Re: [TLS] Ala Carte Cipher suites - was: DSA should die

Martin Thomson <martin.thomson@gmail.com> Sat, 04 April 2015 00:40 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2DD41A88B2 for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 17:40:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sa2qbOv26f6B for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 17:40:02 -0700 (PDT)
Received: from mail-ob0-x22b.google.com (mail-ob0-x22b.google.com [IPv6:2607:f8b0:4003:c01::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 855BB1A88B0 for <tls@ietf.org>; Fri, 3 Apr 2015 17:40:02 -0700 (PDT)
Received: by obvd1 with SMTP id d1so189122617obv.0 for <tls@ietf.org>; Fri, 03 Apr 2015 17:40:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=o1BYBvuRqDAPpWR+7SR20eihh+JigMLvVgSb+Lxj4hU=; b=kEnJjk9RmeyQtfZYAtgsUp32U2pHQbReBBmKLe0I4+jgHZOTZU3Ny0H4Sw+d3LmQ9/ IdoLiaRc7tI5J4xbfiqgVN+DQcUtXRd70ZcqJ34w+VTll1vLM1lAUo1D8Hm2IYuZaY/6 P1pOqywYIDGHnFcveePTxcRLY9KCrzO4GQo0zHVPSA5bNgPYCqGDbMNEwP5Y664i3evh qkD5zJfN8YMi0EwSA27MdewIDPuFrpkvDU0u8fvCuIjw7Q+Dh+5u14T3og7WJIzRXqzV aqfZp1clbaQCL18e2P95J+FE8Xcn30TPzYjnJEIzKG9IH+x1+IR++gMaAymdSlIn9yOI XotQ==
MIME-Version: 1.0
X-Received: by 10.60.155.135 with SMTP id vw7mr5731496oeb.62.1428108002130; Fri, 03 Apr 2015 17:40:02 -0700 (PDT)
Received: by 10.202.48.151 with HTTP; Fri, 3 Apr 2015 17:40:02 -0700 (PDT)
In-Reply-To: <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com>
References: <20150401201221.163745c2@pc1.fritz.box> <CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com> <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com> <201504021257.09955.davemgarrett@gmail.com> <CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com> <551DE914.4010804@nthpermutation.com> <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com>
Date: Fri, 3 Apr 2015 17:40:02 -0700
Message-ID: <CABkgnnXoBmSfoK5Ht5x7jqf3zGB-mDntcVRMVzKgr2wfsixgNg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Brian Smith <brian@briansmith.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/t3Ei3aH0m6CVPMEv5YBFcwFXih0>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2015 00:40:04 -0000

On 3 April 2015 at 17:05, Brian Smith <brian@briansmith.org> wrote:
> I don't think the current mechanism is problematic
> enough (at all, really) to justify that effort.

I think that I've the same view.

Then you have to consider interaction problems where some
implementations have hardware for certain things, and software for
others.  Not only does that produce strong preferences for some things
over others, it also can lead to holes in support tables, making a la
carte selection tricky.

That was always the clincher for me.