IETF Logo Mail Archive

Re: [TLS] Deprecating more (DSA?) (was Re: Deprecating RC4 (was: draft-ietf-tls-encrypt-then-mac))

Hanno Böck <hanno@hboeck.de> Tue, 15 April 2014 14:03 UTC

Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E47601A0701 for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 07:03:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.898
X-Spam-Level: *
X-Spam-Status: No, score=1.898 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c5Y7MMRsVsGk for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 07:03:39 -0700 (PDT)
Received: from zucker.schokokeks.org (zucker.schokokeks.org [178.63.68.96]) by ietfa.amsl.com (Postfix) with ESMTP id D41D21A069F for <tls@ietf.org>; Tue, 15 Apr 2014 07:03:38 -0700 (PDT)
Received: from localhost (91-66-81-2-dynip.superkabel.de [::ffff:91.66.81.2]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 128bits, AES128-GCM-SHA256) by zucker.schokokeks.org with ESMTPSA; Tue, 15 Apr 2014 16:03:35 +0200 id 0000000000020007.00000000534D3C37.00007681
Date: Tue, 15 Apr 2014 16:03:27 +0200
From: Hanno Böck <hanno@hboeck.de>
To: Yoav Nir <ynir.ietf@gmail.com>
Message-ID: <20140415160327.7dd88945@hboeck.de>
In-Reply-To: <500CA3F0-86D2-4C60-8762-4481C1400479@gmail.com>
References: <CABcZeBOvxL7Zws0UNowViBWGaVBgfm3zXt8=dNPKffGfN3q2gA@mail.gmail.com> <20140415153435.7f82b3a0@hboeck.de> <500CA3F0-86D2-4C60-8762-4481C1400479@gmail.com>
X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.23; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-30337-1397570615-0001-2"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/sFO1UCKaFjRkumoVaLBpDnMVYC8
Cc: tls@ietf.org
Subject: Re: [TLS] Deprecating more (DSA?) (was Re: Deprecating RC4 (was: draft-ietf-tls-encrypt-then-mac))
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 14:03:43 -0000

On Tue, 15 Apr 2014 16:55:51 +0300
Yoav Nir <ynir.ietf@gmail.com> wrote:

> I’m not against deprecating DSA, but there is actually nothing wrong
> with DSA. Use it with 2048-bit keys and you should be fine modulo
> implementation bugs.
> 
> If you have a bad PRNG, you need to fix the PRNG, because it will
> bite you some other way.

My opinion on that is that we should have multiple lines of defense.
Sure, if the RNG is bad we should fix it. But we all know good RNGs is
a nontrivial problem. So while fixing RNGs is a priority, we also should
have algorithms that don't completely break so badly that they spit out
the public key if the RNG fails.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42

v2.23.0 | Report a Bug | By Email