Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]

Michael Hamburg <> Mon, 01 June 2015 18:33 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 3A3A01B30E8 for <>; Mon, 1 Jun 2015 11:33:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 2.955
X-Spam-Level: **
X-Spam-Status: No, score=2.955 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id n_YCeeKqZBXD for <>; Mon, 1 Jun 2015 11:33:47 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CF46A1B30D3 for <>; Mon, 1 Jun 2015 11:33:43 -0700 (PDT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id 89908F211E; Mon, 1 Jun 2015 11:31:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=sldo; t=1433183523; bh=Xk1kfa8M/IYOZ9h0Zx+p/pE1gPFwqX3+YCBp4NOhcCA=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=DfxJTWSMZjmUhuFmHD1NlVCmQhVnHFOSQ24jG59ndyGL6NsiHYXGyS5RklgBPg/xI ZF0ky9FxZiIVOUFbGjizv220ERAGgXD4wbyAIyXEQijl29A7occkBEZZo5dEcobqs5 qBPaAnGU88wD47cNcuzzHd6NaXYJ9S5FpUN5qNQ8=
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2100\))
From: Michael Hamburg <>
In-Reply-To: <>
Date: Mon, 1 Jun 2015 11:33:16 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <>
To: Daniel Kahn Gillmor <>
X-Mailer: Apple Mail (2.2100)
Archived-At: <>
Cc: Phillip Rogaway <>, TLS Mailing List <>, Charanjit Jutla <>
Subject: Re: [TLS] AES-OCB in TLS [New Version Notification for draft-zauner-tls-aes-ocb-03.txt]
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 01 Jun 2015 18:33:48 -0000

> On Jun 1, 2015, at 10:28 AM, Daniel Kahn Gillmor <> wrote:
> On Mon 2015-06-01 08:37:16 -0400, Aaron Zauner wrote:
>> Firstly, as far as I know it's also quite difficult to get ECDSA
>> certificates in the wild. Has this changed significantly over the past
>> couple of months?
> I've heard this claim in the past, but i'm not sure what it is based on.
> AFAICT, there are several public CAs who are happy to issue ECDSA
> certificates if you ask them for them.
> In November 2014, i managed to get one from Comodo (or a Comodo
> reseller, i can't keep all the "imprints" and "branding" straight) and
> it took about 20 minutes from start to finish.
> Can you describe how you have tried to get an ECDSA cert, and how those
> attempts failed?
>             --dkg

I tried to get one from Comodo about a year ago.  It wasn’t advertised on their website but I asked one of their tech support folks.  They said that it was an experimental feature for business customers only, and would cost me something like $600.  I don’t remember if that was a 1-year or 3-year cert.

I looked at Verisign’s catalog as well, and it was labeled as an enterprise feature with an even higher price tag.  Low thousands I think.  I asked the guys at BaySec and they said that this was the shape of the market at that time.

I also looked at StartSSL.  They are free, but only offer RSA certs.  I mostly wanted ECDSA for performance on a super slow home server, and I figured $600 in hardware upgrades would go a lot further than $600 in certs.

Anyway you can get ECDSA certs relatively easily, but not cheaply; or at least, that’s how it was a year ago.

— Mike