IETF Logo Mail Archive

Re: [TLS] (crypto agility may benefit from private extensions) Re: Additional changes for draft-ietf-tls-iana-registry-updates

Rene Struik <rstruik.ext@gmail.com> Tue, 20 March 2018 17:06 UTC

Return-Path: <rstruik.ext@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D96E1270AC for <tls@ietfa.amsl.com>; Tue, 20 Mar 2018 10:06:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNi3jEo2Jlhs for <tls@ietfa.amsl.com>; Tue, 20 Mar 2018 10:06:48 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A104126DCA for <tls@ietf.org>; Tue, 20 Mar 2018 10:06:48 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id h21so4852930wmd.1 for <tls@ietf.org>; Tue, 20 Mar 2018 10:06:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=gYec1TfDDG0L41FU5hKoCXEN8cHqa5vz7Vf48xhvXKo=; b=g/WtuFN4wqNbA6DRYV/LddUrqVknfKDmhKboDCgHC+xjWLlLvt09Cmjbagnuk5BhUn wOeLHj93JpFjGogXvBrxU1lvJrv3pW9VwWNEglLkKMKH1+BkgVkNaYrgZlwGMVVRGd0N R3PeRRMb+/XAnsrvIcyRU9Dccj1k1BfHumDIoB8BAQXe09MeOPhL5RugetB6IFF1Fo/d Nx6jm+BqcDPEwzztnYt/RSzPaRQw91bAU4wDQtexMEH9i6p1h/5udVq6L04zeh0poRcG GvQwGJfySIaHjjNTgBNwEzDmIQ0CK9CXvh34Gexf8S21z1CoJetrE3ex45vi5abo1LKr KNFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=gYec1TfDDG0L41FU5hKoCXEN8cHqa5vz7Vf48xhvXKo=; b=VDMSXWaVo4gBXq6DZKTx+7AOBn+J3vYmYWfjLlZ0lAMIEXMsm9bQKqJGA6xdVoLpxt 8s3DlMpHWfW6arOzHYx6s7Fom5SVNEb5nnxiCLJbgWdQuORLNgibgunfIM/WOKecOItA ZUODFm/K6aS3mxGaVqeySZx0jXerL/7qVrfPnOkQsmcz4Bh6F051ym52RpgedP47CGTQ tzDTd7D7/8lTz/5Gfihvu1tsgFtYAcKyutPBFSQxgaAMiYbTYaPS3rfsppa39hGul5KT c9Mq4TqagpMr4TnWmSUPmKXkF4zE6oKHpjXlGwVNT9Lgrd3bSV68D2BCkqrJ7SCq7B7H WMSQ==
X-Gm-Message-State: AElRT7H/o5I9s9JLEmB9gUbMcjciIQUlE/CZKe7iVEx1xYLOa3sdQMOl RxWUudLUumEQhfeOOdVToZi9nA==
X-Google-Smtp-Source: AG47ELtDNHkvIr8Soh7tjT2/ryvX5BM+BDWopvZuUwmkjRY0EtFpUeioSlfAw/JdEIMzkJ5zpFnsyA==
X-Received: by 10.80.147.165 with SMTP id o34mr18334650eda.14.1521565606499; Tue, 20 Mar 2018 10:06:46 -0700 (PDT)
Received: from [10.62.162.185] (nat184.lu.usi.ch. [195.176.178.184]) by smtp.gmail.com with ESMTPSA id v9sm2130270edi.16.2018.03.20.10.06.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Mar 2018 10:06:45 -0700 (PDT)
To: Eric Rescorla <ekr@rtfm.com>
Cc: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <505FCF83-C92E-4A90-83BF-4B2C4796EBE6@sn3rd.com> <dc28999a-b476-474f-a12b-d5170df76dec@gmail.com> <CABcZeBOW9rJUqcx9NBnE9iy_xp14K_i=CN2LVrGe1cUwNCkv4Q@mail.gmail.com>
From: Rene Struik <rstruik.ext@gmail.com>
Message-ID: <11a2dfc4-71b8-ec2d-f0cb-9b11615f7114@gmail.com>
Date: Tue, 20 Mar 2018 13:06:43 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBOW9rJUqcx9NBnE9iy_xp14K_i=CN2LVrGe1cUwNCkv4Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------776D60F7B3DB9159F7FE2649"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/o40z9JQKN60R91XOaixmUtl6LuA>
Subject: Re: [TLS] (crypto agility may benefit from private extensions) Re: Additional changes for draft-ietf-tls-iana-registry-updates
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 17:06:51 -0000

Hi Eric:

I may have an incorrect impression about the code points, but, let us
say, one finds out an attack on one of the TLS1.3 algorithms and wishes
to swap the algorithm set for a new one (that is clearly specified, say,
"RS-Alg-X"). How does one do this if one marks 224-255 as deprecated.
How does one signal private use of "RS-Alg-X" now. If you could tell me,
please let me know, so that I feel more at ease with this. {This should
not be something where reliability is impossible to achieve).

