current (TLS 1.3 approved) algorithms improve and as replacements for
current algorithms are developed.

Cheers,
Brian