Re: [TLS] Ala Carte Cipher suites - was: DSA should die

Brian Smith <brian@briansmith.org> Sat, 04 April 2015 00:05 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 104D71ACE04 for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 17:05:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kAPfqvtvsIIX for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 17:05:04 -0700 (PDT)
Received: from mail-ob0-f181.google.com (mail-ob0-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D8B41ACDFA for <tls@ietf.org>; Fri, 3 Apr 2015 17:05:04 -0700 (PDT)
Received: by obbfy7 with SMTP id fy7so103112251obb.2 for <tls@ietf.org>; Fri, 03 Apr 2015 17:05:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=IRVSL+sTO/ezH0jwe1+QdTQ4iYctgYZ6h2ktWnkaW4I=; b=WwCPoOFXMlO+49c+gxydk3dq5/ld8orCKOoVaeo95z/LqrPJn578kVBGOw8aUvd43g FobiVoR1uNed4d5OR3e6QQAGk35hXbNJzex6LH5o4Th2I9MjVvHK25qCZ8C4HckT1FyR 4zk8i7BzUyGR7zBiTLPY8nc+ANXNgzS7hN645FhxWxrJdfBUXMNbGbL29yMVXNlqUleo 4G7sMNZz2jGumMvuvHEoLS1zZc6gxLKHxy+WwyUHX3VwvGhrqffxe6Aa1/BYntkIXxc5 Z6xcV3ANcpsqE3D5WqUuPL+eo3u3eObE7YpHMUyfzv3tlA9T9FbS6wYr8BP1AjsCJuS3 nD0g==
X-Gm-Message-State: ALoCoQk3iMtUUEG1DUVBj1x7WE3DZkiTsUlFHZ22YR8+s+nfYPzijCRPs80ij/5e2b1un9Udo+cN
MIME-Version: 1.0
X-Received: by 10.60.82.10 with SMTP id e10mr5678532oey.85.1428105903995; Fri, 03 Apr 2015 17:05:03 -0700 (PDT)
Received: by 10.76.20.146 with HTTP; Fri, 3 Apr 2015 17:05:03 -0700 (PDT)
In-Reply-To: <551DE914.4010804@nthpermutation.com>
References: <20150401201221.163745c2@pc1.fritz.box> <CAK9dnSyKf7AY11h1i1h+SudRc-NmTZE5wC682YKhNsxnfV5ShQ@mail.gmail.com> <CAK3OfOgPbADQ1CvOs=8T7ee6f_T+bi3F6GCdBtxufQpznzYbQA@mail.gmail.com> <201504021257.09955.davemgarrett@gmail.com> <CAOgPGoDJTcLn4j90wNu=mhCZJnb2WUuAvM5TN6KOO7RdC==qHQ@mail.gmail.com> <551DE914.4010804@nthpermutation.com>
Date: Fri, 3 Apr 2015 14:05:03 -1000
Message-ID: <CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Michael StJohns <msj@nthpermutation.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/tT47_cHpz6eNp7HEauS0ggIwY6o>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2015 00:05:06 -0000

Please don't change the syntax for negotiating cipher suites. Although
it seems like a good idea to try to make things simpler conceptually
by negotiating the different components of the cipher suite
differently, it would take a lot of effort to standardize a new way of
doing things. I don't think the current mechanism is problematic
enough (at all, really) to justify that effort. Also, any new
mechanism is going to make any implementation more complicated--and
thus more more-prone--if it also has to support older versions of TLS.
Again, I don't think that extra complication is warranted.

Finally, there are a lot of reasons to avoid wasting bytes in the
ClientHello message, for improved compatibility. Having two cipher
suite negotiation mechanisms in the ClientHello, one for TLS 1.3+ and
one for earlier versions, would likely be counter to that goal.

Cheers,
Brian