Thanks!

Rene

> One further point brought out in discussions with Adam was that if
we’re really closing the HashAlgorithm and SignatureAlgorithms registry
we need to also mark 224-255 as deprecated.  Currently these are marked
as Reserved for Private Use.  So the question is should we mark 224-255
as deprecated in these two registries?

On 3/20/2018 10:54 AM, Eric Rescorla wrote:
>
>
> On Tue, Mar 20, 2018 at 2:51 PM, Rene Struik <rstruik.ext@gmail.com
> <mailto:rstruik.ext@gmail.com>> wrote:
>
>     Hi Sean:
>
>     Quick question: does "closing the registry" not contradict
>     catering towards crypto agility? What happens if, say, one wishes
>     to add another signature scheme, besides Ed25519, to the mix. If
>     there is no private field, does this mean that, e.g., Schnorr+BSI
>     Brainpool256r1 is now ruled out?
>
>
> No. Private just means "we're not going to allocate these code points,
> so you should use them without coordination".
>
> The key point here is that this is a big space and so we're instead
> going to make it easy for people to reserve code points by writing a
> stable spec, that need not be an IETF standard, and that's what they
> should do.
>
>
> -Ekr
>  
>
>
>     My more serious concern is, however, that if the Private Use case
>     is "verboten", there is no chance for people to signal private
>     extensions (since IETF will just have killed this off).
>
>     I do not think it is prudent to have a slow process in place (IETF
>     standardization) to effectuate crypto agility, if private use can
>     already do this without waiting for 3-year public discussions and
>     heated debate (if a weakness is discovered, dark forces will
>     exploit this right away and won't wait for IETF to catch up to
>     exploit an issue).
>
>     As case in point, suppose US Gov't wants to roll its own "Suite A"
>     scheme, or if one wants to use TLS with something tailored towards
>     the sensor world (which operates in quite a hostile environment
>     for implementation security), how is one going to do this in
>     context of TLS if the signaling required has just been removed?
>
>     NOTE: this is not an invite for endless discussions on the
>     legitimacy of whoever may wish a private extensions (it is private
>     after all), it does question though the wisdom of removing the
>     option for using this. If Zulu hour arrives, one should have tools
>     to act...
>
>     Best regards, Rene
>
>     On 3/16/2018 10:01 AM, Sean Turner wrote:
>     > During Adam Roach’s AD review of draft-ietf-tls-tls13, he noted
>     something about the HashAlgorithm and that made me go look at what
>     was said in draft-ietf-tls-iana-registry-updates.  Turns out that
>     4492bis assigned some values draft-ietf-tls-iana-registry-updates
>     was marking as reserved.  I have fixed that up in:
>     >
>     https://github.com/tlswg/draft-ietf-tls-iana-registry-updates/pull/65
>     <https://github.com/tlswg/draft-ietf-tls-iana-registry-updates/pull/65>
>     >
>     > One further point brought out in discussions with Adam was that
>     if we’re really closing the HashAlgorithm and SignatureAlgorithms
>     registry we need to also mark 224-255 as deprecated.  Currently
>     these are marked as Reserved for Private Use.  So the question is
>     should we mark 224-255 as deprecated in these two registries?
>     >
>     > spt
>     > _______________________________________________
>     > TLS mailing list
>     > TLS@ietf.org <mailto:TLS@ietf.org>
>     > https://www.ietf.org/mailman/listinfo/tls
>     <https://www.ietf.org/mailman/listinfo/tls>
>
>
>     --
>     email: rstruik.ext@gmail.com <mailto:rstruik.ext@gmail.com> |
>     Skype: rstruik
>     cell: +1 (647) 867-5658 <tel:%2B1%20%28647%29%20867-5658> | US: +1
>     (415) 690-7363 <tel:%2B1%20%28415%29%20690-7363>
>
>     _______________________________________________
>     TLS mailing list
>     TLS@ietf.org <mailto:TLS@ietf.org>
>     https://www.ietf.org/mailman/listinfo/tls
>     <https://www.ietf.org/mailman/listinfo/tls>
>
>

-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363

v2.23.0 | Report a Bug | By Email