IETF Logo Mail Archive

Re: [TLS] DSS with other than SHA-1 algorithms

Martin Rex <mrex@sap.com> Wed, 11 May 2011 03:08 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A1CFE06E3 for <tls@ietfa.amsl.com>; Tue, 10 May 2011 20:08:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.65
X-Spam-Level:
X-Spam-Status: No, score=-7.65 tagged_above=-999 required=5 tests=[HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vxb689IYIaDW for <tls@ietfa.amsl.com>; Tue, 10 May 2011 20:08:49 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 45B62E065D for <tls@ietf.org>; Tue, 10 May 2011 20:08:49 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id p4B38d8E007246 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 11 May 2011 05:08:39 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201105110308.p4B38de3019432@fs4113.wdf.sap.corp>
To: pgut001@cs.auckland.ac.nz
Date: Wed, 11 May 2011 05:08:39 +0200
In-Reply-To: <E1QJR0o-0003ui-Tx@login01.fos.auckland.ac.nz> from "Peter Gutmann" at May 10, 11 02:00:38 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2011 03:08:50 -0000

Peter Gutmann wrote:
> 
> "Implemented in the client" != "used" though.  The only hard data that we have
> at the moment, the SSL Observatory, indicates:
> 
> Number of deployed DSA TLS servers with certs chaining to a trusted root: 25
> Number "  " ECC  "  "  ": Zero
> Number "  " RSA  "  "  ": Millions

I believe the EFF slides give a figure of 1.3 million RSA certs issued
under a well-known commercial Root.

There are probably a number of reasons why we are seeing very
few (if any) ECDSA certs issued by commercial CAs.  EC algorithms are
still patent encumbered, and the licensing scheme by the patent holder
was a pay-per-issued-certificate targetting commercial CAs.

The other issue is that there still is an awfully large installed
base which doesn't support such certs--so as long as RSA is still
considered secure, why bother with EC certificates?

There seems to be a preference for ECDSA at NIST.  But there also
was a preference for DSA at NIST, including a bias for the
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA cipher suite in TLSv1.0
that was completely ignored by the marketplace.


At the time when the not-EC-capable TLS implementations in the
installed base have died off, the current EC-patent issues will
also have evaporated...  :)


-Martin

v2.23.0 | Report a Bug | By Email