Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re: Confirming Consensus on removing RSA key Transport from TLS 1.3)
Rob Stradling <rob.stradling@comodo.com> Mon, 31 March 2014 10:36 UTC
Return-Path: <rob.stradling@comodo.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 099731A0698 for <tls@ietfa.amsl.com>; Mon, 31 Mar 2014 03:36:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.29
X-Spam-Level:
X-Spam-Status: No, score=-1.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_NET=0.611, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RtyJXkgeLoJ3 for <tls@ietfa.amsl.com>; Mon, 31 Mar 2014 03:36:02 -0700 (PDT)
Received: from ian.brad.office.comodo.net (eth5.brad-fw.brad.office.ccanet.co.uk [178.255.87.226]) by ietfa.amsl.com (Postfix) with ESMTP id C1C251A0678 for <tls@ietf.org>; Mon, 31 Mar 2014 03:36:01 -0700 (PDT)
Received: (qmail 12493 invoked by uid 1000); 31 Mar 2014 10:35:57 -0000
Received: from nigel.brad.office.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Mon, 31 Mar 2014 11:35:57 +0100
Message-ID: <5339450D.3060306@comodo.com>
Date: Mon, 31 Mar 2014 11:35:57 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Andrei Popov <Andrei.Popov@microsoft.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Marsh Ray <maray@microsoft.com>, Martin Thomson <martin.thomson@gmail.com>
References: <CABkgnnX=KM4YVf1+znp_HS+Pu6DSw64q1adDC4EOPqRLuTDZKQ@mail.gmail.com> <31dba3a928d145c6835d4bbcfa603354@BY2PR03MB074.namprd03.prod.outlook.com> <5335785F.2070104@fifthhorseman.net> <368f5b8e9f9b49d1b8b1e2600a1b8a49@BL2PR03MB419.namprd03.prod.outlook.com>
In-Reply-To: <368f5b8e9f9b49d1b8b1e2600a1b8a49@BL2PR03MB419.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/k6TANPZGvXR4mrGPaQPLY5cyjXI
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re: Confirming Consensus on removing RSA key Transport from TLS 1.3)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Mar 2014 10:36:05 -0000
On 28/03/14 19:03, Andrei Popov wrote: >> did SChannel ever support classic DHE with RSA authentication? > > "Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update spring 2014" adds a couple of DHE_RSA cipher suites: > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Andrei, may we therefore assume that "Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update spring 2014" will also add these 2 ciphers... TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256 ? (Marsh wrote "Historically we have opted to provide ECDHE *in place of* classic DHE". I'm trying to figure out if this is still your approach, or if you're now doing the opposite!) Thanks. > Without this update, schannel supports DHE_DSS (admittedly, not the most widely used auth). > > Cheers, > > Andrei > > -----Original Message----- > From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Daniel Kahn Gillmor > Sent: Friday, March 28, 2014 6:26 AM > To: Marsh Ray; Martin Thomson > Cc: tls@ietf.org > Subject: Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re: Confirming Consensus on removing RSA key Transport from TLS 1.3) > > On 03/27/2014 08:17 PM, Marsh Ray wrote: >> From: Martin Thomson [mailto:martin.thomson@gmail.com] >>> >>> On 27 March 2014 16:55, Marsh Ray <maray@microsoft.com> wrote: >>>> From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Alyssa Rowan >>>>> >>>>> Show of hands: who *really* wants to deploy 2048-bit (or above) DHE, when they could have curve25519 instead? >>>> >>>> The general consensus at Microsoft is that we like ECDHE much better than the classic DHE. >>> >>> I think that this is the general trend, but is it so bad that you would want to prohibit DHE? >> >> Historically we have opted to provide ECDHE *in place of* classic DHE. > > did SChannel ever support classic DHE with RSA authentication? > > http://msdn.microsoft.com/en-us/library/windows/desktop/aa380512%28v=vs.85%29.aspx > > suggests that XP and win2003 (which, afaict, were what immediately preceded vista) does not have DHE. So it looks like ECDHE was just added, but "classic DHE" wasn't in SChannel in the first place, which doesn't sound like ECDHE is "in place of" DHE to me. > > or am i misreading the documentation? > > --dkg > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online Office Tel: +44.(0)1274.730505 Office Fax: +44.(0)1274.730909 www.comodo.com COMODO CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by COMODO for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software.
- [TLS] Nuking DHE in favour of ECDHE (Was: Re: Con… Martin Thomson
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Watson Ladd
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Marsh Ray
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Henrick Hellström
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Karthikeyan Bhargavan
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Daniel Kahn Gillmor
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Eric Rescorla
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Watson Ladd
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Andrei Popov
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Paul Hoffman
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Peter Gutmann
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Rob Stradling
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Andrei Popov
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Andrei Popov