Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 01 June 2015 17:28 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 526751B2F70 for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 10:28:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lHz6Brb1gFRg for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 10:28:49 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id DD33F1B2F6C for <tls@ietf.org>; Mon, 1 Jun 2015 10:28:48 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 10322F984; Mon, 1 Jun 2015 13:28:44 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 052BC1FF76; Mon, 1 Jun 2015 13:28:23 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Aaron Zauner <azet@azet.org>, Eric Rescorla <ekr@rtfm.com>
In-Reply-To: <556C51FC.807@azet.org>
References: <556C4ACD.9040002@azet.org> <CABcZeBNsYmto4F-J0mFoxcq-qfL=NJrvDu67fyY9bpBmRp16mQ@mail.gmail.com> <556C51FC.807@azet.org>
User-Agent: Notmuch/0.20 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Mon, 01 Jun 2015 13:28:22 -0400
Message-ID: <87pp5fe3t5.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ix4HaPW2FjitlbIJnzIphbOVPU4>
Cc: Phillip Rogaway <rogaway@cs.ucdavis.edu>, TLS Mailing List <tls@ietf.org>, Charanjit Jutla <csjutla@us.ibm.com>
Subject: Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 17:28:50 -0000

On Mon 2015-06-01 08:37:16 -0400, Aaron Zauner wrote:
> Firstly, as far as I know it's also quite difficult to get ECDSA
> certificates in the wild. Has this changed significantly over the past
> couple of months?

I've heard this claim in the past, but i'm not sure what it is based on.
AFAICT, there are several public CAs who are happy to issue ECDSA
certificates if you ask them for them.

In November 2014, i managed to get one from Comodo (or a Comodo
reseller, i can't keep all the "imprints" and "branding" straight) and
it took about 20 minutes from start to finish.

Can you describe how you have tried to get an ECDSA cert, and how those
attempts failed?

             --dkg