Re: [TLS] Ala Carte Cipher suites - was: DSA should die

Brian Smith <brian@briansmith.org> Tue, 14 April 2015 00:50 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5418B1B2BA9 for <tls@ietfa.amsl.com>; Mon, 13 Apr 2015 17:50:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tbu1JPSWRSqR for <tls@ietfa.amsl.com>; Mon, 13 Apr 2015 17:50:03 -0700 (PDT)
Received: from mail-vn0-f51.google.com (mail-vn0-f51.google.com [209.85.216.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5505D1B2BA8 for <tls@ietf.org>; Mon, 13 Apr 2015 17:50:03 -0700 (PDT)
Received: by vnbg62 with SMTP id g62so25683021vnb.7 for <tls@ietf.org>; Mon, 13 Apr 2015 17:50:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=7/X1fj4dNjHphWTtw6F1+IR6OeGJ3AQTIyU2tTi/lHg=; b=DvMUtdQzPyqYO+Zk+BpEEWXiy0cm9kDEbxkh53iIAFXUQNBGSEoN0VyGnqZtySpxZ4 w8up4JtczIeQvqBvV0MOwa0+z3u1/E7ERkZ6equTrt1xGhacZYRKtM9mmVVaRS7pzh9u FO2YRvw2b0BSr04Qhz3SYt6S9v7tE0AGgqvJR8c0pp4IbfJSMoaxeEQUTVgnu5k9+Fa2 yQZjNbC+xtL0cMMQOB376XArD+3x7jRbS3T4WcVvtNZCbf0yNMnOHQOb2S14+HU2507l t9Bxlh4NrmVpgAK27GVBIYliB4BcvfowK1GIGxAAET6ycEm6oD7QdsxRZDCB6PgqlUAq +2/w==
X-Gm-Message-State: ALoCoQmEB83fbD71VB+TivrWPpNjkugzU2NDcR+xWV1LZ9pRtJZDjI9pRGJzEkqYIMMb6Keb/gOD
MIME-Version: 1.0
X-Received: by 10.202.91.11 with SMTP id p11mr9393849oib.125.1428972602489; Mon, 13 Apr 2015 17:50:02 -0700 (PDT)
Received: by 10.76.20.146 with HTTP; Mon, 13 Apr 2015 17:50:02 -0700 (PDT)
In-Reply-To: <CAFewVt6reXUOZ+dg6Hvy72XisJLQkGb-TSgL4YSbfRVxoa8NPQ@mail.gmail.com>
References: <CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com> <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com> <201504021257.09955.davemgarrett@gmail.com> <CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com> <551DE914.4010804@nthpermutation.com> <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com> <CABkgnnXoBmSfoK5Ht5x7jqf3zGB-mDntcVRMVzKgr2wfsixgNg@mail.gmail.com> <m2r3rnzqfi.fsf@localhost.localdomain> <AAC2BF7D-C528-42A0-8BAD-74CA451DAEBE@gmail.com> <m2mw2bzkkk.fsf@localhost.localdomain> <20150414003658.GB17637@mournblade.imrryr.org> <CAFewVt6reXUOZ+dg6Hvy72XisJLQkGb-TSgL4YSbfRVxoa8NPQ@mail.gmail.com>
Date: Mon, 13 Apr 2015 14:50:02 -1000
Message-ID: <CAFewVt4tPdETojcsfd=fEi+GOE_+q8Vj2DWREnt8E-gVfJuSuQ@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/iSp9IraxJaCPU39FI8Qzssj1evk>
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2015 00:50:05 -0000

Brian Smith <brian@briansmith.org> wrote:
> One example: Firefox intentionally enabled
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 without enable the the TLS_RSA_*
> or TLS_DHE_* variants, partly to encourage people to move away from
> TLS_DHE and especially TLS_RSA key exchange, and partly because of
> security concerns regarding TLS_DHE and TLS_RSA key exchange.

Also, some servers received an update that enabled only the TLS_DHE_*
and TLS_RSA_* variants of those AES-GCM cipher suites, but that update
was broken so that handshakes that used those cipher suites would
fail. So, being able to have TLS_DHE_* and TLS_RSA_* variants of the
AES-GCM cipher suites disabled while the TLS_ECDHE_* cipher suites
stayed enabled has had interoperability benefits. (There is a patch
available that fixes the bug in those servers, but even months later
not all the servers have applied the patch.)

Cheers,
Brian