Re: [TLS] Require deterministic ECDSA

Filippo Valsorda <ml@filippo.io> Sun, 24 January 2016 17:19 UTC

Return-Path: <ml@filippo.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E1321A1F70 for <tls@ietfa.amsl.com>; Sun, 24 Jan 2016 09:19:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.078
X-Spam-Level:
X-Spam-Status: No, score=-2.078 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7CdHkSb-JuI5 for <tls@ietfa.amsl.com>; Sun, 24 Jan 2016 09:19:17 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F8A21A1EF7 for <tls@ietf.org>; Sun, 24 Jan 2016 09:19:17 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id E357720275 for <tls@ietf.org>; Sun, 24 Jan 2016 12:19:16 -0500 (EST)
Received: from frontend2 ([10.202.2.161]) by compute1.internal (MEProxy); Sun, 24 Jan 2016 12:19:16 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=filippo.io; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=oogGE TEaDOYE6v1kZ7H8lS7BkxU=; b=PRGxo262ksF/W1gTBnwF4wiDQn7EnhKoLGe9I hEDMdgb082ZtQIWqDK6ub/aTsj3YHZWJe4Pwcaa6T4xOIc79IK98dPP8/gnvC1tS XD8Kct+w0FMDaWYEAdPgicfLUqKSWHeuzJPKRYtq7NK28j4Y9SBDICu0HY/JoZRD OQeL2k=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=oogGETEaDOYE6v1kZ7H8lS7BkxU=; b=Q5PYt dF1E48rR6Uk/YC17kOxX27y7XFt7WGDseh3bw2gLtMuQn6tBpB1F2b5xDR7dbmpw 6HhI2oY0d5jxYyys7PNM5sRhmLdjGC40+w5J2uzoUQ4b1+nXJNNGgAB0XRtU9+R2 bdHPiyq28srdl9WQXGoky8XndSEU70LduLwXrQ=
X-Sasl-enc: lag0bt+c/uXGWGBsw0rbuun8KmauxYn46yI3Ttoj31ek 1453655956
Received: from mail-yk0-f174.google.com (mail-yk0-f174.google.com [209.85.160.174]) by mail.messagingengine.com (Postfix) with ESMTPA id 9D923680147 for <tls@ietf.org>; Sun, 24 Jan 2016 12:19:16 -0500 (EST)
Received: by mail-yk0-f174.google.com with SMTP id u68so9234070ykd.2 for <tls@ietf.org>; Sun, 24 Jan 2016 09:19:16 -0800 (PST)
X-Gm-Message-State: AG10YORc4Qlzj60GxYu+k/ByQ+21Wcd1PFBLHQdZYljIKJTmj55dAy5xS0WI1Lt2aCspBE0B4LI+wWVYvY0tFg==
MIME-Version: 1.0
X-Received: by 10.37.87.65 with SMTP id l62mr6592124ybb.113.1453655956427; Sun, 24 Jan 2016 09:19:16 -0800 (PST)
Received: by 10.37.223.87 with HTTP; Sun, 24 Jan 2016 09:19:16 -0800 (PST)
In-Reply-To: <CACaGAp=-xJZN=L3av+DX_WQcki_k=L-_tc5dZnJNtM=M0W8MnQ@mail.gmail.com>
References: <CACaGAp=-xJZN=L3av+DX_WQcki_k=L-_tc5dZnJNtM=M0W8MnQ@mail.gmail.com>
Date: Sun, 24 Jan 2016 17:19:16 +0000
X-Gmail-Original-Message-ID: <CAEWiuK_iLp_+rcQsrOh2bzgsshN3vshiJCuEP79B+oTk2gJVZA@mail.gmail.com>
Message-ID: <CAEWiuK_iLp_+rcQsrOh2bzgsshN3vshiJCuEP79B+oTk2gJVZA@mail.gmail.com>
From: Filippo Valsorda <ml@filippo.io>
To: Joseph Birr-Pixton <jpixton@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/uyWrs6iMmHLCmZHukRHd_9WDuhk>
Cc: tls@ietf.org
Subject: Re: [TLS] Require deterministic ECDSA
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 17:19:19 -0000

Strong support for this. TLS will be deployed with broken
implementations and on broken systems. Anything the spec can do to
limit or prevent damage is more than appropriate.

However, agreed that a SHOULD makes more sense, to avoid having
discussions about OpenSSL not being compliant because of a different
PRF.

I've always been puzzled by pure-random ECDSA deployments anyway.

On Sat, Jan 23, 2016 at 7:13 PM, Joseph Birr-Pixton <jpixton@gmail.com> wrote:
> Hi,
>
> I'd like to propose that TLS1.3 mandates RFC6979 deterministic ECDSA.
>
> For discussion, here's a pull request with possible language:
>
> https://github.com/tlswg/tls13-spec/pull/406
>
> Cheers,
> Joe
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls