Re: [TLS] Consensus Call on MTI Algorithms

Rick Andrews <Rick_Andrews@symantec.com> Thu, 02 April 2015 18:05 UTC

Return-Path: <Rick_Andrews@symantec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F0E31A005B for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 11:05:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybyhqeS9HTte for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 11:05:27 -0700 (PDT)
Received: from tus1smtoutpex01.symantec.com (tus1smtoutpex01.symantec.com [216.10.195.241]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EBA61B2DA5 for <tls@ietf.org>; Thu, 2 Apr 2015 11:05:19 -0700 (PDT)
X-AuditID: d80ac3f1-f797f6d0000019aa-4c-551d84dee7f5
Received: from ecl1mtahubpin01.ges.symantec.com (ecl1mtahubpin01.ges.symantec.com [10.48.69.201]) by tus1smtoutpex01.symantec.com (Symantec Brightmail Gateway out) with SMTP id CB.EC.06570.ED48D155; Thu, 2 Apr 2015 19:05:19 +0100 (BST)
Received: from [155.64.220.138] (helo=TUS1XCHHUBPIN02.SYMC.SYMANTEC.COM) by ecl1mtahubpin01.ges.symantec.com with esmtp (Exim 4.76) (envelope-from <Rick_Andrews@symantec.com>) id 1YdjUT-0000mI-V7 for tls@ietf.org; Thu, 02 Apr 2015 18:05:18 +0000
Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([155.64.220.146]) by TUS1XCHHUBPIN02.SYMC.SYMANTEC.COM ([155.64.220.138]) with mapi; Thu, 2 Apr 2015 11:05:17 -0700
From: Rick Andrews <Rick_Andrews@symantec.com>
To: "tls@ietf.org" <tls@ietf.org>
Date: Thu, 2 Apr 2015 11:05:16 -0700
Thread-Topic: [TLS] Consensus Call on MTI Algorithms
Thread-Index: AdBtby03R0f6JGcQTFi+g3z0XixxLw==
Message-ID: <544B0DD62A64C1448B2DA253C01141460BD6B99FAA@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrLLMWRmVeSWpSXmKPExsXCZeB6Uvd+i2yoQauhxafzXYwOjB5Llvxk CmCM4rJJSc3JLEst0rdL4Mq49+cZc8ER5opNvxcyNzC+Yepi5OSQEDCRuHfiKpQtJnHh3nq2 LkYuDiGBd4wSu/ZNYIZw/jJK3D16mxHCWcko8XL9LbAWNgE9iS2Pr7CD2CICihI7rnaD2SwC KhL7V5wAGsXBISxgLHG8NwaiBGjbhBlQ5XoSn7/tZwWxeQWiJBp3T2UGsRmBrvh+ag3YeGYB cYlbT+ZDXScgsWTPeWYIW1Ti5eN/rBD1ohJ32tczQtTrSCzY/YkNwtaWWLbwNTPEfEGJkzOf sExgFJmFZOwsJC2zkLTMQtKygJFlFaNMSWmxYXFuSX5pSUFqhYGhXnFlbiIwCpL1kvNzNzEC I+EG1+GPOxiP7nU8xCjAwajEw/u1UjZUiDWxDKjyEKMEB7OSCK97M1CINyWxsiq1KD++qDQn tfgQozQHi5I477tO0VAhgfTEktTs1NSC1CKYLBMHp1QDo/rZ3W875j+e3KJn3hZ3Q774W323 Xr1Yzbz1VvsCAn6xl/zdle/o1FnIGXPreGmPnNBKn8/28y+fknc+vzho/S8ZnY1hZ6+qpMRs EJVs35Fify00XPNJRfYCJq93L1K0ddcdFf/eMv/YqbnVnfYzMxbEHpkcPLmH96m09oLsjdnv I9VNnR+8VmIpzkg01GIuKk4EAGS2an2AAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/u66nsamHOLqW9fKugQd3DKETf8w>
Subject: Re: [TLS] Consensus Call on MTI Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 18:05:29 -0000

>> Also, just wondering: is ECDSA popular enough today to be a MUST?

> All of the certificates used by CloudFlare's "Universal SSL" are ECDSA certificates issued by Comodo.

Symantec has been offering ECDSA certs for years. I believe most of the major CAs offer them. Allowed curves are spelled out in the CA/Browser Forum Baseline Requirements doc (https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf, Appendix A).

-Rick