Re: [TLS] WG adoption + early code point assignment: draft-mavrogiannopoulos-chacha-tls

Yoav Nir <ynir.ietf@gmail.com> Tue, 23 June 2015 20:22 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A52C1B3086 for <tls@ietfa.amsl.com>; Tue, 23 Jun 2015 13:22:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JkMFTuTZYf7Q for <tls@ietfa.amsl.com>; Tue, 23 Jun 2015 13:22:07 -0700 (PDT)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73CCE1B3081 for <tls@ietf.org>; Tue, 23 Jun 2015 13:22:07 -0700 (PDT)
Received: by wicnd19 with SMTP id nd19so116397226wic.1 for <tls@ietf.org>; Tue, 23 Jun 2015 13:22:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fSqAXw4rsGdfyotqixQHud5WVQhSxULzrLNX42Yx+JI=; b=sGEDV6sskbhZgYf0HUMKAYxvYp0XJ1dDM0B267n6KhJkzAY3zhDkBWUyxE9fa23teh htoySc3EfF9wnc7xCZn+Aket/IsEq7yVEwEu1u3pfnHdZA7m918Mpkb8lwWqTkoWAmT4 Jbm0algBeYYAVgKPjhQzas1EvlAl1OPDCq+qJ2Hayp/lbyAHBMDFuuTHjaNA7FaCoxIP dp9dXdyasK40LgiEy2Cex562cd2Oh8WwvyMYGKF0rAe3fyB8NpaF6jTVtXX70NOCqG6n R3XPXA4d9AsMaJeTEgIOc+PnTdelVAkpoLa47COrZF3ApL06dypA6YlMELgL6pMrFSz9 mzag==
X-Received: by 10.194.179.167 with SMTP id dh7mr63248564wjc.15.1435090926199; Tue, 23 Jun 2015 13:22:06 -0700 (PDT)
Received: from [192.168.1.17] ([46.120.13.132]) by mx.google.com with ESMTPSA id ha4sm925791wib.0.2015.06.23.13.21.55 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 23 Jun 2015 13:21:55 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20150623185141.GA20677@LK-Perkele-VII>
Date: Tue, 23 Jun 2015 23:21:53 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <79998D45-BF29-4261-968A-185931187DE2@gmail.com>
References: <FD8B7C3F-C3DD-4367-B84D-26B9907F1B9D@ieca.com> <3FCBCBD5-9295-4A8D-BD27-71377B6B8E7C@gmail.com> <20150623185141.GA20677@LK-Perkele-VII>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/hK1tCjzKyQdkpi7_hCboBG-cMkw>
Cc: IETF TLS Working Group <tls@ietf.org>
Subject: Re: [TLS] WG adoption + early code point assignment: draft-mavrogiannopoulos-chacha-tls
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 20:22:09 -0000

> On Jun 23, 2015, at 9:51 PM, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>; wrote:
> 
> On Wed, May 20, 2015 at 12:51:40AM +0300, Yoav Nir wrote:
> 
>> 2) I question the need for TLS_DHE_ ciphersuites, and I seriously doubt
>> anybody’s going to use those with ChaCha20 “in the wild”.
> 
> Can you expand on that (I found that comment strange)? The possiblities
> that come to mind are:
> 
> a) That was a typo for TLS_RSA_ (which isn't FS)
> b) Actually both TLS_DHE_ and TLS_RSA_, since whatever considers
>   supporting Chacha20 supports ECDHE already (or it just does pure-PSK),
>   and that's superrior to both.
> c) Something else.

No, I actually meant DHE. DHE is hardly used. Any cryptographic library new enough to support ChaCha20 will also support ECDHE, which is faster than DHE and does not have the baggage of interoperability with legacy implementations that only support 1024 bits.

I thought that we should just deprecate DHE and not even do the negotiated-ff-dhe draft. The group thought differently, but pairing this legacy key exchange with a new cipher looks strange to me. 

Yoav