Re: [TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3
Nikos Mavrogiannopoulos <nmav@redhat.com> Mon, 05 May 2014 07:28 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF2D21A027E for <tls@ietfa.amsl.com>; Mon, 5 May 2014 00:28:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.553
X-Spam-Level:
X-Spam-Status: No, score=-7.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Zy0s3jsoD7R for <tls@ietfa.amsl.com>; Mon, 5 May 2014 00:28:34 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC581A0019 for <tls@ietf.org>; Mon, 5 May 2014 00:28:34 -0700 (PDT)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s457SQpg028759 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 5 May 2014 03:28:26 -0400
Received: from [10.34.2.127] (dhcp-2-127.brq.redhat.com [10.34.2.127]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s457SNhu006039 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 5 May 2014 03:28:25 -0400
Message-ID: <1399274903.2312.6.camel@dhcp-2-127.brq.redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 05 May 2014 09:28:23 +0200
In-Reply-To: <CABcZeBOb-ym7+TrRmfasuyJJ6BVNbQB96jqqBOGZr+YPG-NBWA@mail.gmail.com>
References: <AD51D38F-2CFE-4277-854D-C0E56292A336@cisco.com> <277ABA2E-FA8C-4927-9522-06E8907C28EB@cisco.com> <CABcZeBOb-ym7+TrRmfasuyJJ6BVNbQB96jqqBOGZr+YPG-NBWA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/hw56ad8QncJZ0TToC7sb3wx2xZ8
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 07:28:35 -0000
On Sat, 2014-05-03 at 16:31 -0700, Eric Rescorla wrote: > The following pull request is intended to execute this change: > > https://github.com/tlswg/tls13-spec/pull/37 > I'll merge it in on Tuesday. Please let me know before then if > this seems substantially wrong. As usual, minor editorial issues > can be done by pull requests. Shouldn't such a change depend on a fix to the compatibility issues present in the DHE ciphersuites? Otherwise it just makes ECDHE the only key exchange in TLS that can be made compatible with random peers. Elliptic curves are good, but it would be nice to have non-ECC key exchanges as well. regards, Nikos
- [TLS] Confirming Consensus on removing RSA key Tr… Joseph Salowey (jsalowey)
- [TLS] On axing DHE (was: Re: Confirming Consensus… Rene Struik
- Re: [TLS] Confirming Consensus on removing RSA ke… Trevor Perrin
- Re: [TLS] Confirming Consensus on removing RSA ke… Martin Rex
- Re: [TLS] Confirming Consensus on removing RSA ke… Watson Ladd
- Re: [TLS] Confirming Consensus on removing RSA ke… Santosh Chokhani
- Re: [TLS] Confirming Consensus on removing RSA ke… Martin Rex
- Re: [TLS] Confirming Consensus on removing RSA ke… Hanno Böck
- Re: [TLS] Confirming Consensus on removing RSA ke… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on removing RSA ke… Jack Lloyd
- Re: [TLS] Confirming Consensus on removing RSA ke… Alyssa Rowan
- Re: [TLS] Confirming Consensus on removing RSA ke… Paul Bakker
- Re: [TLS] Confirming Consensus on removing RSA ke… Alyssa Rowan
- Re: [TLS] Confirming Consensus on removing RSA ke… Hanno Böck
- Re: [TLS] Confirming Consensus on removing RSA ke… Johannes Merkle
- Re: [TLS] Confirming Consensus on removing RSA ke… Paul Bakker
- Re: [TLS] Confirming Consensus on removing RSA ke… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on removing RSA ke… Salz, Rich
- Re: [TLS] Confirming Consensus on removing RSA ke… Watson Ladd
- Re: [TLS] Confirming Consensus on removing RSA ke… Salz, Rich
- Re: [TLS] Confirming Consensus on removing RSA ke… Andy Lutomirski
- Re: [TLS] Confirming Consensus on removing RSA ke… Marsh Ray
- Re: [TLS] Confirming Consensus on removing RSA ke… Daniel Kahn Gillmor
- Re: [TLS] Confirming Consensus on removing RSA ke… Daniel Kahn Gillmor
- [TLS] Negotiated Discrete Log DHE revision [was: … Daniel Kahn Gillmor
- Re: [TLS] Negotiated Discrete Log DHE revision [w… Michael D'Errico
- Re: [TLS] Negotiated Discrete Log DHE revision Michael D'Errico
- Re: [TLS] Negotiated Discrete Log DHE revision Henrick Hellström
- Re: [TLS] Negotiated Discrete Log DHE revision [w… Daniel Kahn Gillmor
- Re: [TLS] Negotiated Discrete Log DHE revision Daniel Kahn Gillmor
- Re: [TLS] Negotiated Discrete Log DHE revision Samuel Neves
- Re: [TLS] Negotiated Discrete Log DHE revision Watson Ladd
- Re: [TLS] Negotiated Discrete Log DHE revision Samuel Neves
- Re: [TLS] Negotiated Discrete Log DHE revision Liz meeks
- Re: [TLS] Negotiated Discrete Log DHE revision [w… Fedor Brunner
- Re: [TLS] Negotiated Discrete Log DHE revision [w… Fedor Brunner
- Re: [TLS] Confirming Consensus on removing RSA ke… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on removing RSA ke… Martin Rex
- Re: [TLS] Confirming Consensus on removing RSA ke… Eric Rescorla
- Re: [TLS] Confirming Consensus on removing RSA ke… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on removing RSA ke… Kurt Roeckx
- Re: [TLS] Confirming Consensus on removing RSA ke… Daniel Kahn Gillmor
- Re: [TLS] Confirming Consensus on removing RSA ke… Eric Rescorla
- Re: [TLS] Confirming Consensus on removing RSA ke… Kurt Roeckx
- Re: [TLS] Confirming Consensus on removing RSA ke… Eric Rescorla
- Re: [TLS] Confirming Consensus on removing RSA ke… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on removing RSA ke… Viktor Dukhovni
- Re: [TLS] Confirming Consensus on removing RSA ke… Watson Ladd
- Re: [TLS] Confirming Consensus on removing RSA ke… Nikos Mavrogiannopoulos