Re: [TLS] New cipher suites for SRP

Dave Garrett <davemgarrett@gmail.com> Sat, 27 June 2015 01:02 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AE291B2D85 for <tls@ietfa.amsl.com>; Fri, 26 Jun 2015 18:02:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJO8dR6apFZU for <tls@ietfa.amsl.com>; Fri, 26 Jun 2015 18:01:59 -0700 (PDT)
Received: from mail-yk0-x22c.google.com (mail-yk0-x22c.google.com [IPv6:2607:f8b0:4002:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 268721B2D83 for <tls@ietf.org>; Fri, 26 Jun 2015 18:01:59 -0700 (PDT)
Received: by ykdy1 with SMTP id y1so73093457ykd.2 for <tls@ietf.org>; Fri, 26 Jun 2015 18:01:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; bh=rJOGOfmEg7fwkVVF7f9GEstq19eeDwNfJzOUyHYnj8A=; b=ESDeHc6MaiQvo05x2Mx8683SjEqvKhKPQG040Ual8VfRmfZyZV5Pvjry8Sk8kLdZPE 3TSiqsfo2pxvfswMOLzRz254jV49Z5t72dvZeWMhDoi+OVQlZrpSGppw/DLkYsH+Q8Q9 F7Y+Ad8+pz3gW3To9m86efss8rLksgSHrbs+5SWwhYr6+RscHKndrdPkiSMVlPqu++6w 9ouONKN6IvvddMF/POjxZlHQFncRmzEN+C+NloRBY4y0T4267qNOURwd3H9J/l/+h8xW Ggsk8k8SyM2mCSrKJ7S2PYo5GgVv6b4av9KxuXRjRpO5uo59sY9CqtnYvqJLxKeQe6Bz Swaw==
X-Received: by 10.13.222.5 with SMTP id h5mr5462508ywe.124.1435366918571; Fri, 26 Jun 2015 18:01:58 -0700 (PDT)
Received: from dave-laptop.localnet (pool-96-245-254-195.phlapa.fios.verizon.net. [96.245.254.195]) by mx.google.com with ESMTPSA id m8sm27812528ywd.30.2015.06.26.18.01.58 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 26 Jun 2015 18:01:58 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org, "Attila Molnar" <attilamolnar@hush.com>
Date: Fri, 26 Jun 2015 21:01:56 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <20150626234801.ED7DDE04DA@smtp.hushmail.com>
In-Reply-To: <20150626234801.ED7DDE04DA@smtp.hushmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201506262101.57121.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/qbEyxE6RVk2bE9r2Fq_EQxjpyws>
Subject: Re: [TLS] New cipher suites for SRP
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jun 2015 01:02:00 -0000

On Friday, June 26, 2015 07:48:01 pm Attila Molnar wrote:
> Currently SRP cannot be used with newer crypto primitives such as ciphers in
> AEAD mode or SHA-2 due to the lack of cipher suites enabling these.
> There's only 3DES and AES-CBC with SHA-1.
> 
> Would there be support for expanding the SRP cipher suites?

I don't think it's a good idea to add new SRP cipher suites.

Instead, I think redefining SRP as an extension to PSK would make more sense. Use (EC)DHE_PSK cipher suites with an updated SRP extension to get similar capabilities. This would make updating SRP to use newer crypto much easier, as modern PSK cipher suites are easier to get standardized. The current SRP spec actually already appears to rely on PSK identity alert codes.


Dave