Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]

Michael Hamburg <> Mon, 01 June 2015 23:34 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1587B1A1BD7 for <>; Mon, 1 Jun 2015 16:34:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.555
X-Spam-Level: *
X-Spam-Status: No, score=1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VWu0jNJFcqtf for <>; Mon, 1 Jun 2015 16:34:50 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F37CD1A1BD4 for <>; Mon, 1 Jun 2015 16:34:49 -0700 (PDT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id 96EEB3A9C3; Mon, 1 Jun 2015 16:33:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=sldo; t=1433201590; bh=zXSvvvrFrdnsU4mONjRoToeuNNT4JwSyQ8NMX+tfHNI=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=kNJ+kIfYiDJjkjwPuBC+GJKCavMmpAH4oQFZJE4lDomXOluh4TG3z5pniPpFIXS0h t+V5QgKIE2tAZYl/aY5CYGl3yS+kk6qbkM7Pn9eWdF94tLuLzh3ObZParhKI0TQach EJgCQcv6I2BKHpkD5x2C2dkIkjrERJ6zlAeeEfbQ=
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2100\))
From: Michael Hamburg <>
In-Reply-To: <>
Date: Mon, 1 Jun 2015 16:34:45 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <>
To: Rob Stradling <>
X-Mailer: Apple Mail (2.2100)
Archived-At: <>
Cc: Phillip Rogaway <>, TLS Mailing List <>, Charanjit Jutla <>
Subject: Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 01 Jun 2015 23:34:51 -0000

Hi Rob,

I guess I’m misremembering my interaction with another CA as Comodo.  Sorry about that.  I don’t have a note of which CAs I tried other than Verisign and StartSSL, so I can’t check for sure.

— Mike

> On Jun 1, 2015, at 1:46 PM, Rob Stradling <> wrote:
> On 01/06/15 19:33, Michael Hamburg wrote:
> <snip>
>> I tried to get one from Comodo about a year ago.  It wasn’t advertised on their website but I asked one of their tech support folks.  They said that it was an experimental feature for business customers only, and would cost me something like $600.  I don’t remember if that was a 1-year or 3-year cert.
> Hi Mike.  It's true that we haven't made a big deal of advertising the fact that we are happy to certify EC public keys and sign using ECDSA these days.
> I'm rather puzzled by your experience with our tech support guys though.  It's never been an "experimental feature for business customers only".  And we don't set different prices for EC certs compared to RSA certs.
> If you place an order directly with Comodo, and provide a CSR containing an EC public key (secp256r1, secp384r1 or secp521r1), then the resulting cert will be signed using ECDSA.  Simple as that.  It should be equally simple if you order via a Comodo reseller, but as DKG said, YMMV.  (I'm guessing that some reseller systems might feel the need to attempt to parse the CSR...and fail because they're not ECC-ready).
>> I looked at Verisign’s catalog as well, and it was labeled as an enterprise feature with an even higher price tag.  Low thousands I think.  I asked the guys at BaySec and they said that this was the shape of the market at that time.
>> I also looked at StartSSL.  They are free, but only offer RSA certs.  I mostly wanted ECDSA for performance on a super slow home server, and I figured $600 in hardware upgrades would go a lot further than $600 in certs.
>> Anyway you can get ECDSA certs relatively easily, but not cheaply; or at least, that’s how it was a year ago.
> -- 
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online