Re: [TLS] Ala Carte Cipher suites - was: DSA should die
Tony Arcieri <bascule@gmail.com> Sat, 04 April 2015 00:18 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id B0DB91A87CC
for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 17:18:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id HZawHKcuPfwa for <tls@ietfa.amsl.com>;
Fri, 3 Apr 2015 17:18:55 -0700 (PDT)
Received: from mail-ob0-x22d.google.com (mail-ob0-x22d.google.com
[IPv6:2607:f8b0:4003:c01::22d])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 8F9271A87C2
for <tls@ietf.org>; Fri, 3 Apr 2015 17:18:55 -0700 (PDT)
Received: by obvd1 with SMTP id d1so188791626obv.0
for <tls@ietf.org>; Fri, 03 Apr 2015 17:18:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc:content-type;
bh=41MxmRbD/j7N0oraviT+UcWDhNYS+vX5U4/3yJd+izk=;
b=HQS0Z0ExT/S23Or0klyOv0cUjYCXyb29wq149ZURp0NS8yD+6qHU+YDd13e8zg/YzY
M4jnsBXWu7pgo5ziFuKGhX97VoMURmsfxoG7jKT6LGjiwN9Gc/R3uTcdOmDYnwNKgpn0
7Nh1r0+7pGaPpm213MnYBavJIcj48IyEM1MZfeu7x9PFwDKQ9CedmbwV1UU1nb8S7QcK
1GEiKUHO1PpzpVHLQK74Qfv3sCtAX5ifZQtK7ey7+gFlDP8uP7GfgiDjfqqB2KaBeZGd
HPIzGK7cCi5bMzO6zc/XB3N9zxtoGJvrZUrmU9cjeDSJepHkr1noeaL5NkISfdWZtwmb
U/Ag==
X-Received: by 10.60.179.227 with SMTP id dj3mr5580815oec.29.1428106735103;
Fri, 03 Apr 2015 17:18:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.166.232 with HTTP; Fri, 3 Apr 2015 17:18:34 -0700 (PDT)
In-Reply-To: <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com>
References: <20150401201221.163745c2@pc1.fritz.box>
<CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com>
<CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com>
<201504021257.09955.davemgarrett@gmail.com>
<CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com>
<551DE914.4010804@nthpermutation.com>
<CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Fri, 3 Apr 2015 17:18:34 -0700
Message-ID: <CAHOTMVLohRLPw=WwmEhqVrE91+F_nuM9Z9w0=NtzypN1J0xKoA@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Content-Type: multipart/alternative; boundary=047d7bd6b21aa5b7c10512db0286
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/rmldUMW3d9s10NEUDD_9JnPw5G0>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2015 00:18:57 -0000
On Fri, Apr 3, 2015 at 5:05 PM, Brian Smith <brian@briansmith.org> wrote: > Please don't change the syntax for negotiating cipher suites. Although > it seems like a good idea Personally I think it's a great idea, and a pretty simple one and also an incredibly needed one. In fact, this post and its ensuing discussion actually made me excited about TLS 1.3: https://mailarchive.ietf.org/arch/msg/tls/JZoIXZMRg80-tDC23kt5BL0nQaQ If you read through the suggestions, I think a new syntax could actually be backwards compatible in terms of computing the possibility matrix / combinatorial explosion of all authentication and (symmetric) encryption ciphers/ciphersuites. I think this sort of approach sorts out a lot of collusion and confusion (not in the Claude Shannon sense) which has been lingering in TLS for years.
- [TLS] DSA should die Hanno Böck
- Re: [TLS] DSA should die Aaron Zauner
- Re: [TLS] DSA should die David Benjamin
- Re: [TLS] DSA should die Stephen Checkoway
- Re: [TLS] DSA should die Tony Arcieri
- Re: [TLS] DSA should die Yoav Nir
- Re: [TLS] DSA should die Bill Frantz
- Re: [TLS] DSA should die Tom Ritter
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Stephen Farrell
- Re: [TLS] DSA should die Viktor Dukhovni
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Martin Rex
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Watson Ladd
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die CodesInChaos
- Re: [TLS] DSA should die Martin Thomson
- Re: [TLS] DSA should die Nico Williams
- Re: [TLS] DSA should die Dave Garrett
- Re: [TLS] DSA should die Ilari Liusvaara
- Re: [TLS] DSA should die Joseph Salowey
- Re: [TLS] DSA should die Kurt Roeckx
- Re: [TLS] DSA should die Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Michael StJohns
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Martin Thomson
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Tony Arcieri
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Sniffen
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Aaron Zauner
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Andrei Popov
- Re: [TLS] Negotiate only symmetric cipher via cip… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Negotiate only symmetric cipher via cip… Viktor Dukhovni
- Re: [TLS] Negotiate only symmetric cipher via cip… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Negotiate only symmetric cipher via cip… Dmitry Belyavsky
- Re: [TLS] Negotiate only symmetric cipher via cip… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Geoffrey Keating
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Brian Smith
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Daniel Kahn Gillmor
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Salz, Rich
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Viktor Dukhovni
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Dave Garrett
- Re: [TLS] Negotiate only symmetric cipher via cip… Ilari Liusvaara
- Re: [TLS] Ala Carte Cipher suites - was: DSA shou… Yoav Nir