Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re: Confirming Consensus on removing RSA key Transport from TLS 1.3)
Marsh Ray <maray@microsoft.com> Fri, 28 March 2014 00:17 UTC
Return-Path: <maray@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1665D1A03F8 for <tls@ietfa.amsl.com>; Thu, 27 Mar 2014 17:17:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ME9p8oBaMOBX for <tls@ietfa.amsl.com>; Thu, 27 Mar 2014 17:17:32 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0238.outbound.protection.outlook.com [207.46.163.238]) by ietfa.amsl.com (Postfix) with ESMTP id 776771A01C6 for <tls@ietf.org>; Thu, 27 Mar 2014 17:17:32 -0700 (PDT)
Received: from BY2PR03MB074.namprd03.prod.outlook.com (10.255.241.154) by BY2PR03MB075.namprd03.prod.outlook.com (10.255.241.155) with Microsoft SMTP Server (TLS) id 15.0.898.11; Fri, 28 Mar 2014 00:17:28 +0000
Received: from BY2PR03MB074.namprd03.prod.outlook.com ([169.254.12.88]) by BY2PR03MB074.namprd03.prod.outlook.com ([169.254.12.88]) with mapi id 15.00.0898.005; Fri, 28 Mar 2014 00:17:28 +0000
From: Marsh Ray <maray@microsoft.com>
To: Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: Nuking DHE in favour of ECDHE (Was: Re: [TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3)
Thread-Index: AQHPShk73DyPcAvUSkSszEOeD742dJr1nl7A
Date: Fri, 28 Mar 2014 00:17:27 +0000
Message-ID: <31dba3a928d145c6835d4bbcfa603354@BY2PR03MB074.namprd03.prod.outlook.com>
References: <CABkgnnX=KM4YVf1+znp_HS+Pu6DSw64q1adDC4EOPqRLuTDZKQ@mail.gmail.com>
In-Reply-To: <CABkgnnX=KM4YVf1+znp_HS+Pu6DSw64q1adDC4EOPqRLuTDZKQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ee31::2]
x-forefront-prvs: 01644DCF4A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(51704005)(51444003)(189002)(199002)(24454002)(81342001)(79102001)(63696002)(15202345003)(46102001)(54356001)(74316001)(74366001)(76796001)(81542001)(77096001)(76786001)(92566001)(76576001)(87936001)(69226001)(2656002)(15975445006)(80022001)(93136001)(65816001)(77982001)(59766001)(56776001)(76482001)(83072002)(85852003)(53806001)(56816005)(90146001)(20776003)(54316002)(98676001)(87266001)(95416001)(81816001)(31966008)(85306002)(93516002)(4396001)(83322001)(47976001)(47736001)(50986001)(49866001)(80976001)(19580395003)(81686001)(19580405001)(74706001)(86362001)(94946001)(51856001)(47446002)(74662001)(86612001)(74502001)(33646001)(97186001)(74876001)(95666003)(97336001)(94316002)(24736002)(3826001); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB075; H:BY2PR03MB074.namprd03.prod.outlook.com; FPR:98BFC10D.E16A391.2DCEBFB3.4A038D4D.20245; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: microsoft.com does not designate permitted sender hosts)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/lniVplc2rf8kduO3R5SJsM1XpWg
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re: Confirming Consensus on removing RSA key Transport from TLS 1.3)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 00:17:35 -0000
From: Martin Thomson [mailto:martin.thomson@gmail.com] > > On 27 March 2014 16:55, Marsh Ray <maray@microsoft.com> wrote: > > From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Alyssa Rowan > >> > >> Show of hands: who *really* wants to deploy 2048-bit (or above) DHE, when they could have curve25519 instead? > > > > The general consensus at Microsoft is that we like ECDHE much better than the classic DHE. > > I think that this is the general trend, but is it so bad that you would want to prohibit DHE? Historically we have opted to provide ECDHE *in place of* classic DHE. - Marsh http://msdn.microsoft.com/en-us/library/windows/desktop/ff468651(v=vs.85).aspx vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv Schannel Cipher Suites in Windows Vista TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 The following cipher suites are supported by Schannel; however, they are not present by default. They must be added as necessary. For information about how to add cipher suites to the Schannel provider, see Prioritizing Schannel Cipher Suites. TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA SSL_CK_RC4_128_EXPORT40_MD5 SSL_CK_DES_64_CBC_WITH_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- [TLS] Nuking DHE in favour of ECDHE (Was: Re: Con… Martin Thomson
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Watson Ladd
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Marsh Ray
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Henrick Hellström
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Karthikeyan Bhargavan
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Daniel Kahn Gillmor
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Eric Rescorla
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Watson Ladd
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Andrei Popov
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Paul Hoffman
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Peter Gutmann
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Rob Stradling
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Andrei Popov
- Re: [TLS] Nuking DHE in favour of ECDHE (Was: Re:… Andrei Popov