Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

Yaron Sheffer <yaronf.ietf@gmail.com> Wed, 23 November 2016 16:01 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88622129534 for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 08:01:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j0YzPETt-fXG for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 08:01:56 -0800 (PST)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF6F71295F0 for <tls@ietf.org>; Wed, 23 Nov 2016 08:01:51 -0800 (PST)
Received: by mail-wm0-x234.google.com with SMTP id t79so30074615wmt.0 for <tls@ietf.org>; Wed, 23 Nov 2016 08:01:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=frb1XO8vqc7MTDmcEAe7Prp6ncZYXQDHtEPwD4UelAg=; b=q6PbHv5H5FWWjrQue4FK2laDtIf3fiV5HaBNc9z2flYABJJdoliNQMXl3UulSjuo27 rRJ3FLXfZJQEU8DN1ml9j1wLLvRW9l9z3iB8E9HvtIqPVbBiO4J/1ipZLgEgTwodPNt9 XAZQ3u6una+5YiVGUP4u8qJe75fG/crim3Z7f0zM13vH+q54PE6QfvhebiPlcm7VW3L5 kYhyRjRS8deMUHYPJqtt5NkgpZmy50qmrDGijIOTEBVGe5vKYU6On+D0I2no6izqpScY v2UUNH3Evm1Yj5J1bsqFhyp8hvS3Ar5S6AHk0oEpmHLiTSA5wm0PNJZq4X3+AtzIh1LB 9piQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=frb1XO8vqc7MTDmcEAe7Prp6ncZYXQDHtEPwD4UelAg=; b=fdugOsevoNLGp+PATvU0Y7Eq/PKws8nY7eC+ubo83qfeHShEXdo98ohD6pfc/Ngi7q /5/gAXZyg+SUe73dewxieRsbNgYo/zdnOda605PJs/EZwgSDciyMubo6bKKtM8GFPS2N Ay/IZH6nnoKzapg/IxP325TT8dQGHE+dVO+ESPG6PPUr0gFJHSQfdy7NoBS6VfxX6sMD BOORCA+w0+9I9nrOos1kjeon3XADQHMVTEcY4uIJNcomf38uoEADzN9p8AvzhC3E0dUL 8NhnxPExUSBRzzzy6SdBG/QuPRXyn9eyMAcOYuk5zudIaCMHrrQw+DDTJ6Jl6xPdVKSL gfug==
X-Gm-Message-State: AKaTC01CY4WB9vwbEJHZrENWQ/97VhYX9QZQlo1j6merntiqxaTtyCMx1zX+slCrdqLMtA==
X-Received: by 10.28.48.145 with SMTP id w139mr8230514wmw.113.1479916910400; Wed, 23 Nov 2016 08:01:50 -0800 (PST)
Received: from [172.18.133.122] (cowboy.intuit.com. [65.204.229.11]) by smtp.gmail.com with ESMTPSA id t84sm3465359wmt.7.2016.11.23.08.01.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Nov 2016 08:01:49 -0800 (PST)
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Yoav Nir <ynir.ietf@gmail.com>
References: <62B88142-2DBE-439F-AD4A-309053925794@sn3rd.com> <7462904085cc4a94914298af81157031@usma1ex-dag1mb1.msg.corp.akamai.com> <7de8f9da-8ab1-cfc2-00ad-9c91c7694174@gmail.com> <8394bafcd99344838d878b5e8cf5b524@usma1ex-dag1mb1.msg.corp.akamai.com> <8262a7bf-6c19-0a23-9d0b-8f59344444aa@gmail.com> <D45B2AE4.55950%john.mattsson@ericsson.com> <91F6F914-17FB-4543-B916-F1829267B168@gmail.com> <20161123155047.GA30446@LK-Perkele-V2.elisa-laajakaista.fi>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <c8d3e054-af3c-8741-8684-0c16ea1fb48c@gmail.com>
Date: Wed, 23 Nov 2016 18:01:44 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <20161123155047.GA30446@LK-Perkele-V2.elisa-laajakaista.fi>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/skraqxhVIc8US_-QcnCAoNBe2bQ>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2016 16:01:57 -0000

>>
>> I’m not even sure what my position is on this. Specifying the use of a
>> context here goes against the recommendation in the CFRG draft:
>>
>>       Contexts SHOULD NOT be used opportunistically, as that kind of use
>>       is very error-prone.  If contexts are used, one SHOULD require all
>>       signature schemes available for use in that purpose support
>>       contexts.
>>
>> If someone knows why this recommendation was made, that would be great.
>
> Basically, then those other methods would be a weak point for attack.
>

But we are trying to migrate away from the old methods, into the new 
methods. The fewer servers use the old methods, the better off we are, 
right? So we expect the attack surface to gradually be reduced over the 
coming years.

>
>
> Then there's the serious deployment problems with contexts, as those
> don't fit into any standard notion of signature various libraries have.
>

These are new algorithms that are still not widely deployed. The fact 
that several open source libraries (still) don't support a certain 
function parameter is not a very strong reason not to require it.

Thanks,
	Yaron