IETF Logo Mail Archive

Re: [TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3

Eric Rescorla <ekr@rtfm.com> Mon, 05 May 2014 17:24 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B04E1A03C8 for <tls@ietfa.amsl.com>; Mon, 5 May 2014 10:24:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWfgJ7ayagly for <tls@ietfa.amsl.com>; Mon, 5 May 2014 10:24:22 -0700 (PDT)
Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by ietfa.amsl.com (Postfix) with ESMTP id 0E1111A00D7 for <tls@ietf.org>; Mon, 5 May 2014 10:24:21 -0700 (PDT)
Received: by mail-wg0-f50.google.com with SMTP id x12so1653634wgg.21 for <tls@ietf.org>; Mon, 05 May 2014 10:24:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=/COPIS6+lY7cHX9kFDKNKxxPQY/lBb2W0vr9nh2/w+s=; b=K+3jMZpTc/dBo56x9zz9jZAac/dhEL9ADr2DJ/PPa7IWABUosirjI1V4Gan8bdTrSY s3WoutTdL3GZXxEdfS13HW3g3EQ1k8RaXXLBN0R5HtE59csi+RFxVlIa9N6e6y1PBTRH sln318Mcw4Vqx34ZM+ajhdD12WtCwaGEp+vrAU+yvr2Q56XJDoraEe3dutk7pj4xp7m3 YLTYGzIjqFi+v+boYpwLFvqslkjENu6FsqDExCYapAhBhHVB2wAygCRp/5eKkA8lKG2T 2iB2X7JJiAcUZRD3vaJQj1ZaSyf5tC/NdnYQ/FVXbfuQJCP3otLGnX00l6k/DAxCrfeP sA4w==
X-Gm-Message-State: ALoCoQnZb6xN9T8pLdUVQh+AAzuQqJZEs1dWG/PxhobvVWm9y5KlMk0p3JuankCtAJJ2RagUoH/q
X-Received: by 10.194.109.68 with SMTP id hq4mr9540642wjb.21.1399310658101; Mon, 05 May 2014 10:24:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Mon, 5 May 2014 10:23:37 -0700 (PDT)
X-Originating-IP: [63.245.221.34]
In-Reply-To: <20140505170029.GA24821@roeckx.be>
References: <AD51D38F-2CFE-4277-854D-C0E56292A336@cisco.com> <277ABA2E-FA8C-4927-9522-06E8907C28EB@cisco.com> <CABcZeBOb-ym7+TrRmfasuyJJ6BVNbQB96jqqBOGZr+YPG-NBWA@mail.gmail.com> <1399274903.2312.6.camel@dhcp-2-127.brq.redhat.com> <20140505170029.GA24821@roeckx.be>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 05 May 2014 10:23:37 -0700
Message-ID: <CABcZeBO_Yg+2UyvvDt7ah0gH7RFadAVt64M1ui1ok0+zNyg=iw@mail.gmail.com>
To: Kurt Roeckx <kurt@roeckx.be>
Content-Type: multipart/alternative; boundary="e89a8ff1cdb4b4fb3c04f8aa6619"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/xW0xVI1wCPB2_tr7a9AnwE4xWEs
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 17:24:24 -0000

You're probably thinking of:
http://tools.ietf.org/html/draft-gillmor-tls-negotiated-dl-dhe-02

This seems like a reasonable kind of thing for the WG to
consider, but my impression was that the WG consensus
was to remove static RSA unconditionally. Certainly, it would
be reasonable to argue that we should address this issue prior
to final publication, however.

-Ekr



On Mon, May 5, 2014 at 10:00 AM, Kurt Roeckx <kurt@roeckx.be> wrote:

> On Mon, May 05, 2014 at 09:28:23AM +0200, Nikos Mavrogiannopoulos wrote:
> > On Sat, 2014-05-03 at 16:31 -0700, Eric Rescorla wrote:
> > > The following pull request is intended to execute this change:
> > >
> > > https://github.com/tlswg/tls13-spec/pull/37
> > > I'll merge it in on Tuesday. Please let me know before then if
> > > this seems substantially wrong. As usual, minor editorial issues
> > > can be done by pull requests.
> >
> > Shouldn't such a change depend on a fix to the compatibility issues
> > present in the DHE ciphersuites? Otherwise it just makes ECDHE the only
> > key exchange in TLS that can be made compatible with random peers.
> >
> > Elliptic curves are good, but it would be nice to have non-ECC key
> > exchanges as well.
>
> I was under the impression that there was also a proposal to use
> known DHE primes so that there is no requirment to verify them.
>
> I'm not sure this is written down somewhere, but I think that we
> only want to use things where the verification is very simple.
>
>
> Kurt
>
>

v2.23.0 | Report a Bug | By Email