IETF Logo Mail Archive

Re: [TLS] Call for consensus to remove anonymous DH

Nikos Mavrogiannopoulos <nmav@redhat.com> Wed, 16 September 2015 08:37 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B6E11B38EC for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 01:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jkRJwlZAgaTz for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 01:37:50 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1C371B38EB for <tls@ietf.org>; Wed, 16 Sep 2015 01:37:50 -0700 (PDT)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (Postfix) with ESMTPS id 6C30A2EB; Wed, 16 Sep 2015 08:37:50 +0000 (UTC)
Received: from dhcp-10-40-3-77.brq.redhat.com (dhcp-10-40-3-77.brq.redhat.com [10.40.3.77]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t8G8bmpY004330 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Wed, 16 Sep 2015 04:37:49 -0400
Message-ID: <1442392668.3326.22.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Joseph Salowey <joe@salowey.net>, "tls@ietf.org" <tls@ietf.org>
Date: Wed, 16 Sep 2015 10:37:48 +0200
In-Reply-To: <CAOgPGoBT9C=pWebXShqxhbOsnqK+OZe=-n-SvZ_pH-dAtRaWXQ@mail.gmail.com>
References: <CAOgPGoBT9C=pWebXShqxhbOsnqK+OZe=-n-SvZ_pH-dAtRaWXQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/xQ72MzMFN_KHYdCC5gQZw2Q2GfY>
Subject: Re: [TLS] Call for consensus to remove anonymous DH
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 08:37:52 -0000

On Tue, 2015-09-15 at 18:00 -0700, Joseph Salowey wrote:
> There has been some discussion to remove anonymous DH as described inhttps://www.ietf.org/mail-archive/web/tls/current/msg17481.html. ; I think ekr's message sums up the pros and cons well.  I don't think we have consensus on this issue yet.  Please respond on this message by Monday, September 21, if you have an opinion.  

If that implies that anonymous ECDH ciphersuites are removed too, I'm
all for it.

regards,
Nikos

v2.23.0 | Report a Bug | By Email