Re: [TLS] Does anyone still want dh_rsa and dh_dss?
Dan Brown <dbrown@certicom.com> Thu, 26 June 2014 18:10 UTC
Return-Path: <dbrown@certicom.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 371911B2CBC for <tls@ietfa.amsl.com>; Thu, 26 Jun 2014 11:10:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ArzLw4YWuSVq for <tls@ietfa.amsl.com>; Thu, 26 Jun 2014 11:10:17 -0700 (PDT)
Received: from smtp-p02.blackberry.com (smtp-p02.blackberry.com [208.65.78.89]) by ietfa.amsl.com (Postfix) with ESMTP id 21D811B2DC1 for <tls@ietf.org>; Thu, 26 Jun 2014 10:54:05 -0700 (PDT)
Received: from xct101cnc.rim.net ([10.65.161.201]) by mhs214cnc.rim.net with ESMTP/TLS/AES128-SHA; 26 Jun 2014 13:54:03 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT101CNC.rim.net ([fe80::9c22:d9c:c906:c488%16]) with mapi id 14.03.0174.001; Thu, 26 Jun 2014 13:54:01 -0400
From: Dan Brown <dbrown@certicom.com>
To: "'ekr@rtfm.com'" <ekr@rtfm.com>, "'tls@ietf.org'" <tls@ietf.org>
Thread-Topic: [TLS] Does anyone still want dh_rsa and dh_dss?
Thread-Index: AQHPkVv4Ug/SyRRqGUmFANIGryOLJpuDqTCw
Date: Thu, 26 Jun 2014 17:54:01 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF5CAA8F2@XMB116CNC.rim.net>
References: <CABcZeBMcG3ppe-Z0vgJTBMCf+kNwrzsHzv9-O2Wre0DAT8TF8Q@mail.gmail.com>
In-Reply-To: <CABcZeBMcG3ppe-Z0vgJTBMCf+kNwrzsHzv9-O2Wre0DAT8TF8Q@mail.gmail.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.160.249]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_00F8_01CF9146.15A951B0"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/h1nvbBPdK7KGa6LuE8ERvBY2uAU
Subject: Re: [TLS] Does anyone still want dh_rsa and dh_dss?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 18:10:19 -0000
>From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Eric Rescorla > > It seems like the arguments for removing static >RSA apply even more strongly here. I agree in that client auth + static DH is weaker than client auth + static RSA, because the former is vulnerable to key-compromise impersonation (KCI). I mentioned KCI a while back on this list, but forgot to add that it depends on client auth.
- [TLS] Does anyone still want dh_rsa and dh_dss? Eric Rescorla
- Re: [TLS] Does anyone still want dh_rsa and dh_ds… Yoav Nir
- Re: [TLS] Does anyone still want dh_rsa and dh_ds… Adam Langley
- Re: [TLS] Does anyone still want dh_rsa and dh_ds… Dan Brown
- Re: [TLS] Does anyone still want dh_rsa and dh_ds… Michael StJohns
- Re: [TLS] Does anyone still want dh_rsa and dh_ds… Eric Rescorla
- Re: [TLS] Does anyone still want dh_rsa and dh_ds… Watson Ladd
- Re: [TLS] Does anyone still want dh_rsa and dh_ds… Bodo Moeller
- Re: [TLS] Does anyone still want dh_rsa and dh_ds… Steve Checkoway
- Re: [TLS] Does anyone still want dh_rsa and dh_ds… Juho Vähä-Herttua